Page last updated: September 21, 2023
With interest in cryptocurrencies growing, learning best practices when using cryptocurrency is essential. Crypto can be fun and exciting, but there are also serious risks. If you put in this small amount of upfront work, you can mitigate these risks.
Over 80% of account hacks are a result of weak or stolen passwords(opens in a new tab). A long combination of characters, numbers and symbols is best to keep your accounts secure.
A common mistake individuals make is using a combination of two to three common, related dictionary words. Passwords like this are insecure because they are prone to a simple hacking technique known as a dictionary attack(opens in a new tab).
Example of a weak password: CuteFluffyKittens! Example of a strong password: ymv\*azu.EAC8eyp8umf
Another common mistake is using passwords that can be easily guessed or found out through social engineering(opens in a new tab). Including your mother's maiden name, the names of your children or pets, or dates of birth in your password is not secure and will increase the risk of your password getting hacked.
- Make passwords as long as allowed by either your password generator or the form you're filling out
- Use a mixture of uppercase, lowercase, numbers and symbols
- Don't use personal details, such as family names, in your password
- Avoid common dictionary words
A strong password doesn't provide as much protection if the password is revealed in a data breach. The website Have I Been Pwned(opens in a new tab) allows you to check if your accounts were involved in any data breaches stored in their database. If they have, you should change pwned passwords immediately. Using unique passwords for every account lowers the risk of hackers getting access to all of your accounts when one of your passwords is compromised.
Remembering strong, unique passwords for every account you have isn't ideal. A password manager offers a secure, encrypted store for all your passwords that you can access through one strong master password. They also suggest strong passwords when signing up for a new service, so you don't have to create your own. Many password managers will also tell you if you have been involved in a data breach, allowing you to change the passwords before any malicious attacks.
- Bitwarden(opens in a new tab)
- KeePass(opens in a new tab)
- 1Password(opens in a new tab)
- Or check out other recommended password managers(opens in a new tab)
To prove you are actually you, there are different unique proofs that can be used for authentication. These are known as factors and the three main factors are:
- Something you know (such as a password or security question)
- Something you are (such as a fingerprint or iris/facial scanner)
- Something you own (a security key or authentication app on your phone)
Using Two-Factor Authentication (2FA) provides an additional security factor for your online accounts so that knowing your password alone (something you know) is not enough to access an account. Most commonly, the second factor is a randomized 6-digit code, known as a time-based one-time password (TOTP), that you can access through an authenticator app such as Google Authenticator or Authy. These work as a "something you own" factor because the seed that generates the timed code is stored on your device.