#StaySAFU: 5 Security Tips From The Pros
As we get further into the StaySAFU campaign, your personal security should be improving by the minute. But there's still more to learn.
They say that if you learn from a mistake, then it isn't really a mistake. But in crypto, a mistake can cost you everything. There's no need to fall into the common pitfalls when there are industry experts willingly sharing their knowledge with you.
We got in contact with five cryptocurrency experts and asked them to give us their biggest security tip. By reading these tips, you can learn from the mistakes they have experienced or seen, so you don't make the same ones.
Jimmy Song
Jimmy is a leading Bitcoin expert, developer, and author of Programming Bitcoin: Learn How to Program Bitcoin from Scratch. Here's Jimmy's top security tip:
"Enable 2-factor authentication on everything and don't use SMS. Google Auth is better and won't expose you to sim swapping."
It's simple, straight to the point, and couldn't be more accurate. Two-factor authentication (2FA) is so easy to set up, and it vastly increases the security of your accounts. But make sure you use an authenticator app and not SMS 2FA, because SMS 2FA can be exploited.
Take note of the word 'everything' in Jimmy's advice. At Binance, we require you to switch on 2FA, as do many other crypto companies. But your security is only as strong as the weakest link. For example, if your email address is vulnerable, your account could be targetable. You should set up 2FA on every online account you can.
Jameson Lopp
Jameson is the CTO and co-founder of Casa, a multisig key security solution. Jameson dropped the following knowledge on us:
"The first step to securing your crypto assets is to take possession of your own private keys and withdraw your money from trusted third-party custodians, such as the exchange from where you purchased it.
The second step to securing your crypto assets is to take the private keys offline, ensuring that they are never on an Internet-connected device that could potentially be accessed by hackers.
The third step to securing your crypto assets is to protect your keys from being destroyed or lost by creating secure, redundant backups."
Jameson touches on one of the underpinning philosophies of cryptocurrency: not your keys, not your coins. While we provide industry-leading security on the exchange, there's no substitute for holding your private keys, particularly for funds you're not actively using.
We typically recommend that you store your long-term holdings in a cold wallet (such as a hardware wallet or air-gapped computer). Alternatively, the use of a mobile wallet such as the Binance-backed Trust Wallet allows you to manage your keys while being able to access your funds easily.
Oliver Benton (Trezor)
Oliver is an expert consultant at Trezor. He's the main contributor to Trezor Wiki and helps the Trezor team with customer support, technical writing, and other related fields. Oliver gave us an excellent overview of staying safe in crypto:
"It's no surprise that the cryptocurrency ecosystem is ripe with phishing scams of all sorts. Be it primitive impersonation techniques or sophisticated fake websites; scammers capitalize on newcomers who have not yet grasped the weight of responsibility packaged with their first purchases.
My advice? Get comfortable with being on your toes. Be cautious in situations when strangers or sites offer help while asking for your sensitive information. By rule of thumb, the trustless systems (that most cryptocurrencies and associated platforms are) should be usable without you compromising your privacy and security."
Being cautious is everything. As we've learned in this series, phishing attempts can be incredibly deceptive. You should be able to discern what is reasonable for a website to ask from you and what isn't. Wherever you are entering anything that could be deemed as private information, ensure you are in a trusted place. If you need more help avoiding phishing attempts, check out this article.
Adrijan Scekic (Cryptotag)
Adrijan is a Co-Founder of Cryptotag, a company that engraves your recovery seed in a titanium-made recovery seed backup device. Adrijan kindly shared with us some interesting insights he's picked up from meeting crypto enthusiasts around the world:
"Over the years in the crypto space, my team and I have traveled to crypto events around the world, meeting a spectrum of people from crypto newbies to die-hard crypto OGs. We've noticed that security issues aren't limited to the newbies.
Almost everyone that we talk to has been a victim in some way, whether it's being phished, scammed, or just an innocent mistake like losing a private key. Interestingly, people laugh when they lose crypto. It's almost a badge that you have to earn to become a real hodler. But it shouldn't be this way.
My advice is therefore written to cater to every kind of crypto user. It's broad, but it works. Use your common sense, always double-check, and if you think something is too good to be true, it probably is. Crypto is a representation of value just like fiat is, so treat it with respect and look out for yourself, your legacy, and your private keys."
It's interesting, and also quite troubling, to hear that all kinds of crypto users have been exposed to security problems. To create a rule that fits everyone is hard, so a broad tip like the one given by Adrijan is great. Use your common sense and respect the value of your cryptocurrency. This message actually carries a lot of meaning.
While all cryptocurrency users would agree that crypto has value, there seems to be a disconnect between crypto and true value in people's minds. It's possible it spurs from a desire to get rich quick, a burning sensation that overrides usual logic and reasoning. As such, many cryptocurrency users fall victim to phishing attempts because they don't step back and think about what they are doing. If something sounds too good to be true, you have to consider that it might be. For example, if there truly was a scheme that could return incredible interest rates every day, wouldn't more people already know about it?
The bottom line is that every time you are entering your private information or considering sending your crypto somewhere, you have to evaluate the situation properly. If you aren't completely certain, don't do it. Risking all your money for the small chance of making a small profit isn't worth it.
Viktor Radchenko (Trust Wallet)
Viktor is the founder of Trust Wallet, Binance's official mobile wallet that is decentralized and free to use. Viktor used his specialty to educate us about the dangers of complacency surrounding places that many would blindly trust:
"Mobile app phishing is dangerous because people expect the app stores to have a degree of safety. What many don't realize is fake applications slip through the cracks and appear on app stores. They pose as official apps, but they are designed to steal your private information or crypto. It's best to navigate to the app store via the official website to ensure you're at the right listing. You can also check the reviews and download numbers too to double-check you are at the right place."
Viktor's input only goes to show how careful you have to be in this space. It's fair (but wrong) to assume that app stores would be a place of safety. Unfortunately, fake applications occasionally find ways to pass the review process and appear on app stores, which is extremely dangerous because they can show up when you search for an official wallet like Trust Wallet.
This only goes to show that you must practice awareness all the time, even when you think you are safe. When you are searching for official cryptocurrency apps to download, it is best to click through the links on the official website. You can always study statistics on the page too to verify you're in the right place, such as downloads, reviews, chart positions, and more.
Don't miss out any of the upcoming #StaySAFU articles:
Available now - #StaySAFU with Binance's Security Campaign
Available now - 8 Surprising Statistics About Crypto Phishing
Available now - 5 Common Cryptocurrency Scams and How to Avoid Them
Available now - 5 Common Social Engineering and Cyber Attacks and How to Avoid Them
Available now - Secure Your Binance Account in 7 Simple Steps
Available now - #StaySAFU: 5 Security Tips From The Pros
Available now - How to Secure Your Cryptocurrency
Coming 18 June - Join the #StaySAFU Competition and Win a Share of $500 BNB
If you haven't already, make sure to follow Binance and Binance Academy on Twitter to stay up to date with the campaign's latest developments.