A Cybersecurity Checklist for New Crypto Users

The first thing to cosider when you start your crypto journey is the safety of your investments and holdings. We’ve put together a safety checklist with basic precautions you should follow during your journey.

Passwords and 2FA

We’ll start with the obvious — you are less likely to be exploited if your account are secured by strong passwords and 2 factor or multifactor authentication (2FA or MFA).

There are simple rules behind strong passwords:

  • Never use the same password for different accounts — each account should have its own unique password.
  • The minimum length for a secure password is 10-12 characters — easily done by using long passphrases.
  • You password should have 3 different character sets (e.g. lower case, upper case and symbols) to increase its complexity.

It can be hard to remember all your passwords — especially more complicated ones — so we do recommend using password managers (like 1password, Macpass, etc). This way, you only need to remember your details for password manager — no need to memorise passwords for all your accounts.

Another important thing to remember is 2FA/MFA — use it on top of the password as an additional layer of security for the account. It is recommended to use a 2FA app that doesn’t rely on text messages for higher level of safety.

Private keys & wallets

Next one is a no-brainer — make sure you private keys are safe and secure! Never share them with third parties. As long as you are the only person who have access to your private key, your funds are safe and you can access and manage them from anywhere in the world with an internet connection and smartphone.

Some basic tips to secure your funds:

  • Use hot wallets for day-to-day transactions and cold wallets for long-term portfolio storage. 
  • Use multisignature solutions — create a group of addresses that need to sign the transaction before funds are sent anywhere. This way, even if one of your wallets/private keys is compromised, your funds are still safe behind the multisig.
  • Use risk management tools, like the one offered by Apostro, to keep track of possible vulnerabilities across DeFi applications you use. 

Scams and phishing attempts

Anyone in crypto space saw a fake website or email telling about infinite yields, airdrops and “send 1 ETH get 10 ETH in return” scams at least once (or at least 100 times). You should always stay alert:

  • Do not click on suspicious links you see on social media or in emails, double-check all the information before proceeding with any transaction — it’s easy to fall victim to human error and phishing attack;
  • Use authentic applications — instead of googling links, double-check the website and safe it in your bookmarks;
  • Never use public WiFi or connect to unknown devices. Same goes for public/unknown chargers and so on — anything that you do not own can be used to install virus or malware on your device.
  • Use malware and antivirus software to increase security of your device.