Feb 7, 2019
Title: Record Date: August 16, 2019
Air Date: February 7, 2019
Topic: Crypto Security Best Practices
In this special two-guest edition of Running with Unicorns, my guests, Calley Nye Founder of Syren.io, and Alison Burger, Co-Founder of Women of Crypto, join us today to talk about security best practices in crypto investing. If you’re just starting to invest in crypto or even if you’re a veteran, these simple do and dos will help you avoid costly mistakes and protect your digital assets. This is a valuable primer with specific and practical recommendations to help you get started immediately on a path to safe investing.
Topics Covered in this Episode:
– Most valuable advice they received when becoming new investors
– On keeping it simple and playing it safe, but not to safe
– Avoiding the fear factor and dipping your toes in the market
– Different ways to store digital assets and security implications of each
– On keeping your hot and cold wallets safe
– Sobering moments they’ve had in tracking their crypto
– The difference between public and private keys and why that’s important
– The various points at which crypto security hygiene comes into play
– On the importance of protecting your phone and email address
– Call-to-Action on things to do TODAY to keep your crypto safe
– What to do when things go wrong despite your best efforts
– How to build a community of advisors
– You have to start somewhere sometime. Why not now?
– One thing they wish they’d known when getting started
– Their top three tips on safe crypto investing
Links and Resources:
Questions and Comments?
Chitra: Welcome to Running with Unicorns, your portal into the world of cryptocurrencies. I'm Chitra Ragavan, Chief Strategy Officer at Gem. This podcast is recorded at the Gem Studios here in Los Angeles. The topic of today's discussion is security best practices in cryptocurrency investing. Joining me are two amazing guests, Calley Nye, Founder and CEO of Siren.io and Slumber Party.io. And Alison Burger, who is the Co-founder of Women of Crypto, the Instagram, Facebook, and Telegram communities.
Thank you so much for joining us.
Calley: Thank you for having us.
Alison: Thanks for having us.
Chitra: My first question is, what was the most valuable advice you received when starting investing and that you'd like to pass along, Alison?
Alison: Yeah, I would say that the best advice I got when I first started was to invest slowly. Go on to a main exchange, buy the main tokens, only invest like a hundred dollars at a time. Kind of play around with the market and see what's happening before going all in on any one coin, or any one investment, and kind of get your feet wet slow. Keep everything all in one place I think is important when you're just getting started, because otherwise it can be confusing.
Where did I leave my Ether, where did I put my Bitcoin, what did I do with that Litecoin. Keep it all in one place when you're just starting out. You can keep it on an exchange, in a wallet. Don't start selling too much, hold on to it, I think that's important too because eventually you're going to have to start reporting all of your transactions for tax purposes. So keep it simple, play it safe, I think those are my best tips.
Calley: That's good. I'd say don't be crippled by fear. It's good to have a healthy amount of fear when you're going into these things, but acknowledge it and own it, it is part of the process. Don't hold out too long, take chances, but take small chances, still be afraid of general risks and stuff like that. But generally, just acknowledge fear as part of the process.
Chitra: All great advice. So let's step back for a minute and ask, what are the different ways to store crypto assets? What are the security implications of each of those?
Calley: I'd say there's a few. Obviously there are hot and cold wallets. Hot wallets meaning they're connected to the Internet, cold wallets meaning they're not connected to the Internet, and there are also exchanges. They all have different risks. I like to diversify, so I have some in exchanges, the risks there are that somebody can get your login and steal all your money and send it out, and they can't do anything about that, or that the exchange itself is compromised in some way.
Calley: For hot and cold wallets, generally one of the biggest risks is that you can just lose your private key or lose access to it, because it's custodial. You're owning it, so it's your responsibility which is always kind of a scary thing to have that much responsibility. So, yeah. I would say keep everything diversified, and keep it in a few different places, that's the safest way, because nothing is really that safe.
Alison: I mean, I think she covered all of it, but I'll just leave everyone with one last thought, which is, wallets these days are their own banks. So they're super, super important because we're used to having our money backed by the Federal Reserve in bank accounts, which can easily be recovered if we call and say, "I didn't spend that money." So, I think it's super, super important to think about wallets and where you're going to keep them, and also I would say having a physical hardware wallet is probably the safest, but also the most prone to, "Oops, I don't know what I did with it. Where did it go? I put it in the safe, but then someone was in my house so I took it with me somewhere, and oh my gosh, what did I do with it?"
So, always have a back up there.
