Unbank yourself and flourish during retirement.  Subscribe Here!  >

Crypto Security Begins With You — Steps to Take to Keep Your Assets Safe

We’ve all heard the stories of people’s computers and accounts being hacked because they used a password like “password” or “12345678.”

Many of the largest leaks of personal data from businesses were due to insecure passwords.

That’s why the headline above says that crypto security begins with you. If you don’t keep your computer secure, along with all the passwords and seed phrases that go along with owning cryptocurrency, you may not own it for long.

This article covers ways to protect yourself and your digital assets.

Your Personal Behavior

It doesn’t matter how secure crypto exchanges, wallets and rewards platforms are if your personal behavior and actions aren’t secure.

Keep your information safe from snooping and probing.

Vigilance

It wasn’t long ago that a lot of people were falling for phone calls from people saying they were from the phone company or Google or your bank and needed your account details.

No one who’s a legitimate employee will ever call you and ask for your account details. Most North Americans know that now. They know to hang up or delete the email.

Criminals have switched to more “innocuous” questions, like what operating system (OS) your computer or phone uses.

It seems like a legitimate question. However, answering it can give hackers one more piece of information to help them break into your device.

Rule of thumb: Unless you initiate the conversation with your bank, phone company, etc., never give anyone any information about you, your digital devices, or your security.

One thing I do with phone calls, usually just to get my phone to stop ringing, is to answer it and not say anything.

If it’s a telemarketing robot system, it won’t start “talking” until it hears a voice. If I don’t hear anything in 2-3 seconds, I hang up and block the number.

You could take it one step further and not answer any call you don’t recognize. If you’ve added all your friends, family and regular calls into your contacts, those names will appear when they call.

Any number not in your contact list appears as a number. Don’t answer it. If they really need to reach you, they’ll call back.

Emails

Many of the emails that don’t land in your spam folder can seem legitimate. They’re from FedEx, or PayPal, or some other business we all use. However, clicking on a link could infect your computer with malware.

Or the link will take you to a bogus version of the real company’s website. “Logging in” is, in reality, giving the criminals complete access to your account. If you have money in that account, it will be gone in just a few minutes.

You can avoid those risks by not opening emails like that, unless you know that you’re expecting a package, or you know that you’re expecting to hear from PayPal (e.g., resolution of a grievance you filed against a company).

If you do open an email, before clicking on any link, hover over the email address in the From line (in webmail) or click on the From name in your mail app. You’ll see the real email address of the sender.

Examine the email address closely. If it’s from, for example, “feedex.com" or “fedexe.com" or “payepal.com,” delete it immediately. Do not click on any links in the message.

Passwords

Everything in the digital world requires a password. That includes crypto exchanges, wallets, and rewards platforms.

If you’re not creating strong passwords, your crypto security is weak. You’re putting your digital life and all the assets you can access online at risk.

I get it. Strong passwords are hard to remember, especially in our later years. There are a few options to help.

The best is to use a password manager app like LastPass or 1Password. You’ll only have to remember one strong password ever again. And you can make all the passwords stored inside the app as strong as possible.

If you use a Mac, the Keychain app, in the Utilities subfolder inside the Applications folder, acts the same way. It will even suggest strong passwords for you, which you can store with a single click.

The Keychain app works with a newer Mac’s fingerprint biometric authentication button. Rather than typing in usernames and passwords, touch the button and both autocomplete.

This protects your login credentials from keystroke logger malware, which can record everything you do with your keyboard. No keystrokes, no logged usernames and passwords.

I recommend never using biometric authentication to unlock your computer or phone. If you’re asleep, someone could unlock your phone without you knowing it.

And if government officials want access to your device, you have to comply, unlike with passwords.

U.S. courts have decided that passwords are protected by the Constitution, but your face and your fingerprint are not.

So always use a long password to log in to your computer, and at least a six-digit code to unlock your tablet or phone.

Tricks for Remembering Long Passwords

If you want to rely on your memory (which I don’t recommend), there are tricks you can use. For example, you can create a 20+ character password simply by using a string of words. Take a look at this string:

It’sabeautifulsunnydayoutside.

That’s 30 characters long. It would take a hacker millions of years to crack it. This one is even harder to crack:

It’s a beautiful, sunny day outside!

Yes, many systems now allow spaces as password characters. They make it much easier to remember incredibly strong passwords.

What if the site you’re on requires a number in your password? Replace one or two of the letters with a digit.

1t’s a beautiful, sunny day outsid3!

Never write passwords down on stickies, slips of paper, etc. and leave them on or next to your computer. There’s no point having a secure password if you’re going to leave it for anyone to see.

Your Computer and Phone Operating Systems

Humans being humans, there will always be faults and flaws in software. If those flaws are in an operating system, millions of computers can be hacked.

Apple, Microsoft and Google (Android) are quick to fix any security flaws in their OSes. However, if you don’t update your device, it’s still vulnerable to an attack.

Always keep your device updated, especially when security updates are available.

If you don’t like sitting around while updates download and install, read a book or wash the dishes or bake some cookies. The update process doesn’t need you.

I rarely upgrade to a new version of my OS, indicated by v#.0 (the 0 indicates that it’s the completely new version (an upgrade) rather than an update, which looks like v#.1, etc.).

The reason I wait a few months is that any completely new version has the most kinks and security flaws in it.

As other users complain about problems, and security researchers find flaws, the developers fix them and release a new version, or at least a security update.

So if Apple, Microsoft or Android urges you to upgrade, wait a bit. But never ignore security updates of whatever software version you’re using.

