Disclaimer: The information contained in this document is for general informational purposes only. The information in this document is not legal advice. All information is provided in good faith. However, we make no representations or warranties of any kind, expressed or implied, regarding the accuracy or completeness of any information.
The following document outlines several security practices that are recommended for those looking to protect their information and improve their security profile. If you have any questions, please contact [email protected] for further information.
Need a crypto wallet that gives you full control of your assets? You can download Exodus here.
In this article:
What are some practices I can follow to improve my security?
Listed below are recommended practices to protect your information and improve your security profile. Protect your crypto and stay safe online.
12-word secret recovery phrase storage
Please store your 12-word secret recovery phrase in a safe place. Never store it as an unencrypted digital copy, such as a photo, file on your device, thumb drive, or email.
Ensure you are the only one who can access your secret recovery phrase, and never let anyone see it. Never view your secret recovery phrase in public or where others can view it, and make sure that there are no cameras that can record or view your secret recovery phrase.
If you store a digital copy, it may be vulnerable to theft if you inadvertently download something malicious. Many devices back up data to cloud storage which can be accessed via password/e-mail address leaks.
The secret recovery phrase is the master key to your entire wallet. Storing it properly is of the utmost importance.
For more information on how to keep your secret recovery phrase safe, visit: How do I keep my secret recovery phrase safe?
On iOS, your Exodus app's iCloud backup might contain your secret recovery phrase. If someone gets access to your device, they could use it to access your iCloud backup and get access to your Exodus wallet and funds. To avoid this, delete old Exodus app iCloud backups by following Apple's guide: Manage your iCloud storage.
Before deleting, ensure you have written down your 12-word secret recovery phrase.
If you've backed up Exodus using the backup vault, your backup file and passkey are stored in your iCloud account. Don't delete your backup file or passkey. You'll not be able to restore with the backup vault if you delete them. Only delete old Exodus app iCloud backups.
Private keys
Do not copy your private keys from Exodus unless absolutely necessary. Do not save them electronically. Do not enter them into wallets, websites, or services you don't trust 100%.
If you need to view your private keys, make sure you view them in a secure location where only you can see them. Never view your private keys in public or where others can view them, and make sure that there are no cameras that can record or view your private keys.
If the secret recovery phrase is the master key to your entire wallet, you can think of a private key as the individual key to the respective asset in your wallet.
For more information on how to keep your private keys safe, visit: How do I keep my private keys safe?
Passwords
Use a strong, unique password with all of your wallets and accounts. This will lower the likelihood that your devices and accounts will be compromised.
Avoid reusing passwords or variations of passwords
Do not allow your browser to autofill your passwords. Instead, use a password manager for this.
Using a password manager to store and create your passwords is a great way to ensure your passwords are strong and unique.
For more information, please visit: How do I set a strong password?
Hardware wallets
If you store significant amounts of cryptocurrencies, use a hardware wallet. Hardware wallets are resistant to most types of malware and, therefore, are a lot safer to store your funds in.
Your private keys are kept offline and off of computers eliminating the risk of being stolen or copied
The most popular hardware wallets are Trezor, Ledger, and Keepkey
If you're interested in using your Trezor or Ledger with Exodus, check out the following:
2FA
Enable 2FA on all of your online accounts. This includes email, exchange, and social media accounts.
Avoid SMS & email-based 2FA as they can be compromised by a SIM swap or compromised e-mail account
2FA helps neutralize the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, 2FA adds an extra layer of protection.
Google Authenticator and Authy are two popular 2FA applications
Yubikey is a popular USB device that offers 2FA
If you're wondering why it's not possible for Exodus to support 2FA, you can read more here: Does Exodus support 2FA?
Operating systems
Use a legitimate version of your operating system. This is imperative to maintaining the security of your system.
Using a legitimate version of your operating system allows you to access the latest security updates and features
Without these security updates and features, your system is more susceptible to an attack
The cost of an operating system is low compared to the damage an illegitimate version could do
Downloading material
Do not download any torrented, cracked, or pirated programs, or other such material, onto your computer. These programs are often riddled with malware. If your computer has malware, your funds or other sensitive info won't be safe.
Do not download or open any material from a source you do not trust or know
If you receive a strange e-mail/link/file from a contact of yours, verify that they sent the information before opening any attachments.
Only download software from official sources
Removing malware
If you ever suspect that your computer may have malware or viruses, the only way to make sure it's clean again is a clean installation of your OS.
Save your personal documents on an external drive and follow the instructions in the following articles to do a fresh installation of your OS. Do not save any torrented/pirated material. Make sure that you completely delete your hard drive, removing your personal files as well.
Here are the instructions on how to do this (from Microsoft and Apple):
Antivirus and firewall
Use a firewall and antivirus program, and keep them up-to-date. But remember that neither of them can guarantee a clean system if you don't follow safe browsing and downloading habits.
Antiviruses are only able to detect malware they are programmed to detect and cannot be relied upon to detect 100% of the malware out there, because malware is constantly evolving
DApps and web3 apps
Never enter your 12-word secret recovery phrase or private keys into a dApp or web3 app. If a web3 app requests your secret recovery phrase or private keys, it is trying to steal your crypto.
There is a fair amount of risk involved with using web3 apps that either stem from the rules of using the app itself, or bad actors hacking the app to steal your crypto. Always do your research before interacting with a web3 app.
For more information on how to stay safe while using web3 apps, please visit: Safety and security for DeFi and Web3.