Starting with Bitcoin - Encrypted Email and 2FA
Welcome to the first in a series about getting started with crypto that I've called Starting with Bitcoin. I want to kick off by saying that crypto is so much bigger than Bitcoin, but Bitcoin is what most people who are new to this space know. So this series has a much wider application than only starting with Bitcoin, you will be able to get started with any other crypto using these steps.
Yes, at the time of writing this the cryptocurrency market is in a low, but interestingly I'm finding more and more people are asking me about the complexities of getting started in crypto and starting with Bitcoin. This is why I put together this series, to help promote awareness of specific considerations, and make the daunting process less of a challenge.
When setting up and positioning yourself to get involved with crypto and to start buying cryptocurrencies, there is so much more to it than simply buying Bitcoin. Security is a hot topic and it comes in a number of layers across a number of platforms, meaning; before starting with Bitcoin you will need to consider multiple passwords or phrases to secure your investment.
What I would like to do here is to give you a rough guide to getting started in crypto so you are more secure and protected than if you were to consider the alternative; not taking any precautionary measures to protecting yourself and your investment online.
Encrypted Email Accounts
When I first got started in crypto and buying Bitcoin I used my Hotmail account to set everything up, thinking that this would be fine. I mean, I had a strong password and I had never been hacked - or so I thought. It turns out that my Hotmail account with a stupidly complex password like W2$b&5Ma!0:/$bJgY8 had been 'Pwned'. No, that's not a typo, yes it is a real thing. You can check if your email has been Pwned at https://haveibeenpwned.com/.
So what can you do about getting Pwned? Change your password, stop using your account, run for the hills with a tin foil hat on? What I did was I turned to using ProtonMail, an encrypted email service, and ramping up my security considerably. So there's tip number one, set up with Proton Mail for all of your cryptocurrency sites, exchanges, you name it. Don't rely on Hotmail, Gmail or Yahoo to be as secure.
Enable 2 Factor Authentication
Prior to finding out that I'd been Pwned, I thought that 2 Factor Authentication was overkill, I mean really, with a password like mine, surely I was fine. Nope, I wasn't. This is why I strongly suggest taking out an additional layer to your security strategy; make sure you enable 2 Factor Authentication.
Often referred to as 2FA, this is a time-sensitive six-digit code that is randomly generated by a very specific mathematical process. Each code is unique to a certain pairing, such as website 1 and your 2FA app, as opposed to website 2 and your 2FA app, or website 1 and someone else's 2FA app.
For those of you who remember the security tokens you could get for your online banking (like passbooks, they're still around and people still use them), it's a lot like that, just packaged in an app rather than on your keychain. Using 2FAs will greatly reduce the potential for your account to be hacked.
Record Your 2FA Seed
When using some 2FA apps, like Google Authenticator, take care to record any seeds that you are given as a part of the 2FA process by any particular websites as a backup. These need to be kept in a secure location.
A seed is normally a string of alphanumeric characters that I find are best described as unique to the relationship between your account and another device in your control, such as a mobile phone, through an app. A seed could be expected to look something like this: A93NCG3SKX6SBRO5.
If using Google Authenticator, I would recommend writing down what this seed is and keeping it secure; this will help if your phone needs to be replaced and you need to reconnect your 2FA app to your websites.
Is There Only Google Authenticator?
Google Authenticator isn't the only app of this kind out there, it may seem that way due to the proliferation of Google products and services in the market, but it is not. There are different 2FA apps available, my favorite being Authy, which offers more flexibility to the user in my opinion, and is quite possibly even more secure.
Authy is able to be installed on multiple devices, and those devices are able to operate as an Admin for the overall account you have and disconnect a redundant or retired device from the network. This is a great option when you think about the potential for you to lose your phone, or for it to be stolen. You can simply revoke the level of access that device has to your pairings or one-time passkeys.
Authy is much more user-friendly when it comes to transporting the keys to another device, where Google Authenticator will simply unregister your device, and that's not a fun place to find yourself. Authy, like Google Authenticator, is free. Both do a great job at adding a layer of security for you; the only decision you need to make is which offers you the level of service and ease of use that you are looking for?
Now, I know what you might be thinking right now, 'that's such a complex process, how can I make sure this 2FA thing works correctly?' Well, when setting up your 2FA, a reliable crypto website, such as the highly regarded cryptocurrency exchange Binance, will request that you verify the seed for your 2FA and the current 2FA code as a part of the 2FA activation process. If these do not match, you will be sent back to the initial stages of the 2FA process and requested to begin again. This is a great way to ensure that you have the correct details from the beginning and eliminates the potential for error through typos.
And the first steps are as simple as that! You are now more effectively positioned for starting with Bitcoin than I was when I got started in crypto way back when. The next post will take you through the process of getting set up with Fiat to Crypto on ramps; this is where you will be able to learn some of the ways how you can move your local currency into the digital world starting with Bitcoin.
This article was recenty posted on my website TechMagy and shared here with the Steemit community to add value.
I did not know about https://haveibeenpwned.com! This is an awesome tool and a great way to demonstrate the importance of using a password manager and new random passwords for each site. I myself have been pwned 6 times (according to the publicly leaked data, probably much more if including non-public leaks). Luckily I use a password manager and 2FA.
I recommend keeping an offline backup of all of your 2FA seeds. This way if you lose or break your second factor, you can get up and running easily. Just whenever you enable a new 2FA, make sure to add the QR code and private seed to your offline backup. It's a shame this approach is not broadly taught to new users, so 2FA can result in big headaches when they need to reset it.
BTW I tweeted:
Everyone should know about this website!
It's a great resource, thanks for sharing it with your followers. The more people who become aware of if they have been pwned the better.
Totally agree on the 2FA backups, this is so important!