For the crypto community, being security-minded is key. We’ve rounded up some of our top crypto security tips from our resident crypto and IT enthusiasts so you can ensure you’re using all the best practices to keep your crypto safe.



Crypto security starts with internet security

One of the most important considerations in protecting cryptocurrency is having overall good online security.

Use good passwords

The first rule in internet security - have good passwords. Good passwords are lengthy, complex and hard-to-guess. The longer, the better. Find this challenging? Probably because it is.

Password manages like Bitwarden make it easy to safely store secure passwords

Have a password manager. Bitwarden is a good one. Most password managers offer the option of generating random passwords which are complete gibberish. If you have a good password manager and can make sure to remember the one password to unlock the manager, you won’t need to worry that you haven’t a clue what your other passwords are.

If you do feel the need to create a memorable password, options for longer passwords include chained words with connectors in between - for example:

The$Brown&Fox%Ran*Into@The#Hole

Other options for password storage include keeping your passwords in a fireproof safe that only you have access to - this can be a good place to keep the password to your password manager.

Make sure you don’t reuse the same password across multiple sites. If one gets compromised, and your username is simply your email or something common such as First Initial, Last Name, a hacker can easily go down the list and get access to your information on other websites, including credit cards and addresses. Which brings up the next point….

We advise against storing your passwords in a browser (such as allowing Google chrome to remember your password). If someone gets access to your device, your passwords are easily available. Having your passwords in only one place (password manager) is more secure.

Never save passwords in browsers

Although it might not make things easier, it’s advisable to not store your credit card information on websites. Should the website get compromised, hackers can get access. Additionally, never type your credit card information into a website that isn’t encrypted - in other words - doesn’t start with ‘https’.

If you want to be extra careful when it comes to credit cards, as well as other very sensitive information, some will advise to turn off potential ‘listening’ devices (such as Alexa or Echo, or if you’re feeling skeptical, anything with the Facebook app installed) for an extra layer of protection.

Only use URLs that begin with https://

However, with all things considered - a basic consideration that can’t be overlooked - should you choose to use one, make sure to sign out of your password manager every time you are finished using it. On that same note, lock your device, especially if you’re working in a public area. Security tools only work when they’re being properly implemented.


Enable Two-Factor Security (2FA)

Another major consideration is to enable two-factor authentication anywhere and everywhere you can, especially for email and anything financial-related. One of our preferred methods of 2FA is the YubiKey, a flash drive that generates OTP codes. A sophisticated hacker can potentially get around 2FA when the code is sent via email (especially if the victim does not have all of the above recommended security practices in place).

The most secure applications and websites use 2FA to make sure you are who you say you are

Maintain internet network security

With respect to being generally security minded, some other important basics include locking your home internet with a strong password and enabling a separate guest wifi. Additionally, be cautious when joining a wifi. Most security-minded crypto enthusiasts will create a VPN (or virtual private network).

Crypto security best practices

Securing your seed phrase

One of the most important considerations for managing your crypto is properly storing your seed phrase, which is also commonly referred to as a recovery phrase. Your twelve word phrase allows you to recover your crypto on another device. Therefore, it’s extremely important that you keep store your security phrase properly, and that no one else can access it.

There are several different schools of thought related to storing the seed phrase. One way to keep your seed phrase, although not infallible, is to memorize it.

Additional recommendations include splitting up the twelve word phrase and storing it in several different locations - such as multiple fireproof safes. Some will recommend involving others to help with memorizing the phrase - having a close trusted person manage a portion of the phrase and splitting it up amongst several people, although others swear against letting anyone else know a part or all of your seed phrase.


Another potential option for your seed phrase is to encrypt it and store it in a password manager, or store parts of it in several password managers. The bottom line is to give good care to the management of your seed phrase, and to remember that you should never be giving out your phrase over the phone, via email, or to anyone who asks. No one from BitPay will ever contact you and ask you for your twelve words.

Crypto wallet security best practices

When it comes to crypto storage, there are a few basic universal rules most crypto enthusiasts agree upon. First off, don’t keep all or most of your crypto on an exchange. If your crypto is left on an exchange, there’s the risk of the exchange getting hacked or going bankrupt. The safest place to store crypto is a non-custodial wallet like the BitPay Wallet. With a non-custodial wallet, you have complete control of your private keys.


In regards to which wallet is best, there are varying opinions on the most secure types of crypto wallets (paper wallets, hardware wallets, hot storage). One thing is certain, you should not keep all your crypto in one place, especially if you have a substantial amount. This way, should one be compromised, not everything will be lost or stolen.

One security feature of the BitPay Wallet is multi-factor security, or multisig. This is the same concept as two-factor authentication. One must ‘sign off’ on a crypto transaction from multiple devices (computer, phone), which helps minimize the chance of a hacker successfully stealing crypto should they be able to get access in some way. We highly recommend enabling multisig.

Another important factor for anyone in the crypto space is to really get to know and understand how crypto is stolen. Crypto transactions are irreversible - double-checking the wallet address and making sure no one has access to your private keys are essential. Many crypto thefts come from well-targeted scams with sophisticated bait &and switch links.


Safely store assets in BitPay’s non-custodial wallet with industryleading security

Get the App

Keep your personal information personal

Be conscious of the information you’re giving out, either intentionally or unintentionally, especially on social media. For example, when checking in on social media, if you’re stating that you’re at a specific location, you’re also letting someone know you’re not at home, opening yourself up to the possibility of burglars.

Limit the information you share on social media


Many social media games involve giving out security question answers (‘enter the street you grew up on and your first model of car to find out which kind of pasta you are’) so the best advice here is to avoid engaging with these all together.

When downloading new software or apps, make sure you know where they’re coming from. Ideally, go to the app store directly, or the company’s official website. Sometimes, a quick Google of the program or app you’re looking for will lead you to a spammy site, which could result in malware getting installed on your device.

Be wary of enticing emails and webpages that may be a phishing attempt


Also, when downloading an app, it’s always good to check the permissions the app is requesting. (screenshot coming). If an app with a simple purpose, such as a timer, wants access to all other apps, locations, contacts and photos, this might signal a concern. If you can afford it, have a separate device for your banking and financials to minimize the chances of getting compromised.

Generally speaking, it’s good to avoid advertising that you have a lot of crypto. Even if you are very cautious, hackers get more and more sophisticated by the day, and publicly stating that you have crypto makes you an easy target.

Overall Security

Overall, when it comes to cybersecurity and securing your crypto, the single most important thing is to always be alert and diligent. Hackers are perpetually becoming more and more sophisticated, especially in the crypto space. There’s always a new scam, and no one wants to be patient zero. Using secure buying and storage tools, in addition to being security-minded and having overall good security practices in place across the board, are essential for crypto holders.