๐ชSecurity Best Practices
It is important to keep your private keys safe, because when you do, you keep your digital assets safe as well. Follow our suggested practices to assure that your coins are fully protected.
Passwords:
For a strong, hard-to-break password, length and character types are key. To assure that your password is secure, use these guidelines:
Use passwords that are at least 20 characters long. The longer, the better. You can use either long sentences in plain English or long randomly generated passwords such as The-white-fox-jumps-over-a-sleepy-cat-on-a-sunny-day3752 or oDbaEGY+z}aMJwj6dKnDiA9dvXGy(w4^q7Lr+(.
Be sure that your password has uppercase letters, lowercase letters, symbols, and numbers. Variations in character type make your password more difficult to decode.
Never use obvious passwords. This includes passwords like abc1234 or myun1quepa55word.
Do not recycle passwords. Never use the same password for different websites.
Use a password manager. While not 100% issue-free, they beat everything else in terms of security/convenience ratio.
Two-Factor Authentication:
Two-factor authenticationโor 2FA โ is a second layer of protection after a password. Since a password can stay the same for a long time, itโs a good idea to have a second step if your password is ever broken or stolen.
The most optimal kind of 2FA is a One-Time Password (OTP). OTPs are short numbers generated every 60 seconds by a mobile app such as Google Authenticator or Authy. You will enter the numeric string as a secondary password to verify that you are the owner of the account.
There are also other methods of 2FA, like SMS. However, SMS 2FA can be even less safe than a singular password, so if in doubt, use OTPs.
Wallets:
All of your crypto assets are stored on a blockchain and accessed via an account. A wallet is a way of storing your private keys to that account.
There are many kinds of wallets available, including the following:
Blockchain node with a wallet app running. A blockchain node is the most beneficial for the network, the most flexible, and also the most dangerous way of managing your wallet. Representatives: Mist, Parity, Bitcoin Core, etc.
Light wallet. A light wallet gives you convenience for the price of foregoing control over the node. Representatives: Exodus, Jaxx, MyEtherWallet, Electrum, etc.
Hardware wallet. A hardware wallet gives you convenience and security for the price of foregoing control over the node. You will also spend some fiat or crypto to purchase one. Representatives: KeepKey, Ledger Nano S, Trezor.
Exchanges:
The rule of thumb is to never store tokens on exchanges unless you absolutely need them for trading (e.g. you have short-term stop-loss orders in place).
Always Double-Check Your Work When Using ShapeShift:
To assure that your digital assets do not fall into the wrong hands, there are a few steps you can take. Always be sure to:
Check the URL of the website you are on. Do not click on ShapeShift Ads - even on Google! Go directly to the site by typing in shapeshift.com in the search bar. We recommend bookmarking the website after you successfully visit it the first time.
Copy and paste wallet addresses. Never hand-type an address.
Beware of phishing scams. Always be sure to go directly to shapeshift.com. Do not follow e-mail links, do not click on Slack links, and do not click on random links that are sent to you. Keep in mind that many of them copy interfaces directly, so it is important to read the address rather than rely on the appearance of a website. We must be vigilant to protect our assets against these scammers.
Be Safe Out There:
If you follow security practices diligently, you can keep your digital assets safe. ShapeShift wants all of our users to protect what is rightfully theirs, and these security measures can help you do just that.
Last updated