All Collections
List of security practices
List of security practices

Recommended practices to improve the security of your Exodus wallet and device. Best security practices to keep your crypto and wallet safe.

Updated over a week ago

Disclaimer: The information contained in this document is for general informational purposes only. The information in this document is not legal advice. All information is provided in good faith. However, we make no representations or warranties of any kind, expressed or implied, regarding the accuracy or completeness of any information.

The following document outlines several security practices that are recommended for those looking to protect their information and improve their security profile. If you have any questions, please contact [email protected] for further information.

Need a crypto wallet that gives you full control of your assets? You can download Exodus here.

In this article:

What are some practices I can follow to improve my security?

Listed below are recommended practices to protect your information and improve your security profile. Protect your crypto and stay safe online.

12-word secret recovery phrase storage

Please store your 12-word secret recovery phrase in a safe place. Never store it as an unencrypted digital copy, such as a photo, file on your device, thumb drive, or email.

Ensure you are the only one who can access your secret recovery phrase, and never let anyone see it. Never view your secret recovery phrase in public or where others can view it, and make sure that there are no cameras that can record or view your secret recovery phrase.

  • If you store a digital copy, it may be vulnerable to theft if you inadvertently download something malicious. Many devices back up data to cloud storage which can be accessed via password/e-mail address leaks.

  • If you have an iOS device, be aware that your iCloud backup might contain your 12-word secret recovery phrase. If someone gets access to your device, they could gain access to your secret recovery phrase, and your funds. Because of this, it is important to delete old iCloud backups. To learn how, please visit Apple's support article: Manage your iCloud storage.

  • The secret recovery phrase is the master key to your entire wallet. Storing it properly is of the utmost importance.

For more information on how to keep your secret recovery phrase safe, visit: How do I keep my secret recovery phrase safe?

Private keys

Do not copy your private keys from Exodus unless absolutely necessary. Do not save them electronically. Do not enter them into wallets, websites, or services you don't trust 100%.

If you need to view your private keys, make sure you view them in a secure location where only you can see them. Never view your private keys in public or where others can view them, and make sure that there are no cameras that can record or view your private keys.

  • If the secret recovery phrase is the master key to your entire wallet, you can think of a private key as the individual key to the respective asset in your wallet.

For more information on how to keep your private keys safe, visit: How do I keep my private keys safe?


Use a strong, unique password with all of your wallets and accounts. This will lower the likelihood that your devices and accounts will be compromised.

  • Avoid reusing passwords or variations of passwords

  • Do not allow your browser to autofill your passwords. Instead, use a password manager for this.

  • Using a password manager to store and create your passwords is a great way to ensure your passwords are strong and unique.

For more information, please visit: How do I set a strong password?

Hardware wallets

If you store significant amounts of cryptocurrencies, use a hardware wallet. Hardware wallets are resistant to most types of malware and therefore are a lot safer to store your funds in.

  • Your private keys are kept offline and off of computers eliminating the risk of being stolen or copied

  • The most popular hardware wallets are Trezor, Ledger, and Keepkey

If you're interested in using your Trezor with Exodus, check out: Getting started with Exodus and Trezor.


Enable 2FA on all of your online accounts. This includes email, exchange, and social media accounts.

  • Avoid SMS & email-based 2FA as they can be compromised by a SIM swap or compromised e-mail account

  • 2FA helps neutralize the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, 2FA adds an extra layer of protection.

  • Google Authenticator and Authy are two popular 2FA applications

  • Yubikey is a popular USB device that offers 2FA

If you're wondering why it's not possible for Exodus to support 2FA, you can read more here: Does Exodus support 2FA?

Operating systems

Use a legitimate version of your operating system. This is imperative to maintaining the security of your system.

  • Using a legitimate version of your operating system allows you to access the latest security updates and features

  • Without these security updates and features, your system is more susceptible to an attack

  • The cost of an operating system is low compared to the damage an illegitimate version could do

Downloading material

Do not download any torrented, cracked, or pirated programs, or other such material, onto your computer. These programs are often riddled with malware. If your computer has malware, your funds or other sensitive info won't be safe.

  • Do not download or open any material from a source you do not trust or know

  • If you receive a strange e-mail/link/file from a contact of yours, verify that they sent the information before opening any attachments.

  • Only download software from official sources

Removing malware

If you ever suspect that your computer may have malware or viruses, the only way to make sure it's clean again is a clean installation of your OS.

  • Save your personal documents on an external drive and follow the instructions in the following articles to do a fresh installation of your OS. Do not save any torrented/pirated material. Make sure that you completely delete your hard drive, removing your personal files as well.

  • Here are the instructions on how to do this (from Microsoft and Apple):

Antivirus and firewall

Use a firewall and antivirus program, and keep them up-to-date. But remember that neither of them can guarantee a clean system if you don't follow safe browsing and downloading habits.

  • Antiviruses are only able to detect malware they are programmed to detect and cannot be relied upon to detect 100% of the malware out there, because malware is constantly evolving

DApps and web3 apps

Never enter your 12-word secret recovery phrase or private keys into a dApp or web3 app. If a web3 app requests your secret recovery phrase or private keys, it is trying to steal your crypto.

There is a fair amount of risk involved with using web3 apps that either stem from the rules of using the app itself, or bad actors hacking the app to steal your crypto. Always do your research before interacting with a web3 app.

For more information on how to stay safe while using web3 apps, please visit: Safety and security for DeFi and Web3.

Did this answer your question?