The Do's and Don'ts of Digital Currency: Security

The world of cryptocurrency can be both exciting and rewarding, however, due to its volatile nature and infancy, it can also be very risky. If you’re new to the crypto space, after a good refresher course or want to buy ethereum (or other cryptocurrencies), keep reading to find out the Do’s and Don’ts of password and account security.

You are responsible for your usernames and passwords used to authenticate your identity. In most instances, you’re also responsible for any activity performed under your own account, even if the account is signed into by a third party. This is why it is crucial to understand the importance of your password and account security.

DO: Secure your email address with two-factor authentication

Your username (generally your email address) and password are the digital keys to access all sorts of online products and services. However, a username and password aren’t enough to protect your account. Your email address helps identify who you are on the Internet. If your email address is compromised, all of the services you use that email address are also at risk.

Enabling two-factor authentication offers an extra line of defense, and helps protect your account in the event your account is compromised by a third party. Most well-known services support this, including Google, Twitter, Facebook, and CoinJar. You should never share an Enhanced Security or two-factor authentication code with anyone.

DO: Check your sign in credentials across previous data breaches

HaveIBeenPwned (HIBP) is an online service that allows you to check if your email address (and associated account data) has been involved in a data breach or leak.  With more and more data being stored online by companies, our data is a prime target for malicious third parties.

Enter your email address and you’ll be able to see if your data has been compromised in a past breach. If your data has been listed as compromised, you will need to change any passwords for those services, as well as any services that use a similar or the same password.

You can sign up to receive notifications about when a breach occurs involving your email address here.

DO: Secure your account information in a password manager

When you access multiple online services a day, you need to remember multiple of credentials and have multiple unique passwords. Keeping your sign in credentials conveniently accessible and close by is good, but keeping your sign in credentials secure and conveniently accessible is better. Humans can only remember so many passwords, and friends don’t let friends re-use passwords – which is where Password Managers come in.

Unfortunately, credentials that are conveniently accessible for a third party (written down on paper, stored in unsecured notes on your smartphone, or kept in a file on your computer) are a security risk. Password managers secure your credentials and documents and significantly reduce the security risk commonly associated with storing passwords on paper or devices.

Some password manager services offer features like 1Password’s Watchtower to keep an eye on leaked or breached services. No matter what you’re doing on the Internet, you should have a password manager to protect your online security.

DON’T: Sign in from an unknown or public computer

Public or unknown computers are just that – public and unknown. When you access a public computer (those provided at schools, libraries and government offices) remember that the computer has been accessed and used by many people before you. There is no guarantee that it won’t have malicious software installed.

Publicly accessible computers are an easy target for malicious third parties attempting to steal sign-in credentials from unsuspecting people. If you need to sign in to a device not owned by you, make sure you have enabled Enhanced Security for your CoinJar. After you’ve signed in to an unknown or public device, we recommend changing your password on a trusted device.

DON’T: Share your username or password with others

As a general rule of thumb, you should never share your password with anyone.  Avoid writing your password down and, where possible, avoid keeping paper copies of passwords, or storing passwords in public places. CoinJar will never ask you for your password.

If you are unsure or suspicious of anything, or if you have any questions at all, please don’t hesitate to reach out to our Customer Support team at

Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 minutes to learn more:

Cryptoassets traded on CoinJar UK Limited are largely unregulated in the UK, and you are unable to access the Financial Service Compensation Scheme or the Financial Ombudsman Service. We use third party banking, safekeeping and payment providers, and the failure of any of these providers could also lead to a loss of your assets. We recommend you obtain financial advice before making a decision to use your credit card to purchase cryptoassets or to invest in cryptoassets. Capital Gains Tax may be payable on profits.​​

CoinJar’s digital currency exchange services are operated in Australia by CoinJar Australia Pty Ltd ACN 648 570 807, a registered digital currency exchange provider with AUSTRAC; and in the United Kingdom by CoinJar UK Limited (company number 8905988), registered by the Financial Conduct Authority as a Cryptoasset Exchange Provider and Custodian Wallet Provider in the United Kingdom under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (Firm Reference No. 928767).