The Crypto-Trader’s Guide to Online Security

Eugene Tartakovsky
Santiment
Published in
5 min readApr 10, 2017

Your security habits are the one thing keeping your personal information safe, and are especially important if you are managing your money online. Although it may seem like a lot to set up at first, every crypto investor should take time to learn the best practices he can use to protect himself.

As a crypto trader I feel the need to secure my personal assets. As a software developer, I understand how things work and choose the right tools for the job. But I don’t want to overcomplicate things. The combination of these factors prompts me to write a simple how-to guide on how anyone can secure his assets with minimal effort.

There are four important topics to consider:

Passwords

What constitutes a password that can’t be easily broken? How can you remember all of your passwords while keeping them secure?

Two-Factor Authentication

What is it? How can help you protect yourself, and how can you avoid pitfalls using it?

Wallets

What kinds of wallets are out there? Which one is right for you? Is there one you can just use and forget about it?

Exchanges

Can you store your assets on exchanges? Are they protected enough?

Passwords

For a strong, hard-to-break password, length is key. Use passwords at least 8 characters long — the longer the better. You can use either long sentences in plain English or long randomly generated passwords:

  • The-white-fox-jumps-over-a-sleepy-cat-on-a-sunny-day
  • oDbaEGY+z}aMJwj6dKnDiA9dvXGy

Never use obvious passwords like 12344321 or myun1quepa55word. These are easy to break in minutes.

Never use the same password for different websites. This is incredibly important.

To remember your passwords, use a password manager. While not 100% issue-free, they beat everything else in terms of security/convenience ratio.

Rule of thumb

  • Use 1Password’s paid subscription for Families or any other password manager you like.
  • Use 28+ symbol randomly generated passwords with letters, numbers and special symbols, e.g.: jMkcuRZigztVyK}7dYPG?HJ8KcGz
  • Use 16+ characters long easy-to-remember and easy-to-type master password for entering 1Password’s storage.
  • Remember master password and only it.

Two-Factor Authentication

Two-Factor Authentication — or 2FA — is a second layer of protection after a password.

Why would you need that? Because a password can stay the same for a long time, so it’s a good idea to have a second step if your password is ever broken or stolen.

The most optimal kind of 2FA is One-Time Password (OTP). There are others, but most are inconvenient or less safe, so if in doubt, use OTP.

OTP is a short, usually 6-digit number generated every 60 seconds by a mobile app such as Google Authenticator or Authy. You’ll enter this number as a secondary password to verify you are the owner of the account.

The catch with OTP 2FA is that to set it up, you’ll need a seed number, which is usually presented as a QR code you’ll need to scan. Be sure to save the QR code or plain seed number somewhere safe. Otherwise, when you change your phone you wouldn’t be able to access your account anymore and it would be complicated to get your access back.

In this respect, Authy has an advantage over Google Authenticator in that they backup your seeds for you, so you don’t need to do it yourself. The trade off is that you need to trust a 3rd party with one of the layers of your personal protection.

Rule of thumb

  • Use OTP 2FA for every email and financial account you have.
  • Use Authy to store seeds, synchronize them across your devices and generate OTPs.
  • Protect Authy with a password, remember it

Wallets

All of your crypto assets are stored on a blockchain and accessed via an account. A wallet is a way of storing your private keys to that account.

There are many kinds of wallets available, including:

  • Full-blown blockchain node with a wallet app running
  • Light wallet
  • Hardware wallet

A blockchain node is the most beneficial for the network, the most flexible and also the most dangerous way of managing your wallet.
Representatives: Mist, Parity, Bitcoin Core, etc.

A light wallet gives you convenience for the price of foregoing control over the node.
Representatives: Jaxx, Myetherwallet, Electrum, etc.

A hardware wallet gives you convenience and security for the price of foregoing control over the node and a little bit of money.
Representatives: Ledger Nano S, Trezor, KeepKey.

Rule of thumb

Use a hardware wallet. My personal favorite is Ledger Nano S, but both Trezor and KeepKey should work just fine.

Backing up a keyphrase

There are many ways to do this and none of them are either completely secure, or simple. My personal approach:

  • Divide your 24-word key phrase into 2 parts
  • Encrypt both of them with any encryption tool available for you, and store encryption keys in 1Password
  • Find 4 storage services which support 2FA: e.g. AWS S3, Google Drive, Dropbox, Github private repo
  • Enable 2FA on all of them, store OTP 2FA seeds in Authy
  • Put first encrypted part of the key phrase into 2 of the services, and another part into another 2 of them

With a setup like that your system will have 2 layers of protection: your 1Password master password and your password for accessing Authy. Those will be the only 2 password you’ll need to remember.

Exchanges

In crypto world, exchanges are a necessary evil. Many of them are not trustworthy. Most of them get hacked semi-regularly and money gets stolen. The rule of thumb is to never store tokens on exchanges unless you absolutely need them for trading (e.g. you have a short term stop loss orders in place).

Conclusion

Passwords

  • Use 1Password or any other password manager you like.
  • Use 28+ symbol randomly generated passwords with letters, numbers and special symbols, e.g.: jMkcuRZigztVyK}7dYPG?HJ8KcGz
  • Use 16+ characters long easy-to-remember and easy-to-type master password for entering 1Password’s storage.
  • Remember master password and only it.

2FA

  • Use OTP 2FA for every email and financial account you have.
  • Use Authy to store seeds, synchronize them across your devices and generate OTPs.
  • Protect Authy with a password, remember it

Wallets

  • Use hardware wallet.
  • Secure it’s 24-word key phrase, e.g. by dividing it in two parts, encrypting them and storing them in cloud services behind 2FA

Exchanges

  • Never store money on exchanges unless absolutely necessary for a trade. Take them away as soon as you can.

By following these rules you’ll be able to protect yourself better than most participants in the markets. That will give you enough time to figure out what personal protection rules suit you best.

If you found the article useful, please share it with your fellow traders.

The Santiment team and I want you to have secure crypto-future.

If you’d like to get information on Santiment before it’s news, then join our mailing list.

If you have any questions or need help — feel free to join our Slack and ask us directly. We are here to help.

About Me: I’m Eugene, mobile app developer, software engineer, and crypto-trader. I’m with Santiment to build the future of data-feeds for the crypto-markets!

--

--

Eugene Tartakovsky
Santiment

Quantitative Trader / Financial Machine Learning Specialist