Please be be cautious with all outside resources as we are providing suggestions and are not liable for the personal decision to use the suggestions at your own risk.
Some of the most skilled developers use password managers. Password managers provide an extra layer of security and verifications to slow down hackers from getting into your accounts. KeePassXC, Bitwarden, Keeper, and LastPass are great affordable ways to keep your accounts safe from external harm.
Don't use always the same password or too simple ones, this is obvious but really don't do it. Just write a new password on a paper for the first times, you'll learn it even if it is complicated as hell like qMa(4=!eRTz555!&
If you prefer you can go with very long pass-phrases, easy to remember and very secure and hard to brute-force. "TheHackerThoughtIHadASimplePassword,ButIDidn't!" could be a good combination if you're good at typing...
Your birthdate is not a valid password.
Account verification security
Two-factor authentication is an important step to take to protect your important accounts whenever possible. It may seem like a pain at times to enter that extra code—which you may only have to do once per device or once every 30 days—but it’s a price worth paying to make your online accounts more secure.
The basic idea is that a single password for your important accounts simply isn’t enough. If your password is guessed, or hackers steal a database with your login information in plain text, your account is a sitting duck. Two-factor authentication tries to address that flaw by requiring a secondary code called a one-time password (OTP)—usually six characters in length and generated by a smartphone app—before you can gain access to your account. That way even if a hacker has your password they’ll still need to crack a secondary code, which makes getting in that much harder.
Web browser safety
Exploiting email and web browsing applications is the most common way hackers and malware try to gain access to devices and your information.
Protect yourself before you start browsing the web by making sure that your operating system, web browser, security software, browser plugins (like Java or Adobe products) and other applications are up-to-date.
Here are just a few ways you can help keep yourself safe when browsing the internet.
- Use strong unique passwords online.
- Only download files and applications from websites that you trust, such as from official app stores or legitimate organizations, such as your bank.
- Pause and think carefully before clicking on links in email, messages or on social networking sites. Don’t click on links in messages if you don’t know the sender or if the message is unexpected.
- If you think a link looks suspicious or you can’t tell where it leads to, before you click hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
- Expand shortened URLS to check if they are safe. Short URLs are often used in social media. There are a number of services that create short links - such as goo.gl, bit.ly, tinyurl.com, ow.ly and youtu.be. To check if these links are safe you can use an ‘expand link’ facility to get the original URL from a shortened link without having to click through to the destination. Look for a short URL expander that is recommended by your anti-virus software or a reputable software company.
- Be wary of offers that seem too good to be true. Leave websites that ask for your personal or banking details in return for money – these are scams. Remember, if it seems too good to be true, it probably is.
- Don’t agree to friend requests from people you don’t know on social media networks - people are not always who they say they are.
Other forms of security can be web browser plug ins that help keep your browsing safe and monitored.
Cryptonite is a browser extension (add-on) designed to protect users from malicious attacks and phishing scams through the use of the extension's visual indicator, the Cryptonite shield.
When the shield turns green, users can be confident the website they're visiting is a trusted resource verified by MetaCert. When users visit a malicious or phishing URL, it directs them to a block page with a warning that they're about to visit a known malicious resource.
Cryptonite is powered by the MetaCert Protocol, one of the world's largest threat intelligence databases. Cryptonite is available for Google Chrome, Brave, Mozilla Firefox and Opera.
The last thing you want is to have your email address hacked, especially if you own crypto-currencies. Someone could reset your passwords on different exchanges, use it to make withdrawals or even to allow his IP address on your account.
Make sure the email you're using has been made exclusively for crypto-currencies and exchanges accounts. Don't set your primary email as a recovery email.
Make sure your email isn't too close to your other emails, like firstname.lastname@example.org, if your email is something like email@example.com you're doing great.
Enable 2FA on your email address too.
Consider creating more than one email dedicated to crypto, if you have 1 address per exchange your chances of losing it all will be reduced again. Or you could also use alias emails to sign up on different exchanges with a small variation of your email address.
Don't stay connected to that email account (especially on your phone) and only login from trusted WiFis.
Security rules regarding bots:
Bots are amazing, they can trade 24/7, will never lose their attention and will always stick to the strategy they've been made for. We all agree on that, but you must be very careful.
Third-party websites: if you look for "crypto-currency trading bot" on google you'll find tons of websites that give you access to bots, promises of extraordinary returns, "very secure" as you don't give them your account credentials but just your API keys in writing mode etc. If someone has a printing machine that let's you make x% per day, they wouldn't be selling it, they wouldn't be allowing you to use it for free or even for a fee, they would just use it. If you made a bot that can make 50%+ per year, without any risk, it wouldn't be very hard to find enough money to use it for yourself, right ? If something is too good to be true, dont fall for it. Sometimes the trick is to make the customer pay for the service, he thinks "this is how they make money" when it's not. The general rule in those cases is don't give your API keys if you wouldn't send your crypto-currencies to that website/people, because it's exactly what you're doing, putting your crypto into their hands. Don't do it until you trust them enough to give them your coins.
Other general rules:
- If you don't understand what you're doing, stop what you're doing and take the time to understand before continuing.
- Buy a ledger and store your crypto-currencies on it if you plan to hold them for more than few hours/days (and don't buy any ledger from Ebay or any other website than the official website, even if they offer you a huge discount).
- Don't share too many personal details, the less the better, and don't tell everyone how much of a crypto-currency you're holding, people aren't that bad to calculate your stack value, especially with a calculator.