The first and most important security measure in the Bitcoin space:
2 Factor Authentication (2FA)
2FA is a 2nd step in authenticating you, on top of the traditional username (or email) and password.
Google offers an Authenticator mobile app, that can be set up with any of the online platforms in the Bitcoin space. The way to set it up, is to find the 2FA settings in the account settings of the platform you would like to protect. It will typically be under your account details section, maybe in a subcategory for account security. You will be presented a QR code to be scanned using your “Authenticator” app.
You will also see a code that can be copy/pasted when setting up 2FA. There are multiple programs that offer 2FA, but you will need to find them for yourself on the platform you choose. There are browser plugins and computer programs available. Also, services such as “Authy” are available on multiple platforms: mobile and browser plugin.
2FA is a necessary precaution for ALL online accounts that you use to manage your bitcoin, AND more importantly, your email account itself that you use to access/communicate with these online platforms. Your email is your main point of communication for your online activity, it can/will be used in events that you need to reset your 2FA (in conjunction with other intense verification methods). If you think about this, your email is more important to lock down than your online accounts themselves, both are absolutely vital though in this “wild wild west” of an industry.
16+ character passwords
They’re hard to remember, but they’re important.
Come up with one, and use it (or portions of it) for all of your passwords across the board and never share it digitally. Write it down a few times, and keep a copy of it on a business card or something until you memorize it. Once it’s memorized, throw away all “evidence”, do not keep it around. This is a common strategy for IT professionals. Numbers, symbols, uppercase letters and lowercase letters should all be used in your password. Once you have it memorized, you will be able to easily make slight variations as you need to. Sharing your password for whatever reason will need to be reset immediately after the need to have it shared is over.
Think of acronyms, or tell a story. Pick your favorite quote and decide if you want to use spaces or not. You can also use 1337. 1337 is actually a word, and is pronounced leet.“l-ee-t”. If you look at numbers, you can see they almost look like letters of the alphabet. You can use this in your p4$$w0rd.
Never click links from emails
Or at least you should always not do it by default.
It’s very easy for a slightly experienced “hacker” to fashion an email to be extremely similar to something they know you’d be expecting. Always, Always, Always go with your gut on this when you click links from emails. Take it very seriously, if you have time to realize it was a mistake, it’s already too late. If you get an email about something going on somewhere on one of your platforms, go the platform manually and navigate to the section that needs attention.
There’s no magic in hacking. Most people actually do have a novel understanding of the digital realm. Computers talking to computers, and sometimes you call them servers because they’re not meant to be interacted with by humans, but to serve other computers.
Most “hacks” are done by fooling the user some way shape or form. Always practice extreme caution when:
- Dealing with new people/usernames
- Dealing with new “companies” (in the bitcoin space if you have a website, you’re a company)
- Clicking links provided to you from strangers
Bitcoin is a wild place. The anonymity and cash-like features make it a haven for con artists and thieves. Keeping yourself safe if your own responsibility here.