NFT CRYPTO SECURITY
Following is a run down on all the things you could do to be as close to 100% safe in Web3 with your NFTs and your crypto currencies. I, personally, have not done all of these actions. I recognize that I could but some tasks do seem onerous. Read this and be aware of what you can do, then decide what is needed for you to feel comfortable operating in this space.
ESSENTIAL/MUST DO NOW:
1. Open a new email account at ProtonMail.com or another comparable website that offers free accounts. Choose something other than your name for the address; this email address will be the cryptocurrency account to use for crypto-related sign-ups, marketplaces, and exchanges.
It is most likely that your primary email address is no longer secure; consider changing the password everywhere on all your accounts. You can verify that here: https://haveibeenpwned.com/.
Change your logins for all your cryptocurrency accounts to this new address and only use it for crypto accounts.
Replace all passwords with "strong" ones that are not repeatable or rememberable.
Never write down your passwords or keep them in a spreadsheet or word document; instead, use a secure password manager.
2. If you haven't already, register with 1Password or a similar service to manage your passwords and install any required iPhone, iPad, or OSX apps and browser add-ons when necessary.
Every site should have an extremely secure, one-of-a-kind password different for every single account, including any social accounts like Instagram, Twitter, Facebook, cryptocurrency accounts, etc. Changing your password blocks access to your accounts that may have been at risk. However, if that platform is compromised, personal data is now available on the dark web, but you can at least change that one password. It will take some time, but once you realize how exposed your life has been, you'll feel better when it's complete!
Never "save" your unique passwords to your browser or store them in a spreadsheet or word document.
Never use the same password more than once (e.g., Instagram, Twitter, Gmail, Bank, Amazon), etc. Anything that has a password on (Web1+2) is susceptible to hacking and is probably already for sale on the dark web (Web3 operates differently).
3. For 2FA (two-factor authorization), use "Authy" or a comparable service: it is far more secure than SMS or email.
Download Google's "Authy" or equivalent app from the App Store.
Remember to record your secret phrase on paper or keep it in 1Password as your phone could become lost.
4. Do NOT store your cryptocurrencies or NFTs in "hot wallets" like Metamask browser extensions or exchange accounts like Coinbase; instead, transfer them to your hardware wallet, also known as a "cold" wallet. It is "cold" because it is not connected to the internet and therefore inaccessible to hackers. You don't technically own your cryptocurrency if you do not have custody of it; instead, a centralized entity is holding it. Look up; "Mt Gox"
Order the Ledger Nano X or a comparable product (also available on Amazon; make sure you're ordering from Ledger's official store there).
The CryptoDad has a fantastic video that demonstrates how to set up: https://www.youtube.com/watch?v=8pJbvhuPrRQ.
TO NOTE: You can continue to use your Metamask or equivalent browser wallet extension, but you'll need to create your hardware wallet accounts separately and utilize those in their place!
Yes, transfer everything to your "Cold Wallet" accounts, be mindful and triple-check that you have correctly configured these accounts on your Ledger Live or mobile device.
Be sure to maintain your Ledger Live desktop app and device software are updated (the software will notify you).
5. Browsers: Mozilla Firefox and Brave
Brave is Chrome-based, private, and natural to cryptography. Without a doubt, Web3 pays you to browse and view advertisements.
Firefox is equally good, although it offers less anonymity and is not native to cryptography.
Ironically, the Metamask browser extension behaves somewhat differently on both browsers; but Firefox is preferred for transactions.
6. Discord: A Risky Environment, Exercise Caution
Discord was created for the gaming community and was similar to Slack but 1000 times better.
You need to master Discord if you plan on interacting with NFTs.
Disable your DMs. Accepting direct messages from strangers is strongly discouraged. Most con artists use DMs advertising a "silent drop" that links to a bogus website to con victims.
THE GRAPHIC ABOVE SHOWS HOW TO SWITCH OFF DMS, BUT DOING SO IS NOT RETROACTIVE; YOU MUST RETURN TO THE SERVERS YOU JOINED EARLIER TO DO SO.
Discord is typically not a secure environment. Many individuals have fallen for scams daily, so be prepared to receive DMs like this.
Set your visibility to invisible to avoid 99 percent of DMs (if you must keep them on, turn them off)!
Even Discord moderators and Server Administrators should set up a private channel to invite community members to or build a "ticketing system" for support concerns outside of Discord.
Be wary of any Discord direct message, even those from friends or people you know. It's possible that your friend's account got hacked or that someone is impersonating your friend to trick you ("I'm in a bind, send me 25 eth").
7. BEHAVIOR CHANGES: Don't Put This Off Any Longer!
Everyone I talk to knows someone who has been scammed, hacked, or made a costly mistake that cost them thousands of dollars in loss; it happens, but accepting the idea that you are your bank is a mindset to adopt.
Never connect your phone or computer to an insecure connection (see pro tip VPN below)
● Never give out your SEED PHRASE
● Never give out your SEED PHRASE
● Never give out your SEED PHRASE
SLOW DOWN, BE PRESENT: People make mistakes, get scammed, and lose assets when they're in a hurry.
STOP USING SMS OR EMAIL FOR 2FA; IT'S HACKABLE, AND YOU WILL LOSE YOUR CRYPTO.
NOT TO MENTION YOUR DEATH, BUT YOU WILL DIE SOMEDAY: There is no centralized authority at your bank, so consider your exit strategy for these assets and make alternate arrangements if necessary. Also, make sure your family (or friends) knows how to access them.
HOT TIPS:
8. NORD VPN: A VPN establishes a secure connection, similar to a tunnel to the internet, where people can't sniff out your passwords, etc. which also enables you to change your geo-location as desired; for example, allowing you to access your Netflix account from outside the US, etc.
Another one from CryptoDad is as follows: https://www.youtube.com/watch?v=KWPlwXCiM6I.
Download and utilize the apps for smartphones and tablets.
9. Get a separate clean/new laptop just for crypto
Thus, all cryptocurrency transactions take place on a brand-new laptop and will not be for browsing, work, etc.
Most scams exploit links in work emails, social media, etc., that keystroke logs your passwords and other information.
One good reason people adopt a pseudo-anonymous internet ID is that they are more likely to be targeted if they are openly identifiable online!
10. Gnosis Multi-signature wallet (Your “Vault” strategy)
Consider a Gnosis Multisig Wallet or something comparable after your holdings reach a certain amount, some say more than $1 million.
A multi-signature wallet offers a smart contract that requires authorization from multiple wallets for transactions.
Although not ideal for day-to-day use, this area could serve as a "vault" for crucial long-term assets.
ChangeDAO has already been used to set up a handful of them, and it's easy! Multi-signature wallets support developing a safer, more secure (and transparent) treasury since the members of a core team must approve all transactions. However, it also implies that there isn't a single point of failure where assets are at risk of being permanently destroyed if one of the team members suddenly dies. Although moving items from your vault will be more difficult, it's a beneficial technique if you need it.