List of security practices

Disclaimer: The information contained in this document is for general informational purposes only. The information in this document is not legal advice. All information is provided in good faith, however, we make no representations or warranties of any kind, expressed or implied, regarding the accuracy or completeness of any information.

The following document outlines several security practices that are recommended for those looking to protect their information and improve their security profile. Should any questions arise, feel free to contact [email protected] for further information.

In this article:

Lee este artículo en Español | Read this article in Spanish

12-word secret recovery phrase storage

  • Store your 12-word phrase physically in a safe place. Never store it in a digital format such as a photo, file on your device, thumb drive, in your cloud drive, or on your email.
    • If you store it electronically, it may be vulnerable to theft if you inadvertently download something malicious. Many devices back up their data to cloud storage which can be accessed via password/e-mail address leaks
    • If you have an iOS device, be aware that your iCloud backup might contain your 12-word secret recovery phrase. If someone gets access to your device, they could gain access to your 12-word phrase, and your funds. Because of this, it is important to delete old iCloud backups. To learn how, please visit Apple's support article: Manage your iCloud storage.
    • The 12-word secret recovery phrase is the master key to your entire wallet. Properly storing this information is of the utmost importance.

Here is more information about The Do’s and Don’ts of 12-Word Phrases and Private Keys.

Private keys

  • Do not copy your private keys from Exodus unless absolutely necessary. Do not save them electronically. Do not enter them in wallets, sites or services you don't trust 100%.
    • If the 12-word phrase is the master key to your entire wallet, you can think of a private key as being the individual key to the respective assets in your wallet.

Here is more information about The Do’s and Don’ts of 12-Word Phrases and Private Keys.


  • Use a strong, unique password with all of your wallets and accounts. This will lower the likelihood that your devices and accounts will be compromised.
    • Avoid reusing passwords or variations of passwords
    • Do not allow your browser to autofill your passwords. Instead, use a password manager for this.
    • Using a password manager to store and create your passwords is a great way to ensure your passwords are strong and unique. 


  • Enable 2FA on all of your online accounts. This includes email, exchange, and social media accounts. 
    • Avoid SMS & E-mail based 2FA as they are rendered useless in cases of a Sim Swap or compromised e-mail account
    • 2FA helps neutralize the risks associated with compromised passwords. If a password is hacked, guessed, or even phished.
    • Google Authenticator and Authy are two of the most popular 2FA applications
    • Yubikey is a popular USB device that offers 2FA

Operating systems

  • Use a legitimate version of your operating system. This is imperative to maintaining the security of your system. 
    • Using a legitimate version of your operating system allows you to access the latest security updates and features
    • Without these security updates and features, your system is more susceptible to an attack
    • The cost of an operating system is low compared to the damage an illegitimate version could do

Downloading material

  • Do not download any torrented, cracked, or pirated programs, or other such material, onto your computer. These programs are often riddled with malware and if your computer has malware your funds or other sensitive info will not be safe.
    • Do not download/open any material from a source you do not trust or know
    • If you receive a strange e-mail/link/file from a contact of yours, verify that they sent the information before opening any attachments.
    • Only download software from official sources

Removing malware

  • If you ever suspect that your computer may have malware or viruses, the only way to make sure it's clean again is a clean installation of your OS. 
    • Save your personal documents on an external drive and then follow the instructions in this article to do a fresh installation of your OS. Do not save any torrented/pirated material. Make sure that you completely delete your hard drive, removing your personal files as well. 
    • Windows
    • MacOS

Antivirus and firewall

  • Use a firewall and antivirus program, and keep them up-to-date. But remember that neither of them can guarantee a clean system if you don't follow safe browsing and downloading habits.
    • Antiviruses are only able to detect malware they are programmed to detect and cannot be relied upon to detect 100% of the malware out there as malware is constantly evolving

Hardware wallets

  • If you are storing any significant amount of cryptocurrencies, use a hardware wallet. Hardware wallets are resistant to most types of malware and therefore are a lot safer to store your funds in.
    • Your private keys are kept offline and off of computers eliminating the risk of being stolen or copied
    • The most popular hardware wallets are: Trezor, Ledger, Keepkey


  • Never enter your 12-word secret recovery phrase or private keys into a dApp. If a dApp requests your 12-word phrase or private keys, it is trying to steal your crypto.
  • There is a fair amount of risk involved with using dApps that either stem from the rules of using the dApp itself, or bad actors hacking the dApp to steal your crypto. Always do your research before interacting with a dApp. For more information on how to stay safe with using dApps, see our article Safety and security for DeFi and dApps.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.