SIM Swaps on Your Phone

If someone learns enough about you, you could become the victim of a SIM swap. This happens when a criminal convinces a mobile phone carrier employee to send a new SIM card to the criminal’s address.

The criminal inserts the new SIM card into a phone and immediately has access to all the phone-based accounts you set up on your phone. Check out this series of tweets for what can happen to you and your money.

The third tweet in his series is particularly important...

So go to your phone company’s closest office and have them add to your account that you must be present in person with photo ID before you can receive a new SIM.

Specific Crypto Security Measures

Now we’ll move into what you can do to protect your crypto assets. These go above and beyond your personal and computer security practices.

Wallet Seed Phrases

If you own crypto and keep it in either a software (“hot”) wallet or a hardware (“cold”) wallet, you’ll need to record either 12 or 24 words, known as a seed phrase. And you need to record them in the correct order.

The seed phrase isn’t needed on a regular basis. It’s there in case you ever forget the wallet’s password. There’s no one to help you with the password. And no way to replace it.

Unless you restore the wallet with the 12-word or 24-word seed phrase. Then you’ll be allowed to create a new password.

The restore process also allows you to use your wallet on another computer.

Every wallet out there will advise you to write the words down on a piece of paper, and not to store them on your computer or phone.

If your device is ever lost or stolen, or someone gains access because starting and waking it don’t require a password, a criminal can access all your crypto wallets if you leave their seed phrases in digital format.

Once you’ve written out the words in the seed phrase (take note of spelling while you’re doing that), store them in a place that’s secure from thieves and from fire, flooding, and other damage.

A fire-proof safe is a good place. A box at a mail service could be another one, although it has the risk that someone there could access it.

Don’t leave it in a bank safe deposit box. If the bank is closed because of a physical or digital disruption of service, you might not have access to your seed phrase when you need it most. That includes a bank run.

And as much as North Americans in particular don’t want to believe it, your bank could freeze your assets. Canadians received a taste of that when some financial supporters of the Freedom Convoy had their bank accounts frozen in February 2022.

It’s possibly that acts like that could spread. And they could include not even letting you into the bank.

So keep your wallet seed phrases somewhere safe that’s not under a government’s thumb.

Two-Factor Authentication

Many crypto exchanges and rewards platforms require two-factor authentication (2FA). This requires installing the Google Authenticator app on your iPhone or Android phone. This app generates a new 6-digit code every 30 seconds, one for each service that you’ve linked to Authenticator.

If your exchange or rewards platform makes 2FA optional, use it anyway. It’s an added layer of security for a minor inconvenience.

Even if, like mine, your phone doesn’t have a data plan and wifi is turned off in the house, Google Authenticator still works.

So use it!

I urge you to bookmark this Google help page about Google Authenticator. It has a section about transferring all your codes to a new phone.

Confirmation Emails

Every exchange and rewards platform today uses confirmation emails for crypto security. If you want to withdraw crypto from the exchange, you’ll receive an email at the address on file.

You have to click on the link in the email to confirm the withdrawal. If, despite all the security measures you’ve taken, someone manages to access your exchange account and tries to steal your crypto, he won’t be able to.

That’s because the email will come to you. If you ever receive one of these emails, and you yourself didn’t start the withdrawal process, do not confirm the withdrawal.

And contact the exchange immediately to let them know that someone is trying to access your account.

Whitelisting Withdrawal Addresses

One protection against unauthorized withdrawals is what’s called whitelisting, or allowlisting on some platforms. You can only send crypto to an address that you’ve added to a whitelist — a list of allowed addresses.

The protection comes from the 24-hour or 7-day lock period for any change to an address. 2FA authentication is required to complete the change, for added security.

If an exchange or rewards platform doesn’t offer whitelisting, consider moving to one with better crypto security, unless you have no other option.

And if it makes whitelisting optional, use it to protect your assets!

Other Crypto Security Tools

An exchange or rewards platform may offer something I didn’t discuss above. For example, my favorite rewards platform, Celsius Network, offers “HODL mode.”

Once activated, my entire account is locked. I can’t withdraw any crypto for 24 hours.

I can’t even add a whitelisted address, which will then take another 24 hours before I can withdraw.

And deactivating HODL mode requires a code to turn off, for even more protection.

Celsius also permits biometric authentication to replace the 2FA requirement when logging in.

Loose Lips Sink Ships

Remember hearing that phrase? It was a security reminder during World War II. Spies were everywhere, and a passing remark could end up costing the Allies a ship in the Atlantic.

Keep that phrase in mind regarding crypto security. Don’t talk to people about your crypto holdings, or at least about how much crypto you have.

Kidnappings, home invasions, robberies and more are happening because people are, in many cases, literally advertising the fact that they’re rich from crypto.

If you plan on earning an income by referring others to rewards platforms to earn referral bonuses, you can’t go completely dark.

However, refrain from telling people how much crypto you own in each wallet, exchange or rewards platform. You may trust your friends and family with your life and your crypto.

Unfortunately, they may make a passing remark to someone who will take advantage of it. Or another person may overhear that remark.

And before long, someone could be forcing you to hand over your login credentials and your unlocked phone. It’s been happening to high profile crypto millionaires, people who are flashing and flaunting their new crypto wealth.

So stay mum and keep a cool head to avoid becoming the victim of a “$5 wrench attack.”

Comic from xkcd.com about a $5 wrench attack

And let the personal, computer and crypto security measures you maintain help you stay ahead of inflation and flourish during retirement.

You Might Like These Articles