The amount of posts published every day on this sub about how people have lost access to their accounts or were “hacked” is getting absurd, so I thought I’d share some general notes on how you can secure your accounts **right now.**
edit: never store your seed phrase online!
1. **Stop** using the same password for more than one account. This is **the most common** way accounts get stolen. If a password you’ve used appears in a data breach then that login combination **will** be tested against various financial institutions, crypto included.
2. The same applies to email address. Stop using the same email address for more than one account. This increases your risk factor from phishing emails considerably. The way to solve this one is to use aliases. I’ve give an example with gmail, as the biggest email client out there. Imagine your email address was [email@example.com](mailto:firstname.lastname@example.org). What you can do is add a “+randomtext” after your email. So it becomes this [“email@example.com](mailto:”firstname.lastname@example.org)”. You will receive all emails as normal in your inbox. It’s important to note that “+randomtext” should really be random and not “+amazon” or “+apple” to avoid them picking up any patters as “+bank”. If an alias gets compromised, you simply change that one email and block all emails going to it.
3. Two-Factor Authentication is key (pun intended). Enable 2FA on every single account that you own and store your backup codes somewhere offline. 2FA should be your primary way to confirm logins/approve transactions.
4. Use whitelisted addresses for withdraws. If someone does get access to your account (near impossible, if you’ve done the above) then they won’t be able to take your precious coins without needing to approve a wallet address using 2FA.
5. The moment your investment becomes more than you’re willing to lose it’s time to get a hardware wallet. This point deserves it’s own post, so won’t go into much detail but they can’t “hack” what’s offline.
A few good software recommendations for anyone looking into this post:
* [https://keepass.info/](https://keepass.info/) or [https://keepassxc.org/](https://keepassxc.org/) – In my opinion the best password manager out there. Could be a bit much for someone new to this. A close second for me is [https://bitwarden.com/](https://bitwarden.com/)
* 2FA is a hot topic and you won’t go wrong with [https://authy.com/](https://authy.com/) or Google Authenticator
Remember, **you** are the biggest vector of attack for any online account that you own. It’s up to you to secure it.
Stay safe folks.