As we jump into security basics, one of the first things you can do is to use a proper email for any accounts you create. This email address should be separate from the one you use publicly anytime someone or a company asks for your email address. It should not be one that you have shared publicly at all other than using on exchanges or other cryptocurrency related accounts.
This will make it harder for hackers to find your accounts if you use separate email addresses. You can use your email server of choice such as gmail or yahoo, but protonmail is recommended as it is a secure encrypted email server. You can find out more information at protonmail.com.
Your password and the security around your password is a crucial step to protecting your financial accounts and any other accounts. The security practices mentioned in these sections are not just for crypto related accounts, but for any account where they require an email address and a password.
First and foremost, do not select a password that you have used in the past. Many people will use the same password for everything and then when one account is compromised, hackers have free access to all your accounts. Also, do not make it something that can easily be guessed by scrolling through your social media profile, like your kid’s or pet’s names. Your password should be complex and use a variety of letters, numbers, and special characters.
The best option is to create a password that is a short sentence, but replace some of the letters with numbers or special characters. Simple changes like this can make it nearly impossible to guess.
Now that you have set a complex password, mix it up and use a different one for each account you need a password for.
2 Factor Authentication, also known as 2FA, is a security protocol that requires you to use two forms of verification to be able to log in or access something. This can be used for any online account, including financial accounts, social media accounts, email accounts, etc.
The first factor is your password which we covered above. The second factor can be a code or pin that is generated using either text message or email, an authentication app, or a physical security key. This gives you the ability to add an extra layer of protection to your accounts, where even if your password is compromised, your account still cannot be accessed without also providing the 2nd factor. Not all 2FA are created equal so next we will look at each type of 2FA. It is recommended that you enable 2FA on ALL of your accounts.
The first one we will look at is the least secure method of 2FA, SMS Text messaging or email 2FA. In this case, once a password is entered, a pin code is sent either through text message or email to your email address on file. You will need to take that number and enter it to be able to log in. The reason this is the least secure is because if your email account has been compromised, a hacker would be able to log in to all your accounts by just requesting an email pin or reset.
SMS text message 2FA is also not recommended due to the recent rise of sim swapping attacks. A sim swapping attack is when a person pretending to be you contacts your phone service provider and requests them to move service from an old phone (your current phone) to a new phone in the possession of the hacker. This has become more common over the past few years. In some cases, employees of the phone service provider have been found guilty of assisting the hacker to access your accounts. Once this is done, hackers can easily receive your 2FA pin messages and/or reset your password and 2FA using the sim swapped phone.
The next method of 2FA is more secure than text/email 2FA which is using a 2 Factor Authentication app like Google Authenticator or Authy. These apps can be synced to an account by scanning the provided QR code in the app or by copying the provided security key provided by the account you are trying to secure and then pasting it in the app to sync up. After setup, a numeric code appears and changes every 30 seconds. During log in, after entering your password, you will need to enter the current code in the app for that account before the countdown ends and the number changes again. With these methods, someone will need to physically have your phone to be able to access 2FA code to access your account.
The most secure method of 2FA is to use a physical security key, such as Yubikey. It is a physical device that can either plug in to your phone or computer, or have an NFC chip built in for one tap access on your phone. Similar to above methods, once you enter password to log in, you will need to connect your physical key to device to be able to log in. You either insert device into port on computer or phone, or if it has NFC enabled, you can tap it to the back of your phone. This is the most secure method of 2FA you can use, but if using this method, it is always best to keep a backup key just in case you lose your main one.
One layer of security often overlooked is using a VPN, or virtual private network. A VPN is a technology that can encapsulate and transmit encrypted data that enables users to shield themselves from the main network they are connecting to. The encrypted connection helps ensure that sensitive data is safely transmitted and prevents unauthorized people from spying on network traffic.
VPNs mask your IP address as well. VPNs can also allow users to access content or websites that may not be available normally based on their geographic location or network connection. Good security practice is to NEVER connect to a public wifi network, but if you feel the need, it is recommended that you always use a VPN if you must connect to one.