Chitra: I recently had that experience. I couldn't kind find what it is I wanted, a couple of moments of panic there. But it seems like the sense of responsibility and ownership seems to be one of the things that really defines crypto investing compared to traditional investing, that you are really responsible for your wealth.
Calley: That's the scariest part honestly. That it's all on you. There's not anybody to blame, that you're not gonna call your mom and say, "This bank is so stupid." It's all on you, and it's really hard to have that kind of responsibility, and we're just not used to it. I like it, I think that I trust myself and I trust my abilities more than other people's. So I like having that aspect, but a lot of people can get scared by it. It's also just so new to understand... you can't call somebody and say, "I forgot my password or I don't know how to access my account. Someone stole my money.” There's nobody to answer the phone.
Chitra: Is there any moment when you had that realization early in the game?
Alison: Yes, but not through a physical wallet issue, another issue, where I thought I had transferred a certain amount, but I didn't see the whole amount go into the other exchange, and I'm not sure where it went, and I tried to track it. Yeah. When you start exchanging coin-for-coin instead of buying fresh with USD it starts to get confusing.
Calley: Yeah. I remember there was one time I sent money on GDAX. I think I was just sending it from GDAX to MyEtherWallet. I was still early on so I was still managing the private key, which was so stressful to have this private key that you would have to paste before I got my Ledger.
And I remember. That was right when I sent it, GDAX kind of went down. So I spent six hours just in utter fear that I had screwed up, and it wasn't gonna get there.
Chitra: GDAX being the exchange for beginners, GDAX being the exchange, the private key.
Calley: It's actually technically Coinbase Pro, I keep forgetting that now, but yeah I was... that's how you convert to USD, so I was getting paid in Ethereum at the time. So I was putting large sums of money in Ethereum that I would have to transfer all at once. So…
Chitra: And define private key for those who are just starting out.
Calley: Well private key... When you think about the private and public keys, your public key is like your bank account number and your private key is like your ATM pin. That's the one you're not gonna be sharing with everybody. And one is just the identifier where the money is going and one is how to access. It's the control. So that's one. MyEtherWallet is a really popular tool and they have such heavy warnings when you sign in because they're like, "Please, please,” it's like a 12-page pop-up that's like, "Are you sure you understand that this not a bank?" And so before the Ledger Wallet, I was copying and pasting my private key. And it just really stressed me out - that whole process - that it could've been hacked or if I could've been sending money to somebody else. It was very very stressful. So, yeah.
Chitra: When I first saw that extensive disclosure on MyEtherWallet…
Chitra: I just exed out of the browser and just decided not to do anything for a few weeks.
Alison: Abort mission.
Chitra: Yeah. But so you find kind of this pathway - right - through which people invest. What are the different points where your security best practices come into play?
Alison: I would say immediately, of course. Even when you're just starting out and say you want to create an account on Coinbase. At that point, I think the very first thing to do is go into Gmail, create a new email account that no one ever will know - a very secret account that you only use for your crypto-exchanges, wallets, transactions. Even online banking you can put there. Things like legal documents for corporations and what not; and companies and LLC's; medical records, things like that. Or just your crypto. That's fine, too. But I think even just when you're first getting your first exchange, your first account with your first exchange, get that email set up. That's very important. And at the same time, you might as well get a Google Voice account, right then and there.
Get a different number. Make sure you'll be using that number for any sort of public page that's gonna display your cell phone number or your business cards, your website, something like that. And then, remove your personal cell phone number from all of your Gmail accounts and all of your email accounts, really. Those are some really good first steps in the very beginning of the process.
Calley: Yeah and in my experience, people have - women especially, in my experience... Because with Slumber Party, I talk to a lot of women who are just starting out in their crypto-journey. They use all these security best practices and things like that. It's kind of an excuse to not start. They're kind of scared off by the idea. So I say it's usually pretty safe just putting 20 bucks in Coinbase. Just download the app and put in 20 bucks and see how that goes. And then if you're still willing, it gets you excited and you're still willing to put more in... Then as you progressively add more money, you can progressively get safer as you go. If you lose 20 bucks, who really cares? The longer you get into it, the more money that you get, the more you should take an interest.
I started out, I was working a broke startup job. I was starting a new company and was making very very little money per year, so I was basically saving like 5 dollars a week. And I was putting $5 a week in my Coinbase account. And after like 4 months of that, when Ethereum was 7 dollars... So after a few months of it and it hit 300 and I had a thousand dollars. So it was like... That's when I was like, "Now I have to start getting serious about this.” And around then is when I bought my first Ledger Wallet and I started playing around with exchanges and I started cracking down on everything. But there's people who have millions of dollars in crypto who have lighter security practices than the people who are getting crippled with $100. So, kind of keep it in perspective too. The email one is just a super easy one to do. You might as well just do that. But the other thing is the hardware wallet. You don't have to go overboard at first.
