Security Best Practices
Now that you've got a Wonder Wallet we wanted to share some best practices for managing the security of your new self-custodial wallet. With the following tips in your toolbelt, you’ll be prepared to stay safe in DeFi space.
The contents of this page were previously part of an article on our WonderFi Labs blog.
Keeping your wallet safe
Practicing the following security habits can help you with protecting your wallet and your assets in the digital space.
1 - Always back up your wallet
Wonder Wallet offers two styles of wallet: traditional seed phrase wallets and MPC wallets. Depending on which method you choose to use it can affect how you look at backing them up.
If you lose your phone, or accidentally remove the Wonder Wallet app, you can use the backups in place to recover access to your wallet.
MPC Wallets
These wallets are backed up through a third-party provider of your choosing, either via email or social login. This could be Google, Apple or another option. The backup itself is protected by an extra layer of security from those third parties.
However, this means you need to practice good security habits with those accounts:
-
Create a separate email just for your crypto wallets that you do not expose elsewhere on the web with everyday usage.
-
Change your password for these accounts regularly
-
Enable 2FA (Two Factor Authentication) – Authenticator apps (Google Auth, Authy, Microsoft) are the most secure method, and we recommend using them over other options like SMS or email.
Seed Phrase Wallets
These wallets are protected by a 12-word phrase that you set up when you create the wallet. This 12-word phrase is essentially the password to your account except unlike traditional password you cannot reset it if you get locked out.
Your wallet seed phrase is like the keys to your house, or the PIN on your debit card: it controls all access to your wallet. Write your phrase down and keep it in a safe and secure location such as a physical safe.
DO NOT:
-
Create your seed phrase in a place where someone else can see it
-
Share the seed phrase with anyone else
-
Keep it anywhere on your phone (notes app, screenshot, etc)
-
Keep it unencrypted in a cloud-based service (i.e. Google Drive) where it can be accessed online
Finally, NO ONE from WonderFi will ever, ever contact you asking for your Seed Phrase.
2 - Don't keep all your assets in one wallet
As you explore and interact with what blockchain technology has to offer, you may find yourself growing your collection of tokens and holdings. As your holdings grow, it’s good practice to start storing your assets in different wallets.
There are two different approaches you can take for this method.
Multiple Hot Wallets
Online wallets, self-custodial or otherwise are referred to as hot wallets. They’re actively connected to the internet.
Your Wonder Wallet can hold multiple hot wallets, and you can easily send between them. It’s good practice to keep one wallet for your day-to-day activities with a bit of ETH. This is the wallet you use to interact with dApps and smart contracts.
Then keep your collectibles and other long-term assets in another wallet that doesn’t interact with the web3 space directly. This puts a further step in place for protecting your assets. Even if you take an action that exposes access to your day-to-day wallet, only that wallet can be accessed while your major assets are protected in another wallet.
Hardware Wallets
Opposite to hot wallets are cold storage wallets (aka hardware wallets). These wallets are physical devices that can store your wallet keys and crypto completely separate from the internet.
If you’re planning on holding a large number of tokens or collectibles long term, you can store them safely in a hardware wallet. Once you’ve transferred your funds in, you can disconnect the wallet from the internet, and no one can access it unless they physically get their hands on it. This is one of the most secure methods for storing assets that you are not planning on actively using.
Hardware wallets come in many forms, some of the more well known and trustworthy ones are Ledger and Trezor. Always buy your hardware wallets new, as used wallets have the potential to be compromised.
If you store your tokens in a hardware wallet, make sure the physical wallet itself is kept in a secure place, like a physical safe or lockbox at a bank.
3 - Practice good device security habits
Your device is your access point to your wallet. If you lose your phone or tablet, you need to make sure that no one can gain access. Always maintain good security habits with your phone:
-
Enable biometrics (fingerprint, face ID, etc) where possible
-
If biometrics are not available on your device, make sure to set a secure PIN or pattern that is not easy to guess
-
Do not access your wallet on public or unsecured Wi-Fi
-
If you must access your wallet while travelling or away from home, use a VPN for an extra layer of protection
4 - Set up auto lock
Auto lock is a feature that will automatically lock down your phone if you leave the device open but inactive for the period of time you set. Once the auto lock kicks in, you’ll need to sign in again before you can access your device. We strongly recommend auto lock, espcially if you find yourself:
-
Checking your phone regularly but not locking it before setting it down.
-
In public a lot, working from an office, or traveling extensively.
Device Auto Lock
This is set in your device’s own settings and will lock down the entire device after the time limit you’ve set has passed.
Wonder Wallet Auto Lock
In addition to the Device Auto Lock, Wonder Wallet also offers an auto lock feature called Timeout for the app itself.
With biometrics enabled, you'll always need to pass a check when you open the app. However, the timeout feature will enable an auto lock if you don't close the app and only minimize it. When you return to the app after the period of time set has passed you'll be prompted to pass another check before accessing the app again.