As the staying goes, not your keys, not your coins. In the “wild west” of the crypto space, there are an abundance of bad actors who are preying after your assets. Here are some quick tips to safeguard your crypto and digital assets:
- Store your assets in a cold wallet such as Ledger. Cold wallets are offline and are “air gapped”. This prevents hackers from reaching the private keys to your crypto assets
- Keep your private keys (seed phrases) offline. The simplest way is writing them on a piece of paper. Never ever document them on the cloud or take any photos of them!! To be ultra secure, keep your paper document of your seed phrase in a box and store in a secured facility. I personally use a safe deposit service service where the seedphrase is stored offline in an environment with strong physical security (e.g. armed guards, access control, CCTV surveillance)
- Instead of the usual 24-word mnemonic seedphrase, use an additional 25th word or “passphrase” to further strengthen your private key security. Hardware wallets like Ledger supports the use of passphrase as an advanced security feature
- Never EVER key your seedphrase in any websites! Only key them into your hardware wallet!
- Ensure all your online accounts such as your email and Crypto exchange accounts are secured with 2 factor authentication (2FA). Emails services like Gmail supports 2FA and it’s imperative you activate this feature. Your email account usually contains a wealth of your private information which hackers will want access to in their search for clues to reach your assets. Don’t let them!
- The gold standard for 2FA is to use hardware authenticators as they are used offline and cannot be hacked. I personally use Yubikey and they have a NFC version which can be used with NFC-supported mobile phones. Accounts like Gmail and Binance supports Yubikey. And I strongly suggest the use of hardware authentication over SMS or app-based authentication (e.g. Google Authenticator) as they are not foolproof and susceptible to being compromised
- For online accounts that do not support 2FA with hardware authentication, the next best option is to use an app-based authenticator such as Google or Microsoft Authenticator. I will recommend to invest in a mobile phone purely for such 2FA purpose and nothing else. I do not wish to use a potentially malware-infected phone that may compromise the secret codes generated by the app. You can disconnect your phone from the internet after you have your authenticator app installed. They will still work offline and I will prefer my phone to be offline to guard against hacking attempts. You can never be too sure!
- For the same reason as above, I will recommend investing in a separate computer purely to conduct your crypto transactions. In your daily surfing of websites or interaction with applications online, you never know if you may inadvertently introduce a malware into your computer. Don’t use that for your crypto work. Personally, I use an Apple Macbook as hackers tend to target Windows-based computers more often. That said, Macs CAN get hacked. But I prefer to use a device with a smaller attack surface and lower the odds of getting compromised
In a nutshell, employ a multi-layer or “defense-in-depth” approach towards protecting your crypto assets. Remember, never trust, always verify!
If you found value out of this article, please CLAP heartily, SHARE abundantly and FOLLOW me on Medium & Twitter.
