Skip to main content

List of security practices

Recommended practices to improve the security of your Exodus wallet and device. Best security practices to keep your crypto and wallet safe.

Disclaimer: The information contained in this document is for general informational purposes only. The information in this document is not legal advice. All information is provided in good faith. However, we make no representations or warranties of any kind, expressed or implied, regarding the accuracy or completeness of any information.

The following document outlines several security practices that are recommended for those looking to protect their information and improve their security profile. If you have any questions, please email Exodus Support at [email protected] or visit the messenger (purple chat icon in the bottom-right corner) to start a chat.

Need a crypto wallet that gives you full control of your assets? You can download Exodus here.

In this article:

Lee este artículo en Español | Read this article in Spanish

What practices can I follow to improve my security?

Below are recommended practices when using your Exodus crypto wallet and Exodus Pay to protect your information and improve your security profile. Protect your crypto and account, and stay safe online.

12-word secret key storage

Please store your 12-word secret key (also known as a 12-word secret recovery phrase) in a safe place. Never store it as an unencrypted digital copy, such as a photo, file on your device, thumb drive, or email.

Ensure you are the only one who can access your secret key and never let anyone see it. Never view your secret key in public or where others can view it, and make sure that there are no cameras that can record or view it.

  • If you store a digital copy, it may be vulnerable to theft if you inadvertently download something malicious. Many devices back up data to cloud storage, which can be accessed via password/e-mail address leaks.

  • The secret key is the master key to your entire wallet. Storing it properly is of the utmost importance.

For more information on how to keep your secret key safe, visit: How do I keep my secret key safe?

On iOS, your Exodus app's iCloud backup might contain your secret key. If someone gets access to your device, they could use it to access your iCloud backup and get access to your Exodus wallet and funds. To avoid this, delete old Exodus app iCloud backups by following Apple's guide: Manage your iCloud storage.

Before deleting, ensure you have written down your 12-word secret key.

If you've backed up Exodus Mobile with a passkey and iCloud, your backup file is stored in your iCloud account. Don't delete your backup file or passkey. You won't be able to restore with your passkey and iCloud if you delete them. Only delete old Exodus app iCloud backups.

Private keys

Do not copy your private keys from Exodus unless absolutely necessary, do not save them electronically, and do not enter them into wallets, websites, or services you don't trust 100%.

If you need to view your private keys, ensure you view them in a secure location where only you can see them. Never view your private keys in public or where others can view them, and make sure that no cameras can record or view your private keys.

  • If the secret key is the master key to your entire wallet, you can think of a private key as the individual key to the respective asset in your wallet.

For more information on how to keep your private keys safe, visit: How do I keep my private keys safe?

Passkeys

When it's possible, use a passkey to securely sign in without using a password.

Passkey manager often uses your device’s security, such as Face ID, a PIN, or a password, to access or create passkeys.

  • Get familiar with your passkey manager and the options available if you need to recover access to your account and the passkeys.

  • Only approve passkey requests that you initiated on a trusted website or app.

  • Keep your device and passkey manager secure using Face ID, a PIN, or a strong password.

  • Do not share access to your device or your passkey manager with anyone.

For information about using passkeys with Exodus Pay or your Exodus crypto wallet, visit:

Passwords

Use a strong, unique password for all of your wallets and accounts. This will lower the likelihood of your devices and accounts being compromised.

  • Avoid reusing passwords or variations of passwords.

  • Do not allow your browser to autofill your passwords. Instead, use a password manager for this.

  • Using a password manager to store and create your passwords is a great way to ensure your passwords are strong and unique.

For more information, please visit: How do I set a strong password?

Hardware wallets

If you store significant amounts of cryptocurrencies, use a hardware wallet. Hardware wallets are resistant to most types of malware and, therefore, are safer for storing your funds.

  • Your private keys are kept offline and off computers, eliminating the risk of being stolen or copied.

  • The most popular hardware wallets are Trezor, Ledger, and KeepKey.

If you're interested in using your Trezor or Ledger with Exodus, check out the following:

2FA

Enable 2FA on all of your online accounts. This includes email, exchange, and social media accounts.

  • Avoid SMS & email-based 2FA as a SIM swap or a compromised email account can compromise them.

  • 2FA helps neutralize the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, 2FA adds an extra layer of protection.

  • Google Authenticator and Authy are two popular 2FA applications.

  • Yubikey is a popular USB device that offers 2FA.

If you're wondering why Exodus can't support 2FA, you can read more here: Does Exodus support 2FA?

Phone number

Protect your phone number. It is used with Exodus Pay and the Exodus Spend Card to verify your identity and access your accounts with one-time verification codes.

  • Keep your phone number private. Do not share it publicly. Only share your number with people or services you know and trust.

  • Be cautious of SIM swap scams or any unexpected changes to your mobile service account.

  • If your phone number changes, update it in your accounts as soon as possible. To learn more, email Exodus Support at [email protected] or start a chat in the messenger (purple chat icon in the bottom-right corner).

One-time verification codes

A one-time verification code, or one-time password (OTP), is a temporary code sent by SMS or email to confirm access to your phone number or email address.

In Exodus They are used when signing up or logging in to Exodus Pay and the Exodus Spend Card.

  • Never share your verification codes with anyone.

  • Exodus Support will never ask for your verification codes.

  • If you receive a verification code you did not request, do not use or share it, in case someone is trying to access your account.

Operating systems

Use a legitimate version of your operating system. This is imperative to maintaining the security of your system.

  • Using a legitimate version of your operating system allows you to access the latest security updates and features.

  • Without these security updates and features, your system is more susceptible to an attack.

  • The cost of an operating system is low compared to the damage an illegitimate version could do.

Downloading material

Do not download torrented, cracked, pirated programs, or other such material onto your computer. These programs are often unsafe and can contain malware. If your computer has malware, your funds or other sensitive info won't be safe.

  • Do not download or open any material from a source you do not trust or know.

  • If you receive a strange e-mail/link/file from a contact of yours, verify that they sent the information before opening any attachments.

  • Only download software from official sources.

Removing malware

If you ever suspect that your computer may have malware or viruses, the only way to make sure it's clean again is a clean installation of your OS.

  • Save your personal documents on an external drive and follow the instructions in the following articles to install your OS fresh. Do not save any torrented or pirated material. Ensure you completely delete your hard drive and personal files.

  • Here are the instructions on how to do this (from Microsoft and Apple):

Antivirus and firewall

Use a firewall and antivirus program, and keep them up-to-date. But remember that neither can guarantee a clean system if you don't follow safe browsing and downloading habits.

  • Antiviruses can only detect malware they are programmed to detect and cannot be relied upon to detect 100% of the malware out there, because it constantly evolves.

DApps and web3 apps

Never enter your 12-word secret key or private keys into a dApp or web3 app. If a web3 app requests your secret key or private keys, it is trying to steal your crypto.

A fair amount of risk is involved with using web3 apps, either from the rules of using the app itself or bad actors hacking it to steal your crypto. Always do your research before interacting with a web3 app.

For more information on how to stay safe while using web3 apps, please visit: Safety and security for DeFi and Web3.

Related Articles
Getting started with the Exodus crypto wallet?
How do I always have access to my wallet with my 12-word secret key?
How do I keep my money safe? How to store cryptocurrency safely
I noticed an unauthorized transaction in my Exodus wallet. What should I do next?
Getting started with Trezor Safe 7 on Exodus Mobile
Did this answer your question?