COINLORDS CRYPTO SECURITY GUIDE V1 -
last update 5.17.2017
Suggested Devices:
- Physical 2FA Key Device (Yubikey, Trezor) $18 - $99
- Hardware Cold Storage (Ledger, Trezor, Keepkey) $15 - $99
Break your crypto holding into 2 categories:
- Active Trading (10-25% Suggested)
- Long term, max security storage (75-90% Suggested)
Protecting your trading balance
Protect your active trading balance on exchanges by deploying 2FA on the exchange via smartphone app. Examples: AUTHY or Google's Authenticator.
You MUST turn on 2FA on your e-mail accounts connected to your exchange account. To protect against 2FA attack (stealing your phone number to use your 2FA) DISABLE PHONE 2FA from your e-mail if enabled, and instead add a physical layer of security such as a Yubikey or Trezor. If your phone number gets stolen, they will still not be able to reset your exchange PW without access to your e-mail. Always use max security settings on each exchange. (only disable Phone 2FA from your e-mail if your provider accepts hardware keys. Phone 2FA is better than no 2FA. If your provider doesn't accept hardware keys - maybe find a new one. Do not use a recovery e-mail on your exchange accounts.
Protecting long term storage
Protect your long term storage by taking it offline completely. You MUST purchase a hardware device if you want to be 100% sure of your security. There are ways to store it safely without a hardware device but it's inconvenient and most people won't put in the effort. Instructions to load the device with crypto will differ from device to device. You will need to hide your recovery passphrase in the event that your hardware device breaks, gets stolen, or burns up in a fire. I suggest hiding 2 copies, both of them halved. Example: 1st Half the words at home, 2nd half the words in a bank security box. 2nd copy of 1st half of words at family members house, 2nd copy of 2nd half of words kept encrypted online (Must be careful if you do this) or 2nd bank security box.
Where to buy the hardware required?
Yubikey 2FA for Exchange E-mail - $18
Buy on Amazon
The $18 Yubikey is NOT compatible with LASTPASS. It is compatible with gmail accounts however.
Trezor (Works as 2FA for e-mail, also cold storage hardware device)
Buy at official Trezor Wallet website
Ledger Wallet (Cheaper hardware wallets, still work well)
Buy at official Ledger Wallet website
Security Tips & Suggestions:
- Buy a Yubikey for your e-mail, and Trezor for storage.
- Trezor is the most convenient hardware device.
- Use a password manager that works with Yubikey or Trezor to protect against keyloggers. (Example: LastPass)
- Never keep a significant amount of your holdings on an exchange - only a smaller active trading balance.
- Never disclose how much crypto you own. Ever.