Quoted from Spyderturbo007:Let's talk security! I know there are some new comers to this thread and although I'm no expert, I feel that I employ a lot more security measures than some might.
1. Use a strong password. It's really helpful if you use a password manager. With all the data breaches happening where clear text passwords + email addresses are being compromised, the first thing hackers do is try those credentials on any website they can find. I recommend Bitwarden, which is open source, audited and free for individual use.
2. Use a unique password. I have a strong, unique password for every website I use. Bitwarden handles everything for me including generating the password. You want something crazy like hd%*#he0FFvg$rt%. If you don't have to ever remember it, who cares what it is.
3. Use 2FA (Two Factor Authentication). This is a secondary layer of security where you're prompted for a TOTP (Time-based One Time Password). You use a code following the credential verification to validate the credentials. The code expires typically within 60 seconds. This protects you in the event that your credentials are compromised.
4. Use a 2FA Hardware Device. I don't use any 2FA methods that are cellular or email based. If someone were to have control of my email account or I've been SIM jacked, they also have access to my 2FA to validate the credentials. I use a Yubikey 5 NFC. I actually have 2 of them in case one gets lost or damaged. It's a password protected hardware device that stores the TOTP codes. It can also handle FIDO2 and FIDO U2F 2FA which is even more secure that TOTP.
https://www.yubico.com/product/yubikey-5c-nfc/
So literally, to get into my Coinbase account, you'd need my Coinbase login credentials, my physical Yubikey and the password to the Yubikey.
5. "Not your keys, not your coins." For coins you are HODLing, consider transferring them to an offline hardware wallet. This ensures that your coins are safe in the event of an account breach or an exchange hack. Something like a Trezor or Ledger.
6. Only purchase the hardware wallet from the manufacturer. Never from Amazon, eBay, etc. This ensures that you aren't getting a molested device.
7. Guard your recovery seed with your life. The mnemonic recovery seed allows someone to recreate your wallet. Meaning if you gave me your mnemonic seed, within a few minutes, I'd have complete control over everything in that wallet. You shouldn't store them online, keep a picture on your phone, or anything of that nature. They should be offline only and kept somewhere secure, like a safe deposit box. If kept digitally on something like a flash drive, make sure you password protect the file with something like AES-256 Encryption.
8. Store your hardware wallet and mnemonic seed in separate locations. You don't want both in your house in case of a fire. If they both get wiped out, you're essentially screwed....and not in a good way.
9. Consider engraving your keys onto a fire resistant steel plate. I use a Cobo tablet you can find at Amazon
10. Whitelist withdraw addresses. Most exchanges support address whitelisting. Whitelists are a list of addresses you authorize as withdraw targets. Typically it requires multiple notifications along with a 48 hour hold to withdraw funds. So if your account would be compromised and someone did try and transfer your funds, they would have to wait 48 hours to change the withdraw address, in which time you'd most likely be notified.
That's all I can think of for now. Feel free to chime in with other security precautions.
*wild applause*
Most everyone on the internet need to read #1-4 at minimum.