Cryptocurrencies_7. Mobile Security - How to safely protect your mobile wallet

Lesson 7: Mobile Security - How to safely protect your
mobile wallet

Your security habits are the one thing keeping your personal information safe, and
are especially important if you are managing your money online. Although it may
seem like a lot to set up at first, every crypto investor should take time to learn the
best practices he can use to protect himself.
There are four important topics to consider:
Firstly, we will discuss passwords.
What constitutes a password that can’t be easily broken? How can you remember all
of your passwords while keeping them secure?
For a strong, hard-to-break password, length is key. Use passwords at least 8
characters long — the longer the better. You can use either long sentences in plain
English or long randomly generated passwords. Never use obvious passwords like
12344321. These are easy to break in minutes.
Never use the same password for different websites. This is incredibly important.
To remember your passwords, use a password manager. While not 100% issue-free,
they beat everything else in terms of security/convenience ratio.

Next, we have the Two-Factor Authentication — or 2FA . This  is a second layer of
protection after a password. Why would you need such a thing? Because a
password can stay the same for a long time, so it’s a good idea to have a second
step if your password is ever broken in to or stolen.
The most optimal kind of 2FA is One-Time Password (OTP). There are others, but
most are inconvenient or less safe, so if in doubt, use OTP.
OTP is a short, usually 6-digit number generated every 60 seconds by a mobile app
such as Google Authenticator or Authy. You’ll enter this number as a secondary
password to verify you are the owner of the account.

The catch with OTP 2FA is that to set it up, you’ll need a seed number, which is
usually presented as a QR code you’ll need to scan. Be sure to save the QR code or
plain seed number somewhere safe. Otherwise, when you change your phone you
wouldn’t be able to access your account anymore and it would be complicated to get
your access back.
In this respect, Authy has an advantage over Google Authenticator in that they
backup your seeds for you, so you don’t need to do it yourself. The trade off is that
you need to trust a 3rd party with one of the layers of your personal protection.

Now we’ll discuss wallets.

All of your crypto assets are stored on a blockchain and accessed via an account. A
wallet is a way of storing your private keys to that account. There are many kinds of
wallets available, including:

Full-blown blockchain node with a wallet app running. There’re Light wallets and
there’re Hardware wallets.
A blockchain node is the most beneficial for the network, the most flexible and also
the most dangerous way of managing your wallet.
You may acquire one through Mist, Parity, Bitcoin Core, etc.
A light wallet gives you convenience for the price of foregoing control over the node.
You may acquire one through Jaxx, Myetherwallet, Electrum, etc.
A hardware wallet gives you convenience and security for the price of foregoing
control over the node and a little bit of money.
You may acquire a hardware wallet through Ledger Nano S, Trezor and KeepKey.

Backing up a keyphrase. There are many ways to do this and none of them are
either completely secure, or simple. Divide your 24-word key phrase into 2 parts,
Encrypt both of them with any encryption tool available for you, and store encryption
keys in storage services which support 2FA: Such as AWS S3, Google Drive,
Dropbox, Github and private repo.
Enable 2FA on all of them, store OTP 2FA seeds in Authy.
Put first encrypted part of the key phrase into 2 of the services, and the another part
into another 2 of them. With a setup like that your system will have 2 layers of
protection: your master password and your password for accessing Authy. Those will
be the only 2 password you’ll need to remember.

In crypto world, exchanges are a necessary evil. Many of them are not trustworthy.
Most of them get hacked semi-regularly and money gets stolen. The rule of thumb is
to never store tokens on exchanges unless you absolutely need them for trading,
meaning that you have a short term stop loss orders in place.

By following these rules you’ll be able to protect yourself better than most
participants in the markets. That will give you enough time to figure out what
personal protection rules suit you best.