Security best practices from Freewallet Support team

25 May 2018, 13:34


Nobody ignores security recommendations, let’s say, on the road. There’s no questioning that running a red light causes accidents (and can cost you your driver’s licence).

But when it comes to online security, people often get careless as they don’t realize the direct consequences. Unfortunately, identity theft and financial scams are not that rare, so it’s your responsibility to ensure you don’t give scammers a chance.

To help you stay safe while working with your crypto coins, we made a list of basic security rules, based on the most common support request cases. They are not ground-breaking, but will help you refresh your memory of what is and isn't safe to do online.

© Approved by the Freewallet Support team


Protect your device, your email and your social media profiles

Nobody likes to be reminded of the obvious. But since you’ve started reading this, somebody  has already been hacked because of using a weak password for their email account. If you are sure you are following the basic security recommendations, just skip this part.

1. Use your devices safely

Protect your devices with PINs, passwords, and other tools of authorized access. Don’t give your devices to strangers (yes, that too can happen).

2. Install updates regularly

Like, seriously. Both on your desktop and your mobile devices. For OS and apps. Software updates often contain pieces of code that help to fight the security breaches that hackers may use to steal your data. Using the latest software version guarantees that you are safe from all the threats that the software provider knows about.

3. Use public Wifi with caution

We’re all addicted to online, and waiting another minute before getting to a safe network sometimes feels impossible. However, some public networks do not provide the necessary level of encryption, so any of the private data that you transfer through them can be stolen.

4. Use strong passwords

Yes, you’ve heard this one maybe a hundred times. Most of the apps and web services provide security recommendations for user passwords to ensure it is long and complex enough. Some services generate passwords automatically — these are authentic, hard to guess and consequently break. Yes, strong passwords are hard to remember, so if you keep forgetting them, use LastPass or a mnemonic sequences.

5. Don’t use the same password for every account

Just don’t. Even if it’s a strong one. If you do and a hacker breaks into one of your accounts, you may lose all of your personal data across your other accounts too.

6. Don’t click on suspicious links or install dubious apps

This one is obvious, but sometimes it’s hard to define suspicious. From our experience, all clickbaits are malicious. If the link promises to give you free bitcoin, knows about celebrities’ latest affairs or opens a pop up, you most definitely shouldn’t click it.

Even Google ads can be infected. In January 2017, a Ukrainian hacker group called Coinhoarder stole more that $50 million in coins from users of Blockchain.info by using malicious links in Google Ads.

This also involves not opening any attachments from unknown email senders or launching any software from unknown publishers.

Protect your crypto wallet

Cryptocurrencies and the services that work with them have always been targets for hackers. And if some areas of security are out of the common user’s control - for example, the policy about hot and cold storage - there are measures that you can take to protect your crypto wallet.

1. Don’t share your Freewallet credentials with anyone

Never share your password with anyone. Also, bear in mind that the Freewallet support team will never ask you to provide your wallet password. If someone asks you to share your password with them, it is most likely a scammer.

2. Enable 2FA

Two factor authentication is a popular way of ensuring account security. We recommend it as the best measure against unauthorized access.

3. Verify your email

Email verification is optional in Freewallet. However, as another means of security, we recommend that you do it. If you verify your email, we will be able to notify you in the event of a suspicious login attempt, or if someone tries to perform suspicious transactions with your coins.

4. Set up multi-signature transaction confirmation

Multi-signature transaction confirmation, or multisig, is a strong measure of fund protection. If you enable it, you will have to receive a confirmation from all the other accounts that you’ve enabled with this function in order to make a transaction.

At the beginning of 2018, Japanese cryptocurrency exchange Coincheck reported a loss of $534 million in NEM due to a hacker attack. The exchange stored funds in hot storage with no multisig confirmation. 

5. Watch out for scammers

This one is trickier than others, though not too tricky. If someone guarantees a 200% return on your coins in 10 minutes, they are most likely going to steal your money.

Slovenian-based bitcoin mining marketplace NiceHash lost $64 million of its users through an intricate social engineering scheme.

Social engineering has become devious, so watch out for the typical red flags: if somebody you met online is trying to manipulate you into sending them your coins or share your login information — don’t do it and warn the community.

Protect your crypto funds

Cryptocurrencies are a relatively new and thus a risky financial instrument. They are not controlled by any financial institution and are extremely volatile. Therefore, you should handle it carefully as you could lose all of the spent funds in an instant.

1. Don’t spend more on coins than you are ready to lose

Once again, cryptocurrencies are volatile. Market prognoses are not carved in stone, and the situation can change dramatically within days. Most of the financial services that work with cryptocurrencies might now allow you to withdraw your money fast, so be careful and don’t put all your eggs in one basket. Diversification is the key.  

2. Don’t participate in dubious ICOs 

Basically, do your homework before you spend your money. 

There are thousands of exciting new blockchain projects popping up every other month. Some of them are legit, some are financial pyramids. Do your research before you decide to participate in a new ICO. Don’t chase the hype — rather investigate the company behind it, learn about its owners and their previous projects, see for yourself if these are the people you can trust.

3. Educate yourself

There’s no other way to become proficient with cryptocurrencies but to be in the loop: read, communicate, experiment. Subscribe to a youtube channel, find a media with the latest news, 

Bottom line

Cryptocurrencies are an exciting new financial instrument — no wonder that they are getting more and more attention from users of all levels of expertise.

We encourage you not to ignore the best practices of online behavior. After all, these are written by our Support team, who have seen it all.