Some Security Tips

[Black susano]

Hello everyone,
I had tons of security problems when I was a beginner. One of my exchanges got hacked, lost my 2FA code - my phone broke down etc. etc...
I want to write down some of the security stuff I use for my cryptos!
If any of you have corrections, additions or other suggestions to my safety actions, would love to hear them.

https://www.internations.org/guidelines/safety

1- Never ever use an exchange without 2FA: Even the hardest passwords can get hacked easily. If you don't use 2FA you can get hacked... Yep I got hacked - my Bibox account, took hours to block the account, half of my earnings were lost. (it wasn't more than 50$, thank god...)

2- Never ever use the same password for different accounts.
Yep, I got hacked! Why? I was applying for several airdrops, you guys know that nowadays some of them require signing up to their websites. And what have I done? I used the same password and email I used for the Bibox exchange.

3- Writing down your password rather than saving them on your computer is a better idea. I have a small notebook which I keep my passwords.
I also have a word document which I save some of my private keys, it is a locked document - not so safe I know...

4- Always keep your 2FA code or barcode before scanning. If your phone breaks down, you will loose all your 2FAs... It can take 2-3 weeks to activate your exchange accounts.

5- MEW, IDEX login: I never copy and paste my private keys to login these wallets. I prefer Metamask login, not 100% secure but much better.

6- My browser preference: I don't like chrome very much. I prefer to use Brave browser to access my accounts. *It doesn't support Binance. Brave also has Metamask extension.
AND A GREAT UPDATE: Brave has it's own BAT wallet which ables you to earn while you surf. Firefox is my second choice.

7- Phising sites: I always bookmark my exchanges. Also before clicking the email links, I always check the url, I never click if it is not a "HTTPS". I also use WOT extension on Chrome to check if the link is safe or not...

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

9- For airdrops I use another email. Don't want my original email get spam mails and I want my exchange email to be safe.

These are the ones I remember so far...
Safe days you guys!
Black Susano Cares

[Faisal2202]

We all make mistakes in our early time in crypto but with time most of the people learn by there mistakes. IMHO you did not lose that much but still money is money and losing them still hurts. And that must be enough for one to learn and find the causes of such hacks or spams. I really liked and agreed with all of your points but TBH I do not know much about Brave Browser but I think it might not be a best option among others. Why? Learn more about it here:

New stupid/greedy move from Brave Browser

Well, after reading some replies there I concluded that Firefox might be a good option but still IMHO as a user of Google Chrome I did not faced any issues till now. Why did I not faced any?

1. I never opened my main Exchange account on my laptop.
2. I never downloaded Pirated Software after knowing the risk involved.
3. I also never copied Private keys because in Metamask to recover the same account without deleting it we need recovery key and if I will not make a private key then nobody actually could access it. But still there are many other way around to get hold on that.
4. Most of the scams occurred in airdrops and bounties so the best practice is to use alternative accounts for those even the wallet address and emails. Never connect your main wallets just to claim few dollars from some unknown website.

I hope you would not be scammed or hacked more, but still I personally think if you would leave your dependency on third party extension or browsers or any other ways then you would be safe enough.

[Cantsay]

3- Writing down your password rather than saving them on your computer is a better idea. I have a small notebook which I keep my passwords.
I also have a word document which I save some of my private keys, it is a locked document - not so safe I know...

This is still a very bad method to be honest because once the document file that has your private key has been bypassed your coins will be vulnerable to the hacker.

It’s best not to associate your private key or secret phrase with your computer or online and that includes saving them in a notepad or Microsoft Word.

KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

Even for reputable services it’s still difficult for some users to complete kyc due to the fear of their privacy being compromised and you’re telling me that there are bounties out there that are actually requesting users to complete KYC that’s pretty stupid if anyone performs such a thing except they are willing to risk their privacy for the little money that comes with the airdrop and with the way airdrops are being done nowadays it takes time to come across an airdrop that pays good amount.

As for the license or passport I don’t really see any difference there, as long as they can be used maliciously to affect the owner and that’s what the hacker is after.

[BIT-BENDER]

An even better option avoid Airdrops and faucet if you really can but if you can't you can create and entirely new website with a random password you know and then use that email to apply for the airdrops and so on but still the risk isn't only about the email you use and password some phishing links can be required for you to click on some Airdrops.

2FA factor is very important but what's more important is never save your funds on an exchange that's why you can have your own wallet, you can have your 2FA factor and other security measures in check but if your exchange themselves get hacked or any ugly situation from their end you can lose your portfolio.

[Nwada001]

1- Never ever use an exchange without 2FA: Even the hardest passwords can get hacked easily. If you don't use 2FA you can get hacked...

