Bitcoin Best Practices

2-Factor Authentication

Always, ALWAYS enable 2-Factor Authentication if it is offered. So many bitcoins have been stolen because users are too lazy or uninformed to enable this easy to use, free, additional layer of security. I recommend using the Authy mobile application for this as it automagically keeps a backup of your 2FA keys.

Passwords

Don’t use the same password on more than one site, even if it seems unimportant. In the bitcoin world databases are frequently compromised allowing attackers to gain access to the password you are using at a particular site.

KeePass is a great, free, open source password manager. It is cross platform and even has mobile applications. I highly recommend using it in combination with DropBox to keep your KeePass Password Database in Sync on all of your devices.

Use a different, randomly generated password for each online account you have.

UPDATE Jan 2014….

I no longer use KeePassX, but rather KeePassX 2 Alpha because it provides additional features such as a history and support for KeePassX2 database files.

In addition I no longer utilize DropBox, but rather have started using BitorrentSync for a variety of reasons.

 

Storing Bitcoin

If you are going to store your bitcoin on your computer (i.e. using a wallet that runs on your computer such as the bitcoin-qt ‘official’ wallet) then be sure to encrypt the file. In addition be sure to keep a backup somewhere, this can be simply on a CDR or USB Flash Drive, just incase something happens to your computer. Once your wallet.dat file is lost, your bitcoins are lost.

Alternatively you can chose to store your bitcoins in an online wallet such as BlockChain.info’s. Again be sure to enable 2-Factor Authentication and use strong passwords.

The final option is storing bitcoins in what is known as Cold Storage, where bitcoins are stored offline, but i’m not going to get into that here, you can find more information in the Bitcoin Wiki entry for “Cold Storage.”

Update Jan 2014 – I also have put up a guide on how to setup “semi-cold” storage, for longer term cryptocurrency holdings incase cold storage is overkill.

Use a Mac

Mac’s are much more secure than PC’s in general. Enable the built in firewall. Install NoScript for your browser. Many coins are stolen because users download alt-coin clients or visit a website containing a virus. If you’re trading computer gets compromised, you’re coins can be stolen in minutes, don’t assume 2FA or other security precautions will always save you, people always find ways around it.

  • Enable FileVault encryption on your mac. It’s built in and free, and works much better than leaving everyting in your home directory unencrypted.
  • Enable your firewall. Block all incoming connections (and manually add each application that needs incoming connections to the list of exceptions).
  • Use a strong password on your user account.

Use VirtualBox

Especially if you’re going to experiment with alt-coins (bitcoin knock-off’s), be sure to glance over the wallet code before downloading it, and to always run new alt-coins in their own sandbox or virtual machine. VirtualBox is free. An alternative is to use a LiveUSB Stick for each alt-coin you are trading, but I find this to be more difficult.

If you plan to trade large amounts of any type of coin, it is best to use a completely clean, live OS running off of a CD or USB, where it’s a fresh OS every boot.

Encrypt Everything

  • Use PGP and/or SMIME to encrypt all of your email.
  • Use OTR to encrypt instant messaging (I prefer Adium for OSX).
  • Use TrueCrypt or EncFS to encrypt your documents and such.

Communication

For secure communication I recommend using Adium and forcing encryption (Adium support OTR encryption). It is also essential that you disable logging within adiums preferences otherwise all of your communications will be logged in plain text on your hard drive.

Leave a Reply