Panama Crypto (@Panama_TJ) recently published a blog post titled, “The Ten Commandments of Crypto Security.” Panama Crypto cautions that he isn’t an info-sec expert. He is, however, very paranoid about his personal crypto security.

“I am no “info-sec” expert, but paranoia can go at lengths to keep you safe from any harm it may come your way. As mentioned on previous articles, safety was one of my primary concerns before entering fully in crypto.”

Panama Crypto recommends users follow his ten commandments of crypto security, which range from specific hardware wallet security practices to use, to common sense tactics like not flashing your crypto riches around.

“If you follow the Ten Commandments of crypto security, you can be certain the god of security will keep you safe from the dark forces of hackers.”

Panama Crypto’s list of the 10 Commandments of Crypto Security

1. Avoid Using SMS 2FA on Your Accounts

Most security experts recommend setting up two factor authentication (2FA) on your account. 2FA means you need to input a second identification verification in order to gain access to your account.

Panama Crypto, however, recommends not using SMS-based 2FA on your accounts. The reason? It’s too easy to port a phone these days. That means somebody that isn’t you could claim your phone number, then divert every call or SMS to a new device.

2. Setup 2FA or U2F on Your Accounts

Panama TJ, understandably, is still a fan of two factor authentication overall. He recommends setting up 2FA using Google Authenticator or Authy, which produce a Time-based One-Time Passcode (TOTP) directly within the app.

Crypto TJ also recommends U2F 2FA, or Universal 2nd Factor Two Factor Authentication. Under U2F, someone would need to gain access to your U2F key.

3. Get and Use a Hardware Wallet

Simply getting a hardware wallet isn’t enough: some people buy a hardware wallet and then rarely use it. In any case, without a hardware wallet, you don’t truly own your private keys. If you keep your cryptocurrencies in an exchange, then your private keys belong to the exchange – not to you. There have been numerous instances of major exchanges getting hacked and losing all customer funds.

Panama TJ recommends using the U2F functionality on hardware wallets like Ledger and Trezor.

4. Don’t Flash Your Crypto Wealth Around

You don’t have to look far on the internet to find people bragging about their crypto wealth. Some people love talking about how much BTC they bought when it was under $1,000 or under $100 or even under $10.

Flashing your crypto wealth around makes you a target for online hackers and scammers. We saw streamer Ian Balina lose an enormous amount of money in the middle of a livestream back in April, for example.

But the consequences of flashing your crypto wealth may be far more serious: it exposes you to real-world criminals. You might have the most secure private keys, but that doesn’t matter if someone is able to acquire your private keys under duress – say, by abducting a family member or torturing you.

5. Be Anonymous

There’s no advantage to exposing your real name to the crypto community. Stay anonymous. It adds another layer of security to your crypto funds.

6. Avoid Doxing Yourself by Posting Photos or Other Info Online

It’s easy to dox yourself online – or reveal your real-world name and location – even when you’re being anonymous. Something as simple as sharing a picture of a beer on your deck, for example, can reveal your location.

You don’t have to look far online to find instances of people doxing themselves with the bare minimum of information. Remember the time people on 4chan used star movements and flight patterns to track down the location of Shia Labeouf’s art exhibit? All they had was a picture of a flag against a sky – that’s it. Think of how quickly someone can find your location with a picture of your local bar or the street in front of your home.

7. Use Different Email Addresses for Different Types of Accounts

Using different email addresses is a great way to stay anonymous and private online. Use different email addresses for your social media and exchange accounts. Someone might be able to hack your social media accounts, for example, but they wouldn’t be able to access your exchange accounts.

Needless to say, you should absolutely avoid using the same password across all your email addresses and accounts.

8. Bookmark Websites

This one is a little surprising: Crypto TJ recommends bookmarking websites in your browser. The reason? You can avoid phishing attempts.

Let’s say you want to log into Binance. You might type Binance into your browser search bar and get to the Google Search results page for Binance. You might inadvertently click on a phishing site – like Binancex.com – listed on your search results page. By the time you’ve realized it’s a phishing site, you’ve already entered your email address and password.

Bookmark websites you frequently visit. Or, type your website carefully into the address bar each time.

9. Use VPNs

Using VPNs is always a good security tip. This is particularly important if you’re using untrusted Wi-Fi. Obviously, you shouldn’t be doing any crypto-related work on untrusted Wi-Fi, but if you have to do it, then use a VPN.

10. Use an Antivirus and a Firewall

The final commandment of crypto security is to use an antivirus and a firewall. Antivirus protects your computer from malware. This can help you avoid being attacked when you accidentally download a shady wallet or mining software online.

Meanwhile, a firewall protects you against unwanted connections to your computer.

I just published “The Ten Commandments of crypto security” https://t.co/ZTDsudBFFO — Panama Crypto ⚡ (@Panama_TJ) June 25, 2018

Conclusion

Good crypto security can be the difference between losing or keeping millions of dollars. You can view Panama_TJ’s full list of the 10 Commandments of crypto security here. Or, follow him on Twitter @Panama_TJ.