- Bitcoin wallet Casa has released a Dos and Don’ts guide on Bitcoin key management.
- The company’s co-founder, Jameson Lopp, advises on everything from 2FA authentication to dodging malware attacks in the exhaustive guide.
- Lopp is the CTO and co-founder of Casa.
How are you supposed to keep a hand on your Bitcoin keys? Since one wrong move could lose all of your holdings, it’s best to keep a tab on things. But where to start?
Handily, the Dos and Don’ts of Bitcoin Key Management, published today and written by Casa’s co-founder and CTO, Jameson Lopp, advises on everything from preventing phishing attacks to avoiding technical weaknesses.
So, what’s his advice?
Lopp opens by saying that “any trusted third party such as an exchange is a black box to you” and warns that there are actually “additional risks” from giving private keys to another person or company.
Cyber hygiene on all online accounts is a must, said Lopp, who recommends a hardware second-factor authentication (2FA).
He also suggests using dedicated hardware devices to store private keys and not to trust addresses displayed in browsers or desktop software.
As phishing attacks become frighteningly common, Lopp says Bitcoin holders should be more aware of “typosquatting”—a method that sees hackers trick people into downloading malware by using familiar-sounding but misspelled download packages so they click on them.
And ransomware attacks, which are now more widespread than ever in the Bitcoin age, can be avoided by installing authentic software and backing-up your hard drive frequently, he said.
Browser extensions can also be infected with malware so they should also be avoided—especially wallets that are browser extensions, warns Lopp.
The lengthy guide also advises against using paper wallets as they are hard to store securely and brain wallets, which can see funds “stolen in seconds.”
Lopp also highlights Bitcoin scams, which are also on the up, as a common way people lose money—as well as scammy ICOs.
Talking about Bitcoin online is also something to be avoided and the guide mentions that connecting a phone number to online accounts leads to hacks that are “so common it’s not even funny anymore.”
The guide may seem a little exhaustive for many. But for a “cypherpunk” who likes to protect his crypto with an AR-15 machine gun, security has no limits.