When you choose to self-custody, you must understand the importance of implementing security into the process first and foremost.
A bank has multiple layers of security in order to protect your assets. You are now your own bank. Do you have the proper operational security measures in place to help keep your assets safe?
Having a balance between convenience and security is essential. Use our recommended tips below to keep your device and data security in-check!
This article is HIGHLY RECOMMENDED if you just got a new computer. There are too many times we have witnessed people in crypto get a brand new computer and immediately compromise themselves by not employing these security measures first. Whether they immediately did a search to reinstall their wallet then clicked on a scam ad thinking it was the real thing but ended up giving away their seed phrase, or they installed malware instead of the actual software they were looking for, this article prevents these types of threats to begin with.
Properly Manage Your Passwords
Your password is the first layer of defense when it comes to your accounts. Think of all the accounts you have created since you made your first email address. Can you remember all your logins?
This is why a password manager, like BitWarden which is free and open-source, is crucial for not only security but convenience when managing strong, unique passwords for all your accounts.
On top of a strong, unique and randomly generated password is multi-factor authentication.
Most people choose the SMS or text based method for authentication, which texts you a code after you sign into an account with your password as and additional layer of security to enter your account. This is the most INSECURE method of authentication! If you are using SMS or text based authentication, or have your phone number associated with any of your accounts as a recovery method, such as with your email address or social networks, remove your phone number immediately! If someone knows your phone number they can socially engineer you or your phone provider into transferring your number into their account or providing them your code, which they then can use as the recovery method into your accounts! This is commonly known as SIM swapping, so removing your phone number as a recovery method or authentication method from your accounts eliminates this attack variable.
Instead, use a software or hardware based authentication method, such as Authy, Microsoft Authenticator, or Google Authenticator which are all free software based options, or a YubiKey which is an even stronger hardware based option. The authentication app you choose to use on your accounts will generate a random code whenever you are logging into your accounts as a second layer of security on top of your password, so in case someone knows your password they would still need this random code that only you have access to in order to get into your accounts.
Please keep in mind that when enabling software or hardware based authentication on any of your accounts be sure to save your backup codes which are provided to you when you first enable authentication. If you do not save your backup codes and you lose the device that has your authenticator on it you will not be able to use the authenticator on a new device to get into your accounts without your backup codes. Some authenticators have an option to enable cloud backup of your backup codes, but we highly advice against this as the only person that should have access to your backup codes is you, not a third party server, so be sure to disable this feature if you see it.
Block Scam Ads
Whenever you perform a searches on search engines like Google or Bing, most of the time the first results are sponsored ads. These sponsored ads typically do not lead to the correct link you are looking for, and tend to be scams or have malicious intentions.
Using an ad blocker, like uBlock Origin, helps block these scam advertisements when you perform searches. This way, you do not accidently click on the wrong link as it does not appear to begin with.
There were multiple scenarios in the crypto space where users have clicked on a sponsored ad and were taken to a website that LOOKS like Ledger or MetaMask, but it actually wasn't and they were phished into entering their seed phrase or private keys. uBlock Origin is a free open-source ad blocker available for multiple different browsers. It could have stopped those scenarios from happening in the first place. It takes seconds to install, so what are you waiting for?
Secure Your Online Identity
Your public IP address when you are home or at work rarely ever changes. Every website and app you use interfaces or may log your IP address in some way. Since you are self-identifying yourself with your public IP address you may be an easy target for threat actors.
This is why using a VPN, like Mullvad, is highly recommended. Mullvad is available for multiple devices and operating systems and is extremely cost effective when it comes to protecting your online presence at about $5/year. A VPN randomizes your IP address as you browse the Internet throughout the day so that you are not tying yourself to a single IP address when you are online.
No matter what VPN you are using you should ensure that the service has a policy for "no logging" which ensures your anonymity instead of logging your traffic which would render the point of it being a VPN useless. Also keep in mind that if you see a free VPN service it is a massive red flag; they are most likely going to be data mining or logging your traffic which is why they are offering it for free.
Use An Antivirus
When people get a new device, like a Mac or a PC, they assume it is secure out of the box. This is not true. Even Macs are susceptible to malware and keyloggers.
Malwarebytes, specifically the premium version which proactively blocks threats and automatically scans your device, is our go-to for an additional layer of security no matter what device or operating system you are using. It is very cost effective at about $20/year. There is a major difference between the premium and free versions, as the free version just allows you to run manual scans, so be sure to grab the premium version of automatic scanning and detection.
Having an antivirus could have helped prevent multiple instances we've seen in the space when people were told to test out a game, open a file, or attend an interview through a download and they were unfortunately compromised through malware or a trojan that got into their device undetected. Get Malwarebytes now.
Safeguard Your Keys
Whether its your seed phrase, private key or backup codes for your multi-factor authenticator, these types of credentials require special attention in order to secure properly given their sensitivity. If someone has access to your keys then your assets including your NFTs, tokens, and other account data may be at risk.
This is why it is crucial to understand that you should NEVER keep your seed phrase, private keys or backup codes in a digital format. This means DO NOT take a screenshot of it, text it to yourself, email it to yourself, save it in a Word file... literally DO NOT store it digitally!
Understand the difference between seed phrases, private keys and backup codes, along with the best ways to manage them OFFLINE securely in our How To Safeguard Your Keys article!
Improve Wallet Health & Protect Your Crypto
Whether it's blocking wallet drainers, keeping your wallet browser extensions up to date or understanding and mitigating the risk factors of on-chain approvals, the latest version of Wallet Guard helps you protect your crypto and improve your wallet health.
Revoke risky approvals directly in the new Security Dashboard to increase your security score. Get notified that your wallet extensions are out of date as soon as updates are released. Identify honeypots and risk factors so you know what airdropped assets to not interact with. These are just a few of the ways that Wallet Guard is automating security for your wallets.
Get the free open-source Wallet Guard browser extension and run your first security scan! LFG!
Following these tips can help you avoid scenarios we constantly see from people losing their assets and not grasping the importance of proper security hygiene until its too late.
Sharing this information and helping people you onboard understand the importance of security before they choose to self custody should be a requirement. This way we can change the sentiment of the space and have the ability to continue building instead of it being seen as a place where people get scammed.