Using exchanges that have 2FA enabled on them is an added security advantage, but the security advantage can also be bridge by you in some point, one if you happen to use a same email link to your exchange and it's also part of your primarily email on your device, their is a possibility of you also getting compromise, as one of the first thing hackers target when they want to hack your account is your email as it will give them the necessary details they need in other to be successful in their mission.

So getting into that your primary email, can also give them access to that of your security especially when you make use of Google authenticator which now synchronizes your backed up 2FA to your email and anyone with your email access can easily import them in a new device. So the safest thing is to not leave your money on centralized exchanges. If you must use them once you are done, always withdraw them back to your private wallet.

2- Never ever use the same password for different accounts.
Yep, I got hacked! Why? I was applying for several airdrops, you guys know that nowadays some of them require signing up to their websites. And what have I done? I used the same password and email I used for the Bibox exchange.

Sometimes using the same password for everything you do makes it easier to guess and be hacked. But also look at it this way: saving your password and logs on your browser also reduces your security, as if the email linked to your browser is compromised, all your saved logs will be in the wrong hands. And these days browsers are also being penetrated for  data theft without the user's knowledge, so the best thing to do is always login as you go and don't use the save password option; it helps with easy remembering but is also a security risk.

[nakamura12]

What you listed on your post is good but you didn't include a warning about using copy paste as your clipboard might be hacked or there's a malware that will change what you have copied when you paste it. E.g, copied letter A yet when pasting the result is letter B. You also forgot to include using good authenticator like Authy and more because google authenticator is no longer good or doesn't have good features unlike other Authenticator.

[Salahmu]

Hello everyone,
I had tons of security problems when I was a beginner. One of my exchanges got hacked, lost my 2FA code - my phone broke down etc. etc...
I want to write down some of the security stuff I use for my cryptos!
If any of you have corrections, additions or other suggestions to my safety actions, would love to hear them.

https://www.internations.org/guidelines/safety

1- Never ever use an exchange without 2FA: Even the hardest passwords can get hacked easily. If you don't use 2FA you can get hacked... Yep I got hacked - my Bibox account, took hours to block the account, half of my earnings were lost. (it wasn't more than 50$, thank god...)

2- Never ever use the same password for different accounts.
Yep, I got hacked! Why? I was applying for several airdrops, you guys know that nowadays some of them require signing up to their websites. And what have I done? I used the same password and email I used for the Bibox exchange.

3- Writing down your password rather than saving them on your computer is a better idea. I have a small notebook which I keep my passwords.
I also have a word document which I save some of my private keys, it is a locked document - not so safe I know...

4- Always keep your 2FA code or barcode before scanning. If your phone breaks down, you will loose all your 2FAs... It can take 2-3 weeks to activate your exchange accounts.

5- MEW, IDEX login: I never copy and paste my private keys to login these wallets. I prefer Metamask login, not 100% secure but much better.

6- My browser preference: I don't like chrome very much. I prefer to use Brave browser to access my accounts. *It doesn't support Binance. Brave also has Metamask extension.
AND A GREAT UPDATE: Brave has it's own BAT wallet which ables you to earn while you surf. Firefox is my second choice.

7- Phising sites: I always bookmark my exchanges. Also before clicking the email links, I always check the url, I never click if it is not a "HTTPS". I also use WOT extension on Chrome to check if the link is safe or not...

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

9- For airdrops I use another email. Don't want my original email get spam mails and I want my exchange email to be safe.

These are the ones I remember so far...
Safe days you guys!
Black Susano Cares

The security of our assets is always the major thing we should consider, because many has loss money because of inability to secure our account, in some cases we are actually the cause of our problem such as entrusting our secret or private keys to friends, Airdrop is also another way or means of hacking people's wallet were as they offer you to claim a token that would worth a certain amount in dollars but will required you to connect your wallet before claiming, so with that offer you will see so many people very excited to claim a free token and at last they end exposing the account to hackers.

2FA is one the best security measures in protecting account, I always love exchanges that uses 2FA because with the help of 2FA unauthorized user can hardly access your account but it also has it own disadvantage in a case were you lose your backup code you also loss the access to the account so what I normally do is to save the code properly in different places.

[Coyster]

but still IMHO as a user of Google Chrome I did not faced any issues till now. Why did I not faced any?

I don't know the issues you intended to face, but in case you didn't know Google chrome is a terrrible browser, especially if you are privacy conscious, they steal too much of your data and they won't fail to sell too many ads to you, of which many might be a scam. DuckDuckGo and Firefox are much better browsers to use.

I also never copied Private keys because in Metamask to recover the same account without deleting it we need recovery key and if I will not make a private key then nobody actually could access it. But still there are many other way around to get hold on that.

