The world of cryptocurrency can be both exciting and rewarding, however, due to its volatile nature and infancy, it can also be very risky. If you’re new to the crypto space or after a good refresher course, keep reading to find out the Do’s and Don’ts of password and account security.
You are responsible for your usernames and passwords used to authenticate your identity. In most instances, you’re also responsible for any activity performed under your own account, even if the account is signed into by a third party. This is why it is crucial to understand the importance of your password and account security.
DO: Secure your email address with two-factor authentication
Your username (generally your email address) and password are the digital keys to access all sorts of online products and services. However, a username and password aren’t enough to protect your account. Your email address helps identify who you are on the Internet. If your email address is compromised, all of the services you use that email address are also at risk.
Enabling two-factor authentication offers an extra line of defense, and helps protect your account in the event your account is compromised by a third party. Most well-known services support this, including Google, Twitter, Facebook, and CoinJar. You should never share an Enhanced Security or two-factor authentication code with anyone.
DO: Check your sign in credentials across previous data breaches
HaveIBeenPwned (HIBP) is an online service that allows you to check if your email address (and associated account data) has been involved in a data breach or leak. With more and more data being stored online by companies, our data is a prime target for malicious third parties.
Enter your email address and you’ll be able to see if your data has been compromised in a past breach. If your data has been listed as compromised, you will need to change any passwords for those services, as well as any services that use a similar or the same password.
You can sign up to receive notifications about when a breach occurs involving your email address here.
DO: Secure your account information in a password manager
When you access multiple online services a day, you need to remember multiple of credentials and have multiple unique passwords. Keeping your sign in credentials conveniently accessible and close by is good, but keeping your sign in credentials secure and conveniently accessible is better. Humans can only remember so many passwords, and friends don’t let friends re-use passwords – which is where Password Managers come in.
Unfortunately, credentials that are conveniently accessible for a third party (written down on paper, stored in unsecured notes on your smartphone, or kept in a file on your computer) are a security risk. Password managers secure your credentials and documents and significantly reduce the security risk commonly associated with storing passwords on paper or devices.
Some password manager services offer features like 1Password’s Watchtower to keep an eye on leaked or breached services. No matter what you’re doing on the Internet, you should have a password manager to protect your online security.
DON’T: Sign in from an unknown or public computer
Public or unknown computers are just that – public and unknown. When you access a public computer (those provided at schools, libraries and government offices) remember that the computer has been accessed and used by many people before you. There is no guarantee that it won’t have malicious software installed.
Publicly accessible computers are an easy target for malicious third parties attempting to steal sign-in credentials from unsuspecting people. If you need to sign in to a device not owned by you, make sure you have enabled Enhanced Security for your CoinJar. After you’ve signed in to an unknown or public device, we recommend changing your password on a trusted device.
DON’T: Share your username or password with others
As a general rule of thumb, you should never share your password with anyone. Avoid writing your password down and, where possible, avoid keeping paper copies of passwords, or storing passwords in public places. CoinJar will never ask you for your password.
If you are unsure or suspicious of anything, or if you have any questions at all, please don’t hesitate to reach out to our Customer Support team at firstname.lastname@example.org.