Password: Choose a strong and random password with a variety of character types (small, capital, number, and unusual special characters). Don’t use names, variations of the same password with one letter difference, basic combinations like “asdf”, and replacing letters with numbers.
Email address: Check that your email account was not compromised in any past security breach, for example at: https://haveibeenpwned.com/. We suggest to set up two-factor (also called two-step) authentication for your email account with e.g. Google Authenticator or Authy.
Backup document: Download and securely store your backup document that you received when you created your wallet. In case you lose access to your wallet e.g. forget your password, you can use this and ONLY this set of words to regain access to your wallet. We advise you to print the backup PDF in 2 samples and separately lock them up in a safe and secret place which you won’t forget and where the paper can’t be damaged. Once done, delete the email (if you choose to email it to yourself) or delete the file (it you choose direct download/ cloud back up). Alternatively, encrypt the document with password if you store it on your computer.
Two-factor authentication: This is a method that creates an extra step to access your account. To enable two-factor authentication, please log in to your web wallet and visit “Settings”. You can set up two-factor authentication with the Google Authenticator or Authy mobile app. We recommend that you backup your two-factor authentication account, in case you lose your phone. The Following article will explain in more detail how to enable 2FA: https://help.btc.com/hc/en-us/articles/360002959913
PIN protection: In the BTC.com wallet we enable PIN protection for the mobile app as default. Make sure to use a random, hard to guess PIN (e.g. not your birth year/ ZIP). You can edit and change your PIN in the mobile app via the “Settings”.
Good browser habits: To protect your web wallet, we advise you to use a reliable and modern search engine such as Google Chrome and keep the browser updated to the latest version. Be sure to never save your password on your browser and don’t forget to log out after every session. Never click on links or download files whose sender you don’t trust. Be wary of links that use URL shortener and mask the destination of the link. Ideally, use Ad Blocker to prevent malicious ads to load in your browser.