Metamask is a web/browser extension wallet, thus it is definitely never a safe wallet to use, notwithstanding how safe you think you can use it, it should only prolly be used for a tiny amount of funds.

[tabas]

7- Phising sites: I always bookmark my exchanges. Also before clicking the email links, I always check the url, I never click if it is not a "HTTPS". I also use WOT extension on Chrome to check if the link is safe or not...

I like to reiterate this one. Many newbies fell for such phishing sites especially those that are into airdrops and giveaways. When they've been provided a link by the developer or whoever runs those campaigns, they don't check it with due diligence and in the end they're ended being phished and all funds are gone. Scammers are wise so everyone needs to be wiser than them. And no one will be phished if you're not going to give your entire details that's being asked especially the critical ones like your seeds, private keys and other details that connects you to your wallet and other vital information. That's how these phishing sites are made for, to get those important information for them to gain access whatever they can that they think we're accessing also for our funds.

Aside from bookmarking, when you're searching website as you use the search engines. When you search keywords there of the websites you're searching, make sure that you're reading the short description that are on top of the search results and read the URL as well. If they're sponsored/advertised by that search engine and if there is a mispelling of the URL then that's a sign of a red flag and fake website.

[letteredhub]

3- Writing down your password rather than saving them on your computer is a better idea. I have a small notebook which I keep my passwords.
I also have a word document which I save some of my private keys, it is a locked document - not so safe I know...

Not just our passwords but  our wallet  private keys inclusive too, The online isn't safe to save such important information, with brute force those informations can be stolen but when they are stored in documented books there's no fear of hackers , all you got do is to keep it I'm safe and secure location. And it's recommended to out down either your password or seed phrase in multiple piece in case one get destroyed by accidental means you have a backup.

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

The request for KYC was part of the discouragement I had with chasing airdrops, giving out my data to some unsure projects. I felt the risk is way too much when I asked myself what if reverse turned out to be the case for me if anyone should get access to my privacy clear my funds through the data's I give out in hopes for those airdrops that wasn't forth coming even after several trials.

[BitMaxz]

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

9- For airdrops I use another email. Don't want my original email get spam emails and I want my exchange email to be safe.

I think better submit an ID like a postal or any ID that can be expired within 1 year or 2 years. Using a passport or driver's license is not a good idea both of these have 5 years or 10 yrs expiration date.

Or better stop hunting airdrops bounties because most of them are scam and usually asks for KYC unlike before you can get them without submitting any documents.

In addition for security tips turn on the "Always use secure connection" so that you can avoid non-HTTPS or nonsecured websites because those sites can view your keystroke or password while typing.

[BlackBoss_]

Or better stop hunting airdrops bounties because most of them are scam and usually asks for KYC unlike before you can get them without submitting any documents.

Their tokens mostly worth nothing, zero value and asking KYC sounds too much. Bounty hunters can do airdrop tasks but if KYC requirement is enforced later, they should give up and forget about that airdrop. Because it does not worth to sacrifice their privacy and anonymity for airdrops which as said mostly have no value.

The request for KYC was part of the discouragement I had with chasing airdrops, giving out my data to some unsure projects. I felt the risk is way too much when I asked myself what if reverse turned out to be the case for me if anyone should get access to my privacy clear my funds through the data's I give out in hopes for those airdrops that wasn't forth coming even after several trials.

If you don't join airdrops at beginning, you won't have to mind about their requirements that sometimes over-required like KYC. They can sell your documents to get money and you in return even don't receive token or receive token that does not worth anything at all.

[tech30338]

My suggestion is not to join newly created exchange, stick to those who have make it to the hacks and return the money, to the investors, using unknown exchange who have just been a few months or years is not a good idea, go with the pioneer exchanges, you have to distance your tokens or coins to website with less security features and allow no other alternative securities.

[GreatArkansas]

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

Even in centralized exchanges or gambling sites that involve KYC, there's still a lot of chance your personal information will be leaked.
Another issue to avoid is not using exchanges that ask for KYC, try to find another alternative like using decentralized exchanges.

1- Never ever use an exchange without 2FA: Even the hardest passwords can get hacked easily. If you don't use 2FA you can get hacked... Yep I got hacked - my Bibox account, took hours to block the account, half of my earnings were lost. (it wasn't more than 50$, thank god...)

With or without 2FA, if the platform itself is vulnerable, you can still get hacked.

[mk4]

8- KYC issue: I prefer not to do KYC for airdrops or bounties. If their database gets hacked, your passport can end up in Dark web. For exchanges, I always try to use my Driving License instead of my passport for KYC (some of them only accepts passport :/ )

9- For airdrops I use another email. Don't want my original email get spam mails and I want my exchange email to be safe.

