Account Safety Before You Open a Link
Protect the accounts and recovery paths tied to any source you plan to trust.
Start with public records
Core hygiene
CISA's baseline is straightforward: long unique passwords, a password manager, MFA, phishing resistance, and software updates. Ethereum's own security guidance adds hardware wallets and never sharing recovery phrases.
- Use a unique password for email, exchange, wallet extension, and social accounts.
- Turn on MFA anywhere account recovery or custody could be hijacked.
- Keep seed phrases offline and out of cloud screenshots or notes apps.
Source note
What to protect first
If an attacker takes over the email account tied to your crypto activity, they often gain the recovery path for everything else.
- Protect primary email first, then wallet, exchange, and social accounts.
- Use hardware wallets for larger balances or long-term holdings.
- Review wallet prompts slowly, especially when there is no gas cost and only a signature.
Source note
Red flags
Convenience habits are usually the weak link.
- Reused passwords across email and financial accounts.
- Seed phrase stored in cloud photos or chat apps.
- Signing messages you do not understand because they look 'free'.
On this page
How to use this guide
Check the source before you respond or connect.
Compare the source you plan to use against this briefing. Confirm it independently, and stop if the public record does not match the message.
Primary sources