If you’re serious when it comes to trading and investing in cryptocurrencies, keep security at the forefront of your mind, before you even think of starting to invest. Avoid falling into the trap that many do of buying your coins before ensuring your computer, network and physical security is as strong as it can be. We’ve all heard stories of hacks, people losing their cryptocurrency due to malware, phishing or even getting abducted for their private keys.
Security isn’t a matter to take lightly, I strongly recommend you prioritise it accordingly before investing into anything financial on your computer. Most of us believe “it won’t happen to me”, realistically this can be a naïve and ultimately costly way of looking at your investments. No one will guard your money better than you, so take this seriously and protect yourself.
Adopt a layered approach. This is where you have security in place on your computer, your network and your physical location. In this article, I’ll cover the basics before moving onto some more physical actions to consider.
Here’s what can be done to improve your security:
- Device: Use a separate laptop/machine for cryptocurrencies only. A laptop that is offline most of the time, where legitimate websites are bookmarked and wallets are downloaded and installed onto. Avoid general internet browsing on this laptop. Avoid installing and playing games on this laptop too. The fewer sites you browse, the less likely you are to be exposed to a malicious page that installs software onto your machine. Think of this laptop as your sacred money making machine. It is only to be used for trading and investing and nothing else.
- Incognito mode: When you are logging into exchanges or online wallets, always do this using the private or incognito modes of your browsers. With these options, your browsing history, cookies and any passwords or data you enter into fields will not be saved. It will also close your sessions when the browser is closed. This is extremely important. There have been multiple occasions where hackers have been able to keep a browser session open and log back into exchanges without any authentication required and empty them out.
If there’s only one thing you take away from this article, it is that you should use the private or incognito modes of your browsers.
- Use two-factor authentication (2FA) on all cryptocurrency accounts and exchanges. If you don’t, readily accessible software can figure out your username and passwords easily and quickly. By adding 2FA, which can consist of cards, fobs and apps on your phone as well as text messages to your phone (which is less secure), you increase your login security by adding another layer of login authentication. 2FA is typically used by generating a random number, usually 6 digits, that is changed every 30 seconds. Once you’ve entered your username and password, you’ll have to enter the 2FA code for that website before you can gain access. Popular 2FA apps are Google Authenticator and Authy. I prefer Authy as it can be synced across multiple devices, has more security to log into the app and you can customise the names of the sites you save the 2FA keys for.
- Email: Speaking of 2FA, is your email account 2FA enabled? No? Then do it now. That way if your email is accessed from an IP address that is not recognised as a ‘regular’ login IP address, you will be asked to enter a 2FA code too. This is extremely important as a hacker’s trick is to gain access to your email once they have logged into your account on an exchange and disable all your security and verification options. After that it’s a free-for-all for them. Enabling 2FA on your email account is another important layer of security to protect your from the pain of losing your cryptocurrencies.
Remember the slight inconvenience to you for each layer of security is worth it to put the hackers off in search of easier prey.
- Separate email: For the extra security conscious, an encrypted and separate email account can be used per exchange. Proton Mail, based in Switzerland, is a good email account provider option. If one of your exchanges does get compromised, the hacker doesn’t automatically gain access to your other exchanges.
- Passwords: Having a unique password for every account you have, no matter what the service, is imperative. Length is more important than complexity. Avoid things such as your mother’s maiden name, your first pet or your partner’s name, they’re too easy to crack. Your password should consist of numbers, letters and special characters that are memorable to you but not part of your interests. So if you love sports, the gym and eating healthy, don’t use a password related to that. A good password in that case would be something like this: !l0veTHeCake$h0p. Password tools such as LastPass and 1Password can also be used to enter passwords without you remembering them. You can also use features in these apps that will create passwords for you so you do not have to even think of passwords.
- Private keys for wallets: Where possible these should be generated offline and stored in a separate text file per password onto an encrypted USB key (use a very strong password for this key). This is true whether they are paper wallets or hot (online) wallets. The ideal situation is a randomly generated password written down on a piece of paper (with nothing underneath the paper when writing it) and then stored somewhere safe such as in a fireproof and waterproof bag in a safety deposit box or hidden with someone you really trust. For more ideas, think “what would I do if I was paranoid?” Remember to protect your cryptocurrencies from a flood or fire as well as from hacks.
- Install a security/virus scanner on your machine and schedule it to run a full scan at least once a week. Malware Bytes and Sophos are two popular ones that use the cloud to update the software and then scan your machine for threats. Do this weekly without fail. It is one of the easiest ways to see if your machine is infected with anything nasty. Cybereason is a relatively new product on the market that uses AI to ‘honeypot’ dummy folders on your machine that are primed to be infected first. It can then find infected files and locate the source more efficiently. Great for peace of mind.
- Virtual Private Networks (VPNs): Remaining anonymous is crucial when trading and accessing exchanges. This avoids alerting your internet provider to the fact that you’re investing/trading in cryptocurrencies. By using a VPN tool, you effectively create a tunnel between you and the internet that only you can access (as well as the VPN provider) and it ‘masks’ what you are browsing to any outsiders. It won’t stop you getting hacked on its own, but is a good way of remaining anonymous and keeping your browsing history private.
- Do not sync your bookmarks, usernames and passwords across devices. Despite being a very popular feature available across all browsers, it’s a gaping security hole. Turn this feature off on the machine you are using for your cryptocurrencies. Otherwise, if a hacker does manage to get access to your machine, a quick log into their own browser with your login details, and boom, your bookmarks and login details are readily accessed. 2FA would help here, but if you have an ‘open’ session, your synced cookies could be used to bypass this and gain access to your account on all your exchanges. This is another reason to browse in private or incognito mode. The consequences of failing to do so are very scary indeed.
Hackers are lazy, and tend to go after the low hanging fruit. The more challenging you make it for someone to breach your machine or access your exchanges, the more likely hackers will just move onto an easier target. If someone really has a vendetta against you, they could go to any means to target you. Nothing is 100% secure online, even air gapped laptops these days, but if you do the best you can to protect yourself online, it’ll certainly help.
The second article on security will cover:
- Storage of crypto coins
- Wifi networks
- Personal security
Stay safe out there.