I will be the first to admit that security isn't fun or exciting but it still remains of paramount importance when dealing with anything where your hard earned money is at risk to digital predators. So it's time to take your Bitcoin security seriously!
Here I am going to run through the most important tips to stay safe!
Check the web address! Look for HTTPS
Any website that asks you to login should have a valid SSL certificate to ensure your connection to the website is secure and encrypted. What does this mean? See the image below, you should see the green padlock in the browser address bar along with https instead of http.
While on the topic of address bars. Also, make sure the website you are on is the one you intended to visit. Many websites have "lookalike" sites where the website appears identical and the web address will be one letter different. One example of this is a Bittrex clone where the i is an l instead which isn't always easy to spot. Always make sure you are visiting the correct website, this is another reason why bookmarks can be helpful.
Beware of phishing emails
Phishing is when someone tries to coerce you, usually through email spoofing or instant messaging in an attempt to get you to visit a website or visit and then provide your details, at which point they take a copy and can access your accounts and do as they please.
Emails addressed to you should include your name, not "Dear Member" or something ambiguous like that. Always check the "from" field and properly check the email address to ensure it is coming from who it says it is. If you think a website is being imitated, contact their support and make them aware of the email, they may request you forward them a copy.
Be Mindful of Google Search
This may sound counter-intuitive but I will explain. If you search for exchanges and accounts via Google you may find fake websites listed in the results. In fact, some hackers are buying up the sponsored ad space to appear top.
If you then login to a fake version of Binance or Bittrex these nefarious people will have your login details and may be able to access your account on the real exchange and empty your funds! Use bookmarks so you know you are always going back to the right website.
Some Advice on Passwords
The easiest way to allow an intruder to wreak havoc with your life and all of your money is to make amateur mistakes with your passwords.
1) Use long passwords, with uppercase and lowercase characters, numbers and special characters like # and & for example.
2) Use a unique password for every website and account you own. If you need to set yourself a system where the first 2 or last 2 characters represent the name of the site and then your usual password afterwards, this can make things easier to remember if you want to keep them all in your head but the safest approach is to use randomly generated and super secure passwords using PasswordsGenerator.
Keep your private keys safe + Create a Backup
The most important piece to the puzzle is your private key, that is the golden key that all scammers are trying to acquire. Why? because with that one code they have the keys to the castle and can take every penny in a matter of seconds.
So guard it with your life! Entrust it to no man, not even a lawyer. Make a backup copy written down that you can keep safe. There is more information on this in our wallet guide.
Google Authenticator
If you haven't already installed Google Authenticator then do so immediately and turn on 2-factor authentication on your Gmail account and any of your crypto accounts such as exchanges.
It's easy to use and will add a much greater level of protection to your account.
Use a Separate Email Account
It's also wise to start using a new and completely private email account for signing up with any crypto related websites.
By never sharing this publically an intruder doesn't know where to attack. Consider setting up a new Gmail account or for even more privacy check out free encrypted email from Protonmail.
Use a Separate Phone
Similarly to the above advice of having a new email to keep your crypto accounts separated from your usual email and social media accounts you could also buy a cheap phone with a sim card that has a new number that only you know.
Then you install Google Authenticator on this phone and keep it in a draw turned off unless you need to use it. This could also double up as a place to store your Bitcoin on a mobile wallet if you can't afford a purpose-built hardware wallet like a Trezor or Ledger Nano S which are the most secure.
This can protect you from more sophisticated hackers who use your personal information to gain access to your phone number.
Call Your Phone Provider
Yeah, I said it! Consider calling them and request they increase the security on your account. Let them know that under no circumstances should they deactivate your sim if someone calls claiming you have lost your phone. Ask what additional security features they have and if you can set a verbal passphrase in addition to their existing security checks which are likely weak and open to social engineering.
Beware of Cryptojacking
Cryptojacking is the process of using other peoples computers without their knowledge to mine cryptocurrencies and while this can involve having to install malicious software it can happen while you are browsing a website. How can they mine bitcoin or other cryptocurrencies via a website you ask? Using javascript which allows them to run custom software or rather web-ware while you are on the website.
How can you protect yourself against this? Well firstly if you suspect this is happening on a website you are browsing, open your task manager or Mac equivalent and look at your disk usage.
Is it unusually high? If so a script may be running on the website that is using your hash power to mine coins like Monero and other privacy coins. So check your CPU usage, however, HackerBits advises that they may throttle the usage to make it harder to detect so this may not be a comprehensive way of knowing if you are being cryptojacked.
The best way to stay safe is to install a Cryptojacking blocker add-on for your browser. The most commonly used option at the moment is NoCoin and works with both Chrome and Firefox.
Note: If you use another browser you should consider switching to one of the two above options and whatever you do avoid Internet Explorer.
You can read more about this subject over on HackerBits.
Never tell people how much crypto you have!
Sure you can tell your closest loved ones and of course the tax man but that's it! Seriously! Why? Not only is it uncouth but you are also taking other risks.
If you owned 1000 Bitcoins in 2011 and had let it be known to your friends or even worse the general public and now you were, of course, a multimillionaire, your friends and family could begin to see you differently and treat you so. Worst case scenario someone actually tries to track you down for your Bitcoins!
Maybe a little far fetched but it can happen. Google what happened to the late and great Hal Finney and his poor family.
On a serious note, it's just not worth the risk. If you make it Scrooge McDuck rich, stay humble! Like Kendrick!
Want to read more articles like this? Visit our blog.