On December 20, 2013, Bloomberg TV anchor Matt Miller accidentally gave viewers an important lesson in Bitcoin security.
As part of a 12-day segment on Bitcoin, Miller gave two TV anchors paper wallets with $20 of Bitcoin each. As he handed them out, though, he exposed one of their private keys on camera—and, a moment later, the bitcoins in that wallet had disappeared, taken by a Reddit user who was apparently a little more Bitcoin-savvy than Miller.
There are lots of ways out there to lose your Bitcoin, if you don’t understand the best practices for keeping them safe.
Fortunately, just like you don’t need to be a computer scientist to buy and sell Bitcoin, you don’t need a technical background to make your Bitcoin holdings much more secure. If you own Bitcoin, take ten minutes today to make sure you’ve done these things — because it won’t feel urgent until you’ve already been robbed.
Use Strong and Varied Passwords
An uppercase letter isn’t enough to make your cryptocurrency account passwords strong.
Your passwords should all meet the following criteria:
- Have lowercase letters, uppercase letters, numbers, and symbols.
- Be at least 40 characters long. A longer password is better because it’s harder for a hacker to crack using common brute-force methods like dictionary attacks. If this seems like a tall order, you can use a password generator to quickly make a strong password of arbitrary length. You can also think of long but memorable statements, rather than words, to use as passwords — e.g., “IW3nt4AW4lk1nTheW00dsOn@Sund4yAftern00nInJ4nuary!”
- Are not common words or obvious character replacements (e.g., a password shouldn’t be “G0R3dS0x”).
The stronger a password is, of course, the harder it is to remember. That’s why you need a resource to make sure you don’t forget them and lose access to all your money. Two good options include:
- Credible, established password management software, like 1Password.
- A secure, offline record of your passwords, like an encrypted USB drive.
Be sure to use a different password for every one of your accounts. Otherwise, a single security breach will give a hacker access to all your information — and you can’t trust every service for which you register to store your password with top-notch security.
Enable 2-Factor Authentication on All Your Accounts
Two locks on your accounts are better than one, especially when hackers everywhere are constantly working on new ways of circumventing locks. Whenever you have the option, you should enable 2-Factor Authentication (2FA). And the chances are good that you have this option in more places than you realize.
2FA is a way of using a second type of identification, in addition to your password, to authorize access to your account. There are a number of different ways to do this — but not all of them are recommended.
Never enable 2FA that verifies your identity using a phone call or a text message. Hackers have become very good at calling up phone companies and convincing those companies that they’re you, at which point phone-call or text-message 2FA makes your account less secure, not more secure.
Enable 2FA using one of these methods instead:
- Download an authenticator app, like Google Authenticator, which randomly generates 2FA codes that change every 30 seconds.
- Purchase a universal second factor (U2F), like YubiKey, which acts as a kind of encrypted USB key you can insert into your computer as a form of 2FA.
Look in the security sections of all your Bitcoin accounts now and enable 2FA. Also be sure to check your email accounts: many people overlook securing their email accounts, and email gets hacked all the time.
Enable IP and Wallet Whitelisting
Especially when you’re trading on exchanges, the more layers of security you can get, the better. Beyond 2FA, you should check whether the exchanges you’re using allow for whitelisting: only allowing specific addresses to interact with the funds you have on the exchange.
There are two main kinds of whitelisting you should seek out in exchanges’ security settings:
- IP whitelisting. Give the exchange your computer’s IP address, and then only someone using that IP address will be able to authorize trades or withdrawals through your exchange account.
- Wallet whitelisting. Give the exchange the public key of one of your wallets, and then you’ll only be able to withdraw funds from the exchange to that specific wallet — hackers won’t be able to dump your funds in their own wallets.
Not all exchanges have these whitelisting capabilities right now, so actively check to see if the ones you use do — and, if they support it, whitelist your addresses right now.
Use a Reputable VPN on Public WiFi Networks
Public WiFi connections are easy prey for hackers. If you’re connecting to public WiFi with a computer that stores info on your Bitcoin accounts, you’re playing with fire.
If you insist on doing this, the best practice is to make sure you’re always using a virtual private network (VPN) when you’re connected to public WiFi. A VPN basically adds a layer of encryption between you and the internet at large, even when you’re on a public WiFi connection. It can make you feel a lot better about using your personal computer in a Starbucks.
There is a wide range of VPNs on the market and different tech outlets endorse different particular providers, but pretty much everyone agrees that free doesn’t cut it. If you have a decent amount of money in Bitcoin, you should be willing to pay $5-$10/month to keep it safe.
