🔐 Level 1: Essential:
1: I use Bitwarden
as my password manager. Every single service I use has a unique, strong password. I only need to memorize a single very strong master password to log in to the hundreds of services I use. (If you’re like me and struggle to memorize special-character gibberish, consider using sentences
2: ALL my accounts use multi-factor for access, either using my Yubikey
or a TOTP time-based token. I use LastPass Authenticator
for this, so my tokens are backed up. (The LastPass account for my TOTP tokens isn’t used for anything else.)
3: I don’t keep any crypto at exchanges, other than to quickly buy and sell it, so even if my account is hacked, there is nothing to steal. (Someone please let my poor hacker know.)
⛓ Level 2: Advanced:
4: I use a FIDO2 security key (Yubikey
) with all my accounts. It’s a tiny physical device that is required to log in to my email, crypto services, etc. To verify, I just touch my key.
5: For any online services that hold my crypto, I enable “cool down” periods. Both Celsius and Nexo support a whitelist of permitted withdrawal addresses. If you want to add another address, I get notified and have 24-48 hours to cancel the change.
6: To protect against sim-swapping
, I try not to use my cell number for any service. I have a Google Voice number behind a hardware key. My cell number isn’t linked to any service.
🤐 Level 3: Paranoia!
7: I have just 4 passwords in my life:
A: My Bitwarden master password for my credential management
B: My computer password to sign in and decrypt to all my devices
C: My Bitcoin hardware wallet passphrase(s)
D: My VeraCrypt
password for an encrypted volume on my hard drive, used to secure any secrets that I can’t secure with my hardware wallet, like GPG keys.
8: I have a paper in a safe place listing all my non-crypto and crypto accounts. I sat down with my wife and showed her to log in to all my accounts. We have a trusted friend who can help her regain access if something happens to me. (Please don’t forget this part if you have a family and a crypto stash!)
9: I may or may not have multiple hidden wallets
on my Trezor
. If you steal my wallet seed AND force me to disclose the passphrase, you may or may not access my real wallet. I do not talk about how much crypto I may or may not own.
10: Off-topic, but my home is also protected by multiple layers of digital and physical security, such as Blink cameras all around.