Securing Your LocalCryptos Account
LocalCryptos is a non-custodial, end-to-end encrypted, peer-to-peer marketplace where users have complete control over their accounts and cryptocurrency wallets.
This approach to cryptocurrency trading is hugely advantageous in terms of freedom, privacy, and security, but it also comes with a heavy burden of responsibility.
Account security on LocalCryptos depends almost entirely on the user's actions, and for that reason, it should always be one of the top considerations when using the platform.
In the following text, we compiled a list of the most important security measures you should take to protect your account.
Use a Strong Password and Change it Regularly
Proper password management can not be emphasized enough. For hackers, the password to your account is the first point of attack; for you — it's the first line of defense.
Your account password grants access to your LocalCryptos wallet, which means that anyone that has it can freely spend your cryptocurrency. Another thing to keep in mind is that cryptocurrency transactions are irreversible, which means there's nothing anyone can do to help recover your crypto once it's been moved from your wallet.
Perhaps even more important to consider is that due to how LocalCryptos client-side encryption works — if you lose or forget your password, there's no way for us to recover it. You're the only person that knows the password to your account, so it's entirely up to you to keep it safe and protected.
Adequate password management implies a strong password that isn't shared with anyone, isn't used anywhere else, and is stored safely and changed regularly.
Ideally, your password should be at least 12 characters long and include both uppercase and lowercase letters, numbers, and special characters.
If you can't rely solely on your memory, don't store your password on your computer or a cloud. Instead, use password management software with an equally strong master password.
Enable Two-Factor Authentication (2FA)
Activating two-factor authentication is an additional measure you can use to protect your LocalCryptos account.
Important to consider here is that SMS authentication is vulnerable to SIM swapping, so it's always better to go with Google Authenticator.
Google Authenticator stores your 2FA backup key locally on your device, making it much harder for hackers to compromise your security.
Two-factor authentication apps like Google Authenticator and Authy use one-time (OTP) or dynamic passwords to protect against replay attacks. This means that if a hacker somehow manages to capture the one-time password you already used to log into LocalCryptos, he won't be able to abuse it because the same password will no longer be valid.
Download Wallet Backup
One of the first things you should do after you sign up to LocalCryptos is to download your wallet backup.
The wallet backup is a file that allows you to access the private keys to your wallet independently and at any time you want, even if LocalCryptos were to ever go offline for some reason.
You can find the download button to your wallet backup in the "Account" section on your homepage. To interact with the wallet backup file, you can use the open-source "LocalCryptos Wallet Backup Explorer" tool provided here.
Since the wallet backup file contains the key to your cryptocurrency funds, it should be treated with extreme care. For one, the file should never be kept on your computer but instead in an air-gapped environment such as an encrypted USB flash drive. If you absolutely must keep the backup wallet file on your PC, make sure that your PC is clean from malware and save the file in an encrypted folder with a strong password.
Don’t Keep All Your Crypto in One Wallet
Despite all the efforts you put into securing it, your LocalCryptos account will never be completely safe from hacks. For this reason, it’s unwise to keep all of your cryptocurrency in one wallet.
Instead, a safer and more private way of storing your cryptocurrency is to spread it across multiple cold wallets.
Don’t Share Personal Information in The Trade Chat
The messages on LocalCryptos between you and the person on the other side of the trade are end-to-end encrypted for a reason — it’s to protect your privacy.
Personally-identifying information can significantly compromise your account security, so it’s never advisable to share any information besides the minimum required to make the trade.
Identify and Avoid Phishing Attacks
Phishing is a type of socially-engineered cyberattack that is principally used to collect sensitive personal information, including email or crypto exchange account passwords, bank/credit card details, or public and private keys to cryptocurrency wallets.
Phishing attacks are typically done through email whereby the perpetrator disguises himself as a trusted entity and tricks the victim into clicking on a malicious link or downloading a malware-infected attachment.
The malicious links usually lead to pages that almost perfectly mimic the websites of legitimate service providers such as banks, payment processors, or cryptocurrency exchanges/wallets.
The victim of the phishing attack is then tricked into entering their username and password on the fake website, thus giving the perpetrators access to their account or other sensitive information.
You should especially beware of phishing attacks because hackers can use them to gain access to your email, your LocalCryptos account, or steal the public and private keys of your LocalCryptos wallet.
To protect yourself against P2P trading scams, you should never click on links or download any attachments contained in emails you weren’t expecting. Besides that, you should:
- Always double-check the sender’s address for email spoofing.
- Always check the authenticity of any URLs included in the email and beware of URL redirects.
- Avoid reacting impulsively to any calls to action (downloading attachment files, logging into “your” account, or replying with any sensitive information). Phishing attacks are designed to instill a sense of urgency; you must persevere.
You should be aware that LocalCryptos will never ask you to change or provide any account information via email. If there’s anything we need, we’ll notify you via your homepage dashboard.
Lastly, to help protect its users against phishing attacks, LocalCryptos has partnered up with PhishFort — a security service that monitors various sources across the internet for potential phishing attacks and, when discovered, takes them down in record times.
Stefan is a full-time crypto writer and a part-time podcast addict. He holds a master's degree in Commercial Law with a graduate thesis in cryptocurrency regulation. He spends his free time lawyering around the block and lifting heavy objects off the ground. With his mind.
Faculty of Law ”Iustinianus Primus“ - Skopje, LL.M Business Law