Today I wanna talk about how scary it can be to own crypto in this day and age where exchanges get hacked every other day it feels like, you hear about some scams where people are swindled out of there cryptos or phone sim porting. It feels like there is always an ever increasing amount of attacks and thefts that I hear about in the crypto scene. You never know if you'll be targeted, but to be safe you should always assume you are and just the paranoia that comes from all that can be a lot to handle but it's better to be paranoid and have a bunch of security on your accounts than not. So I'm gonna go over all the steps I decided to take to protect myself and my crpyto.
2fa or two factor authenication is a must have for everyone who is in the crypto space and uses exchanges or wallets or email linked to these, you definitely want to have two factor authentication on all your accounts. I use it on my google account, facebook, outlook, and every exchange I've ever used has it and so do most digital wallets. I use two different ones to try and organize my codes a little bit. I use Google authenticator and Microsoft authenticator. Just download them on your phone and scan a QR code whenever you want add a new service it's really simple. Then it will generate a random six number code every thirty seconds.
Now most of these sites are also gonna want a phone number to send SMS codes to you as a backup. In my opinion you should never use your actual phone number as this leaves you completely vulnerable to sim porting attacks. Now they don't happen as often as other types of attacks but to protect against it I never use my real cell phone number, so what do I do? I use a free service called Google voice. You choose the area in which you want to set up the number and you make a legit phone number for voip or voice over ip and it can even recieve voice messages and text messages so SMS works with it.
Then you have my favorite way of locking your accounts, the Yubikey. A Yubikey from the company Yubico is a little usbdrive, rfid chip, or a connector for iphone's charging port or one for android's charging port. The way they work for the old school ones is you put in your usb-key when you're logging in and then place your finger on the fingerprint sensor on the usb-key. Then it unlocks your account just like that. Those also have built in rfid chips so you can touch them to your phone and use them the same way. Or for phones you can get ones that just plug directly into your phones charging port and no finger touch needed.
That pretty much covers all the different ways I have gone about locking down my accounts. And while it can take a little while its really worth it. There a few things though that I will also recommend as good little habits to get into. If the exchange you're using has the feature to let you check all logged in instances of your account you should check those weekly on emails and Facebook and other social media as well. Then just remove any instances that you don't recognize. It's very good to get accustom to your home and phone public ips. These will be listed in most exchanges or email clients and you can remove any ips accessing your accounts you don't recognize. Also it's good to whitelist adresses you trust for withdrawal on exchanges that way you will be notified if a withdrawal is ever made to an address other than the ones you have whitelisted. Another step you should take is removing any wallet recovery phrases or passcodes or api keys you might have saved to your computer to a flashdrive or another pc that's never online. That way you don't have to worry about direct attacks onto your main desktop or laptop. Some people talk about carving their keys into metal and then splitting the metal and keeping one piece in a safety deposit box or vault and then usually destroying the other half then memorizing the destroyed half. That all seems like way too much work to me though for something that can be solved with a usb drive or an old pc not connected to the web.
You can also get a physical hardware wallet like the Trezor, Keepkey, or Ledger. I own a ledger but to be honest I don't use it all that often as I have always been scared of loosing the hardware wallet and then loosing all my funds that way. I loose things a lot. I do have a nice flamingo pink Ledger Nano S though and do use it from time to time.
Just remember always keep your keys safe never loose em and never forget them. Your keys are your access to your cryptos so take extra good care of em.
PS: I'm sure there a few security things I may have missed or glazed over so feel free to leave suggestions in the comments. Also all links posted below.