Lock it Down and Hold it Down
This post is the first in a Bitcoin for Beginners series we’ll be publishing. Even if you’ve been in the game for years though, it pays to refresh your memory and re-evaluate your security practices. The sad reality of the ultra-connected digital world we live in is that everyone’s a target: whale or minnow; celebrity or nobody. Nevertheless, there are two primary measures you can take to minimize your exposure:
Lock it down: Keep your crypto assets in a secure wallet which you possess the private keys for. That way you and you alone are responsible for what happens to your coins.
Hold it down: By all means preach the gospel of Satoshi and decentralization from the rooftops, but as we recently reiterated, keep your bitcoin holdings to yourself. Five years ago, no one would bat an eyelid at hearing you owned 100 BTC. Do that today and you risk attracting the sort of ne’er-do-wells that are lured to wealth in all its forms.
Before we delve into a few security do’s and don’ts, one thing to stress is that owning and using bitcoin should be pleasurable, not panic-inducing. Take the following advice to heart, implement it, and then sleep easy.
Choose Your Wallet
There are two primary means of storing your bitcoins and other cryptocurrencies: in a wallet which you hold the private keys to, or in an exchange which holds the keys on your behalf. Hardware wallets such as Trezor and Ledger as well as mobile apps such as Bread all fall into the former category. Provided you write down your private key and seed (a 12-word recovery phrase), your coins will be safe, even if you accidentally delete the app or break the hardware wallet.
The Trezor bitcoin hardware wallet.
Keeping your coins in a cryptocurrency exchange or a site such as Localbitcoins, on the other hand, offers convenience, especially for day traders buying and selling cryptocurrencies. This convenience comes at the price of safety however. If the exchange was to collapse or be hacked, there is a possibility you could lose your holdings. It’s happened in the past and will happen again.
Use Strong and Unique Passwords
Passwords are used in 63% of all successful cyber attacks. Deploying passwords that are guessable, or worse still recycling the same password, will significantly increase your odds of getting owned. Don’t get lazy or take shortcuts when it comes to passwords – it’s simply not worth it. If you don’t trust your ability to recall passwords, use a password manager such as LastPass.
Many cryptocurrency exchanges such as Bitfinex now force their customers to activate two-factor authentication, and for good reason. Your cryptocurrency wallet, your exchange account, your email account and anything else tied to your use of cryptocurrencies should be protected with 2FA. A word of warning though: this second form of authentication should not comprise cellphone SMS verification. Determined attackers can trick gullible customer service staff into porting a phone number over to a new handset and use it to bypass 2FA. Instead, use a method such as Google Authenticator or a 2FA hardware key to secure your accounts.
Don’t Click That Link
Phishing attacks are one of the most common ways in which accounts are compromised. Don’t click on links in emails or on social media purporting to be from wallet providers and exchanges and certainly don’t download attachments. Instead, bookmark the domain of the site to avoid the risk of clicking fake links from scammers seeking to drain your wallet and disappear into the blockchain with its contents. Studies have shown that despite being aware of the risks of clicking on suspicious email links, people routinely still do. Don’t be like most people. You’re smarter than that.
Don’t log into your bitcoin wallet using public wifi. In fact, try not to log into anything using public wifi if you can possibly help it. In doing so, you’re exposing yourself to man in the middle attacks which could expose your passwords and other personal details. In addition, when interacting in the cryptocurrency space, consider adopting a username and email address that don’t correlate with your real-world identity, and be extremely cautious about the personal information you give out to strangers on the internet.
With one millibit – or 1/1000th of a bitcoin – now worth more than $10, every wallet, no matter how slender its BTC, is a target. Keep the extent of your bitcoin holdings to yourself, separate your real world identity from your online one, and if you’re unsure don’t click that link. The bitcoin world is filled with amazing people, but like any high value commodity, it also attracts thieves, scoundrels, and scavengers. Protect your assets, up your opsec, and then kick back and enjoy the ride.