Cryptocurrency market growth is accelerating rapidly. Physical money and investment foundations had most vulnerabilities detected and ironed-out during last hundred of years. And a majority of security issues are covered by institutions like SEC or FINRA. In contrast, an emerging class of crypto-holders is solely responsible for securely storing their funds. It makes them a target for hackers. Considering this, your security and protection depend only on the wallet service you choose and actions you take to ensure you're safe.
Blockchain markets have grown faster than the laws governing them. Consumers have had centuries to iron out ways to protect fiat money. SEC and FINRA cover many related security issues. Blockchain does not yet have such protections. Instead, users are solely responsible for securely storing their own funds. This makes them a target for hackers. Your protection depends on the wallet service that you choose. You are responsible for all actions taken to ensure your safety.
Here are some tips for lowering the risk of losing your funds.
Know what info to share
Orderbook support never asks you to provide your password or private key. Sometimes, support must confirm your identity for security reasons. We do this by verifying info that only the account owner would know.
Always question whether emails about your account make sense. If something seems off, stop responding. You should always contact your service provider directly if you are unsure. It is important to let them know about any suspicious messages.
Secure your data
A chain is only as strong as it's weakest link. All the rules provided below are equally important. Make your computer and phone as safe as possible.
Enable drive encryption
If you use macOS:
You should enable FileVault
Read Enabling FileVault for instructions.
Select "create a local recovery key". Do NOT allow iCloud to store your encryption key. Keep the letters and numbers of the key in your password manager.
Go to the "General" tab. Choose to require a password immediately after sleep. You should also require a password when waking from a screensaver.
If you use Windows:
You should enable BitLocker
Read Enabling BitLocker for instructions.
Make sure that you know your startup PIN. Print the recovery key and keep them secure.
Go to the Control Panel and select Appearance and Personalization. Click on "Change Screen Saver". Check the box "On resume, display login screen."
This will encrypt your laptop's content and help to keep you safe. Your password will protect the data. Never tell your password to anyone. Do not record it on papers/notebook which you carry with you.
Safe Web browsing
Keep your operating system up to date.
Use Google Chrome or Safari as your primary web browser.
Make sure you don't have unreliable extensions installed that could spy on all your content .
Instead, use encrypted storage for passwords (1password, LastPass, Passpack or similar).
The connection should be considered compromised if you see an SSL warning in the browser.
Enable two-factor authentication (2FA, OTP) wherever possible, but avoid SMS authentication. Your phone number can be easily stolen using a number of techniques.
Avoid open Wi-Fi networks. Always use a VPN in such locations.
Always use antivirus software. Do not connect your computer to the internet until antivirus software is installed.
With or without an adblocker, never click on advertisements.
Protection from phishing
Phishing messages contain URLs that link to fake websites. Scammers design these websites to look just like services you use. They use these sites to steal sensitive information from unsuspecting users.
Install MetaMask. Metamask warns you when accessing a known malicious website.
Add Orderbook and all relevant crypto sites to your bookmarks. Use these bookmarks to access the site. Links in search engines and emails could lead to a fake website.
Always verify the URLs of services that you use.
Trust only information posted by official sources. Telegram spam bots and phishing sites are the reason scammers get millions.
Do not trust URLs sent via private messages. Always verify information with a secondary source. Check any suspicious links or files before opening.
Never enter sensitive data on a website sent via message. That includes your passwords and private keys.
Your password protects your account and tokens. Orderbook requires password entry to perform all actions. No one but the password holder may transfer or trade tokens stored in your account. Orderbook's admins do not even have access to your passwords. Nor does our server side software. Orderbook's team will never ask for your password. We will also never offer you to install software on your computer.
Use a password manager to store passwords. Some options include 1password, LastPass, and Passpack.
Use a new randomly generated password for each new account. Make sure each password is the maximum acceptable length.
Subscribe to notifications on https://haveibeenpwned.com/.
Consider your passwords compromised if sent over SMS, email, or any other messenger.
A final thought about personal security