In the first place, no half-decent airdrop requires AML/KYC in the first place. Not like when in the 2016-2018 era where the requirement is pretty much AML/KYC and social media shares, the good airdrops today just requires protocol usage (which is a good and more efficient way).

If you want a bigger list: https://chainsec.io/checklist

[Faisal2202]

I don't know the issues you intended to face, but in case you didn't know Google chrome is a terrrible browser, especially if you are privacy conscious, they steal too much of your data and they won't fail to sell too many ads to you, of which many might be a scam. DuckDuckGo and Firefox are much better browsers to use.

Metamask is a web/browser extension wallet, thus it is definitely never a safe wallet to use, notwithstanding how safe you think you can use it, it should only prolly be used for a tiny amount of funds.

Everyone has their own ways and their own agendas. I have to use it for SEO purposes so Mostly do keep work optimized I use it for all work. Even though I agree with you that the other browsers you mentioned are a lot better but my information never leaked like personal data etc. or anything at all and even if any information leaked or used by them then it must have affected me.

But thanks for the heads up, I will try to use Firefox and Duckduckgo but tbh I do not like Firefox and I never used DuckDuckgo so let's test DuckDuckgo. And I did not bring Metamask into the discussion because it is the most secure but I mentioned it because Op specifically mentioned it so keep things relevant to the OP post I used it as an example here. Even though most of the spam and hacks are caused due to some mistake from the scam victim.

[Fiatless]

1- Never ever use an exchange without 2FA: Even the hardest passwords can get hacked easily. If you don't use 2FA you can get hacked...

Using exchanges that have 2FA enabled on them is an added security advantage, but the security advantage can also be bridge by you in some point, one if you happen to use a same email link to your exchange and it's also part of your primarily email on your device, their is a possibility of you also getting compromise, as one of the first thing hackers target when they want to hack your account is your email as it will give them the necessary details they need in other to be successful in their mission.

Third-party service providers are not trustworthy therefore it will be a big mistake to use your primary email to register with them. The simple thing is to create several nominal emails that will be used for KYC requirements. The benefits of 2FA cannot be overshadowed by the simple practice of creating a new email.

So the safest thing is to not leave your money on centralized exchanges. If you must use them once you are done, always withdraw them back to your private wallet.

Your personal information is as important as your funds, so not leaving large finds in exchanges is no less important than not allowing them to have access to your data.

Sometimes using the same password for everything you do makes it easier to guess and be hacked. But also look at it this way: saving your password and logs on your browser also reduces your security, as if the email linked to your browser is compromised, all your saved logs will be in the wrong hands. And these days browsers are also being penetrated for  data theft without the user's knowledge, so the best thing to do is always login as you go and don't use the save password option; it helps with easy remembering but is also a security risk.

We shouldn't sacrifice privacy at the altar of convenience. Having the same password might be easy to access all your accounts but it gives hackers or scammers easy access to all your accounts. The best option will be to spend time cramming them and in no time you will get used to them. You can also keep them in a safe place offline.

[348Judah]

2- Never ever use the same password for different accounts.

I may kicked against this because you're being hacked because of the shady things you engage doing with your device such as sites visited, files or image downloaded and many other reckless security measures you have failed to maintain, you can use a single password for as may accounts you have as long as it's strong enough with alphanumeric keys combination, using multiple password can get one confused and lost access to any account he had.

3- Writing down your password rather than saving them on your computer is a better idea.

While writing them down, maintain a good privacy practice over it, not onky your password but your wallet keys as well.

6- My browser preference:

What may be good for you may be others dislike, but there's nothing bad with all the categories of browsers you've mentioned.

[isaac_clarke22]

3- Writing down your password rather than saving them on your computer is a better idea. I have a small notebook which I keep my passwords.
I also have a word document which I save some of my private keys, it is a locked document - not so safe I know...

This is still a very bad method to be honest because once the document file that has your private key has been bypassed your coins will be vulnerable to the hacker.

It’s best not to associate your private key or secret phrase with your computer or online and that includes saving them in a notepad or Microsoft Word.

Yep, anything that is written in a software isn't really that better of a way. It's still another program written by another dev.  What's better would be doing that engraving of private keys in a steel of metal then just hiding it in a safe locker or somewhere else where it wouldn't be exposed to external elements.

I had written some of my private keys to a paper but not all of them really contains something worth stealing anyway.

[icalical]

All of those security measurement will not be needed, if you just use a cold wallet or paper wallet if you want to actually safe and hodl the bitcoin, holding anything on a custodial/exchange wallet is never safe, and shouldn't be done in a long term, only put the crypto on exchange when you want to exchange it.