Some of the most reputable VPNs out there right now are:
- ExpressVPN, based in the British Virgin Islands
- NordVPN, based in Central America
- VyprVPN, based in Switzerland
The added layer of security will make it that much harder for prying eyes to get access to your passwords, private keys, and seed phrases.
Treat Your Savings and Trading Funds Differently
Hopefully, you’ve heard the adage that you shouldn’t be trading with more capital than you’re willing to lose. That extends even further in the world of cryptocurrencies: you shouldn’t store access to any more of your cryptocurrencies on an exchange — or even online — than you’re willing to lose.
When your Bitcoin is stored with an exchange or in an online wallet, it is susceptible to dangers like trojans and exchanges getting hacked. So, when it comes to all the Bitcoin you’re hodling instead of trading, you need a cold wallet: a private key that you keep securely offline.
Consider moving your non-trading funds to cold wallets like these:
- Hardware wallets, like Trezor. This is a piece of security-audited hardware that keeps your private keys and lets you send and receive Bitcoin.
- Paper wallets, like Bitcoin Paper Wallet. This is an offline record (something that can be written down on paper, whence the name) of a public/private key pair, which you can use to send and receive Bitcoin. As long as you don’t share this private key and don’t forget it, it’s hard to get any more secure.
If most of your coins are in cold storage when an exchange you used is hacked, your loss will be mitigated tremendously.
Make a Backup of Your Backup
One of the major value propositions of cryptocurrencies is that the decentralized nature of blockchains makes it harder for systems to have a single point of failure.
Take a lesson from that: you should have enough backups of your passwords, private keys, and seed phrases that your Bitcoin is safe beyond any single point of failure.
If you have a flash drive or two lying around, take a minute to encrypt them and add text files containing info on all of your exchange accounts and wallets. These are your last line of defense if you need to recover an account or access a wallet whose details you’ve forgotten. You don’t need any special software to encrypt a flash drive: just right-click on the drive in your “My Computer” window and select the “encrypt” option, following the on-screen instructions to set up a password for it.
Store these drives in different, secure places. If these backups aren’t 100% secure, they’ll end up being the weakest link in your security: if someone finds one and is able to decrypt it, all your Bitcoin will vanish. Ideally, keep your backups in a safety deposit box — or, even better, split your keys across multiple drives (e.g., half of your paper Bitcoin wallet’s private key on one drive, and the other half on the other). That way, even if someone somehow manages to steal one drive, they still won’t be able to access your funds.
The more backups you can keep in different places, the better — just don’t forget the passwords to decrypt them!
Encrypt a “Digital Will”
On April 16, Matthew Mellon died, leaving over $500 million of XRP in cold wallets all over the U.S. Because no one in his family knew his private keys, it’s unclear whether they’ll ever be able to access those funds.
You need to balance your funds’ security and your assurance that your funds will go to the right people after you’re gone.
Eventually, you should talk to a lawyer about the right way to pass along your cryptocurrency in your will. For today, though:
- Make sure that your inheritor knows where one of your encrypted flash drives is.
- Make sure they have the password to decrypt it.
- Make sure that flash drive contains a “digital will”: a file that tells that person exactly how to access your Bitcoin. As an exercise, try writing down instructions telling someone how to access and use the Bitcoins in a cold wallet (not using your real keys). Show it to someone who doesn’t know much about cryptocurrency. If they can understand it, you’ll know chances are good that your inheritor will be able to access your funds.
If you want your wealth to survive you, make sure that the right people know where to find it and how to use it.
Okay, maybe doing all this will take you a little longer than 10 minutes — but you can definitely do most of it before you go to sleep tonight!
These tactics won’t make your cryptocurrency as secure as Fort Knox — and there are plenty of steps to make it more secure — but this is the absolute minimum level of security you should accept if you’re holding any real amount of crypto.
And, with these measures in place, odds are that you’ll sleep much better tonight knowing your Bitcoin won’t be gone in the morning.
The above references an opinion and is for informational purposes only. It is not intended as and does not constitute investment advice, and is not an offer to buy or sell or a solicitation of an offer to buy or sell any cryptocurrency, security, product, service or investment. Seek a duly licensed professional for investment advice. The information provided here or in any communication containing a link to this site is not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject SFOX, Inc. or its affiliates to any registration requirement within such jurisdiction or country. Neither the information, nor any opinion contained in this site constitutes a solicitation or offer by SFOX, Inc. or its affiliates to buy or sell any cryptocurrencies, securities, futures, options or other financial instruments or provide any investment advice or service.