Chitra: Yeah. So if there was a call-to-action to everybody listening and watching this, what would that one thing be that everyone should do today?
Alison: I would say the most important thing is to secure your phone number, your personal phone number and get a Google Voice number and to actually secure your phone number. Call your provider and say, "Hey, I'm trying to avoid my account being ported, my number being ported. Can you turn... " I think some providers can actually disable the ability to port a number and you can ask them for that. But also add another level of security onto your phone number so if someone tries to call and reset your password or get access to your phone number, you can then have a private key that they actually won't know.
Calley: Yeah. I would just agree with that.
Chitra: You would disagree?
Calley: Yeah, I would agree with that.
Chitra: Oh, you would agree with that?
Chitra: Okay. So despite all of our best efforts, something happens. How do you recover and what are the kinds of things that can happen, that can go wrong in this process?
Calley: Well I would say, definitely don't give up because... Kind of accept it as a loss and rebuild from there. But if you stop, then that's just a loss. But from obviously resetting everything, wiping your phone, starting from scratch, even maybe wiping your computer cause you never know what kind of malware that can cause that... Changing your passwords everywhere, moving everything to new wallets... It's super easy to create new wallets and move everything over, buy a new Ledger, basically reset everything. And really take a look at... Obviously, it depends on what happened, if you can diagnose what happened. And learn from those mistakes.
Chitra: Do you have any advice…
Alison: All awesome advice. Another thing that I would do - or probably the first thing that I would do - would be to call one of my best friends who's a tech genius guru - knows everything, blockchain, and just tech in general - and ask for his/her support.
Chitra: Cry for help.
Chitra: Or call for help, I guess.
Alison: He's kind of a hacker so he would know.
Calley: Yeah. One of my favorite things about crypto is that it's decentralized, which means we would have to rely on each other for the system to work. So communities are really important. So going to your favorite community and having a community, in the first place, is a good preventative step too. Cause they'll always... You can learn lessons from them, through them, pass on this tribal knowledge, and maybe prevent things before they happen. Like if somebody else gets hacked, you’ll know. Then they know how to prevent it the next time for you. So being involved in communities is a really important step and especially when you're going through something like that. Going to the community and asking them for their support is always helpful.
Chitra: That's great. And in closing, looking back at when you were first starting, is there one thing you wish you had known or something you'd have done differently if you had the opportunity to start with a clean slate?
Calley: I probably would've started sooner. I think I probably waited 2 years before I felt comfortable enough to do it. And I think it would be really different if I didn't wait. So if you're thinking about it, just dip your toe in. You don't have to jump in, yet. Dip your toe in and be tentative, but brave. There's a lot to learn. There's a lot to do. It's really fun. So I wouldn't... I would tell everybody that and I wish I could tell myself that 3 years ago.
Alison: I definitely agree with that. I think all of us on planet Earth are kicking ourselves that we didn't do it... That's a big one, for sure. What else? Probably getting myself secure sooner, too. Right now is actually one of the best times to get started and buy and get involved because the markets are down, by the dip. You know? That's a real thing. Right now, I'm buying more. I recommend that everybody else buy more and hold on to it because we're here for the long-run. It's not just about gains. It's not just about making money. It's about so much more.
Chitra: So they shouldn't look at the fluctuations and think, "This is not a good time" and…
Calley: Yeah, I think there's this paradox that this technology is gonna change the world and it has the power to do so much for so many people and so much good that we can't just look at the numbers. It's not just those numbers. Those numbers can represent the larger, the whole, but the volatility - if anything - is gonna be what prevents it from being great. Because the volatility is what prevents people from actually taking action with it and from it being a viable currency. So eventually the volatility will die down and it will become more stable. So I see this as a good thing. This volatility thing is kind of evening out to a certain extent. It's a good thing in the long term for the technology. It may not be good for our portfolios but I'm in it because I believe in the technology and I believe in what it can do. So I'm in it for the long haul.
Chitra: We've talked about a lot of things today, given people a lot of advice. What are the top 3 tips that you would like to share that they should take away?
