In this blog, I will give some suggestions/recommendations that will help you secure your EOS private keys.
If you are using scatter chrome extension, keep only your active private key saved in it. Keep the owner private key somewhere else secure such as printing it down in a piece of paper. This is very very important. Let me repeat, keep only your active private key saved in scatter. If scatter gets hacked, you will be rekt if you keep the owner private key in it.
Never paste your private keys online in a website. If a website is asking for your private keys, than it is most likely a scam. If you encounter such site, write a post on r/eos subreddit for help.
If you need to copy your private key then, don’t copy your whole private key to clipboard. Instead copy first 46-47 characters and memorize the remaining 4-5 characters.
If you have printed your private key or saved it somewhere, then check if it is 51 characters long. All EOS private keys start with a 5 and are exactly 51 characters long.
If you are saving your private key in an online password manager, it would be wise to split the key in two and save it in two different services. So, even if one service gets hacked, your key will still stay secure.
Download wallet software from trusted sources. If you are downloading from github, always check the green mark in the top left of the browser in the address bar. It should say “Github Inc [US]” if you are using chrome.