Purchase
Start here: Table Of Contents
Two-Factor Authentication
Before proceeding, you should already be using non-SMS-based two-factor authentication (2FA). The application I prefer is Authy.
To set up Authy:
- Install the application on your phone.
- Authy -> Settings -> My Account: Setup a PIN to access the app.
- Disable Touch ID. Given a pair of bolt cutters, I can easily take your "security protection".
- Also, fingerprints are easy enough to lift and duplicate for less bloody scenarios.
- If I need 1 of 6561 possible PIN entries, I'll be your friend for a little bit longer as I steal your money.
- Authy -> Settings -> Accounts -> Backup: Enable.
- Setup a secure backup password.
- Make sure you've never used this password before.
- Memorize the backup password.
- Write it down and store the backup password in a safe location.
- Don't write "Authy" anywhere near the password.
- If you lose your phone, after you get your new phone with the same number, 3 days after re-installing Authy on the new phone, the encrypted blob will be downloaded to your phone. If you still remember this secure backup password, you can decrypt your 2FA keys.
Note: You have to trust that Authy will encrypt your blob locally before submitting it to their central server. If news is ever released that this is not the case, consider your 2FA keys as being compromised. I, however, have no reason to distrust Authy as of today.
If your account is shared between you and your significant other, have both members scan the same QR code when setting up Authy 2FA in subsequent sections.
If you have an old cell phone you would like to use as a 2FA backup device, scan the same QR code with both phones. This prevents the 3-day delay in recovering your 2FA keys if your device is stolen.
Google Authenticator
While most sites will ask you to setup Google Authenticator, you can scan the same Google Authenticator QR code with Authy. With Google Authenticator, however, if someone steals your phone your 2FA keys will be lost with no restoration process.
SMS 2FA
Stingrays are devices that are typically purchased through law enforcement venues, but logic tells us being a part of the law enforcement community cannot be a strict requirement for all merchants. Because of this, an experienced attacker can easily stakeout an area and receive all unencrypted phone calls and text messages. For this reason, you shouldn't rely on SMS-based 2FA.
If the entire concept of Stingrays being able to siphon all unencrypted phone calls and text messages is concerning, consider using the Signal messaging app.
Do note that if you've granted a malicious application permissions to use the microphone, make calls, or read SMS messages, the end-to-end encryption provided by Signal when both parties are using the Signal app is no longer the weakest link in your secure communication chain.
LastPass Authenticator
There have been a few reported issues with LastPass Authenticator:
- https://blog.lastpass.com/2017/04/lastpass-2fa-bug-reported-resolved.html
- https://blog.lastpass.com/2017/12/update-lastpass-authenticator-app.html
Please don't use this LastPass as your 2FA provider.
Exchanges
DO NOT PROCEED IF YOU HAVE NOT SETUP AUTHY as described in the above section. Failure to adhere to this warning is strictly and knowingly putting your funds at risk of being irreversibly liquidated by physical and remote attackers.
Coinbase
Coinbase rewards each new member and their referrer with $10 of free BTC if the new user uses a referral link and purchases $100 USD over time. Please reach out to the person who pointed you to this website to get your referral link and reward them with $10 free USD in BTC as well.
I solely use Coinbase to convert FIAT to cryptocurrencies. No other exchanges know of my bank account, credit card, or debit card information.
When creating a Coinbase account setup the following pieces of information:
- Personal information.
- Required by Coinbase.
- Driver's license.
- Required by Coinbase.
- Bank account.
- For cheaper fees.
- Debit card.
- For zero-delay purchases at higher fees.
- Useful for purchasing Ether to transfer to another exchange to purchase a newly listed cryptocurrency.
Bittrex
This is the exchange I personally vouch for. However, as of December 15th, new sign-ups are not being processed. Once you find that new sign-ups are being processed, please update me and I can update this website.
I am Level 3 verified on Bittrex and recommend that you become Level 2 verified when first creating your account. In the event that your account if compromised, this will make it easier to recover your account.
Binance
Please contact the person who referred you to this site to use their personal referral link so they can benefit from your transaction fees that will already be taken by Binance per trade.
Do note that I don't trust Binance fully yet, but have been using them increasingly more often to purchase altcoins that are not currently listed in Bittrex. If you're new to the cryptocurrency space and don't already have a Bittrex account, Binance is what you'll have to use if you want to realize possibly higher gains.
KuCoin
Please contact the person who referred you to this site to use their personal referral link so they can benefit from your transaction fees that will already be taken by KuCoin per trade.
I use this account strictly to purchase uTrust and other up and coming coins.
I DO NOT IN ANY WAY VOUCH FOR THIS EXCHANGE.
Poloniex
Please stay away from this site. There have been countless reports of frozen funds:
The last time there was this much noise around exchanges like Mt.Gox or Cryptsy, they were proven insolvent or the CEO fled the country, respectively.
- https://www.reddit.com/r/mtgoxinsolvency
- https://www.reddit.com/r/cryptsy
- https://www.cnbc.com/2014/02/25/bitcoins-mt-gox-disappears-insolvency-feared.html
- http://www.miaminewtimes.com/news/cryptsy-founder-paul-vernon-disappeared-along-with-millions-of-his-customers-cash-8557571
Bitfinex
Please stay away from this site. There have been countless reports of frozen funds:
The last time there was this much noise around exchanges like Mt.Gox or Cryptsy, they were proven insolvent or the CEO fled the country, respectively.
- https://www.reddit.com/r/mtgoxinsolvency
- https://www.reddit.com/r/cryptsy
- https://www.cnbc.com/2014/02/25/bitcoins-mt-gox-disappears-insolvency-feared.html
- http://www.miaminewtimes.com/news/cryptsy-founder-paul-vernon-disappeared-along-with-millions-of-his-customers-cash-8557571
Continue learning: Table Of Contents