Alison: Yeah. I would say top 3 takeaways and action items from today would be phone number, making sure your phone number is secure, meaning removing it from all your emails as a backup, getting a Google Voice number and replacing all of your listings of your phone number on any public place. Start giving that phone number out on your business card, things like that. I would also say number two is going to be get a secret email account that no one else has access to or even knows exists. Use that for all of your crypto-logins. And number three, make sure to have some sort of password-saving application on your computer. So even something like a LastPass or 1Password, which comes with Mac and have a master password for that that's never touched the internet anywhere. Make that the most secure password that you have. Save all of your passwords there.
You can also save your public keys and other two-factor authentication passwords inside of LastPass in the note section which is like extra extra hidden away, which obviously you need a password to get into. And then also have a Google Authenticator on your phone and use that for all of your accounts.
Calley: To add on to that list - because those are all great - I would say that in any type of technical system, the biggest vulnerability is you and humans. So basically, there's always these things that we have to be extra careful of. There's one thing that we haven't really talked about but is plaguing, ends up in people losing their crypto, is scams. And so when you are sending money to anybody, make sure you're triple, quadruple sure that this is the right person, the address is secure. I've seen it a lot with the token sales that I've worked on. We have a lot of fake people messaging. People were in the Telegram group saying, "Hey, we have this special deal for you because you've been here for so long. You're such a great member. All you have to do is send your Ethereum to this number.” And I know that some token sales have had more money scammed than actually raised for the technology. So be extra careful of those types of things. It's not just technology or hackers. It's sometimes you being not as smart. So just be super clear about all those things.
Haves secure passwords. It doesn't necessarily mean that they're hard to remember. A character is a character to a machine, so numbers and special characters don't really make that much of a difference. So it's better to have a longer password. So if it's a sentence or if it's a longer thought, it's a little bit easier for us to remember and also harder for a computer to crack. And again, just don't be so afraid.
Chitra: That's great and have you learned lessons the hard way? Have each of you lost money or had your phones hijacked or afraid that they were about to be hijacked? Have you ever had a close-call or have you been practicing these things and you've managed to be safe?
Alison: I've had close friends be hacked so that almost feels like it's close enough for me. Thank goodness I have not been hacked or ported or anything like that yet.
Calley: Yeah, I - knock on wood - I haven't been hacked but as a community manager, I've had to be supportive of a lot of people who've lost money in different ways. But for the most part, another thing that's really important is to be really cognizant of how your technology works. Don't take it for granted like your phone. Usually you have these patterns that you have your phone... By the end of the day it's at 30 percent, you plug it in on your nightstand. That's a pattern. If that pattern never changes, then that's something you have to be afraid of. So that's one of the things that you have to look out for. So sometimes if my battery's running too hot or if it's running out too fast, I'll just reset my phone to factory settings just to make sure that there isn't anything sneaking on there. I do the same thing with computers.
I used to be a coder so I'm pretty on top of keeping everything really safe and secure. So I think I'm lucky but also pretty good at protecting myself so everybody just needs to do the same. But I've seen a lot. It happens to the best of us, even the best hackers I know have been hacked.
Chitra: Which goes to your point of having a community and having friends, people you can trust. You can call and say, "Hey, my computer's running super hot. Should I be worried?" or "There's this suspicious thing going on on my laptop. What should I do?" And for those of us that are lucky to be surrounded by people like that at work or with friends in community, it's really easier. But there are probably a lot of people that are out there who don't have that so who can they turn to? Do they just build that community over time?
Calley: I'd say these communities are really open. There are a lot of great communities of Facebook and Telegram. There's really... There's no reason to not be in any of them and they can be really great. I work with one company called Coin Vision and they have a community on Discord that's really helpful and I've learned so much from just being in that community. I have a community for women on Facebook called Slumber Party. These communities are easy to access. They're usually looking for more people and those are communities where you can feel safe. You don't have to feel like you're asking a stupid question or that anyone's gonna laugh at you or mock you. It's obviously something that happens on other places on the Internet, Reddit... No matter what you use, there's some place. There's some crypto-community that you can reach out to and they'll be happy to have you.
Alison: I agree. Just get involved. Find a community if you're not in one already.
Calley: Yeah, don't be afraid.
Alison: You can join Women of Crypto, or Slumber Party. There are so many.
Chitra: That's great.
Chitra: Anything else I haven't covered that would be worth noting?
Alison: I think that's it for me.
Chitra: Awesome. Well, thank you so much again for joining us.
Calley: Thank you.
Alison: Thank you.
Chitra: Looking forward to having you on again, soon.
Calley: Thanks for joining us. Thanks for watching. Join us again next time for another edition of Running with Unicorns. Until then, enjoy your crypto journey, unicorns.