One of the best parts of having an Ethereum wallet like Rainbow is that you are in total control of your money. Unlike a bank account from Wells Fargo or a crypto exchange like Coinbase, we don't hold your assets on your behalf. Instead, your money is actually yours thanks to the power of cryptography. You can do whatever you want with it, whenever you want. No one is standing in your way.
Because of this, it's important for you to be on guard. Thankfully, it’s relatively easy to stay safe as long as you understand the ways in which crypto is different from traditional finance.
So, let’s talk about your crypto wallet and how to be safe as you're exploring the world of Ethereum!
Goodbye Usernames and Passwords
To get started, the world of crypto and Web3 is a bit different than how we're used to surfing the traditional internet. A crypto wallet doesn’t typically have a username or password associated with it. Instead, it has 3 things — none of which are chosen by the owner:
1. a public wallet address
2. a secret phrase
3. a private cryptographic key
Anyone who knows your public address can see your transaction history and what assets you have inside of your wallet. They can also send things to your wallet without your permission.
A private key or secret phrase on the other hand grants control over everything inside of a wallet.
If you lose your wallet's private key and secret phrase, there's no way of recovering access to the wallet. You can't just click a "forgot password" button, and there's no 2-factor authentication. Wallet providers like Rainbow don't even know your private key, so we can't retrieve it for you either.
Instead, you need to personally backup your private key and/or secret phrase. There are many ways of doing this, and each method gives you a different level of protection. Here are a few examples:
- Rainbow's iCloud Backup feature
- Password Manager like 1Password
- Written on a piece of paper
- Stamped onto a piece of metal
With Rainbow, you can automatically create a secure iCloud Backup of your wallet or copy the secret phrase down on a piece of paper or in a password manager.
One of the other big differences between crypto and the traditional internet is that you can actually take your wallet's private key or secret phrase and use them with a totally different wallet app. If you decided Rainbow wasn't for you, then you could easily take your credentials and use them somewhere else. You could even have your wallet (and thus all the assets contained by it) in two places or apps at once.
A term used to describe this kind of tech is the word interoperable. It means that data and software made by totally different organizations can work together seamlessly.
The traditional internet doesn't typically work this way, and it's usually not good for consumers. For example, you can't take your Facebook data and move it over to Twitter. You're locked in, and the burden of leaving is heavy.
In the new world of Ethereum and Web3, your identities and data go with you.
You can connect your wallet to decentralized apps (Dapps) to do lots of fun and useful things. You can also sign-in to websites using your wallet instead of having to create new accounts and passwords for each one.
In fact, the term "wallet" isn't really that great of a name for what apps like Rainbow can do. It’s kind of like how we call our devices “phones” but they’re so much more than just a phone. Crypto wallets are more like portals, passports, and digital identities for a whole new world. The possibilities are endless.
Staying Safe Checklist
Now that you have a better understanding of how the new world of Ethereum and crypto works, lets talk about specific steps you can take to be safe.
1. Only share a wallet address if you’re comfortable tying your identity to it and exposing everything inside of it.
Because the blockchain is public and decentralized, anyone with your address can see your entire transaction history. Is that something you’re okay with?
2. Consider having more than one wallet.
Many people choose to have multiple wallets that serve different purposes. The most common example is having a “social wallet” that is tied to their public identity while also having a “hardware wallet” that is anonymous. Rainbow lets you create as many wallets as you need.
3. Backup your secret phrase or private key somewhere safe.
As we mentioned earlier, these two things are what give control over a wallet. You must back them up someplace safe because they are the only thing that could let you back into your wallet if you lose access.
4. Never share your secret phrase or private key with anyone.
There may be some rare exceptions to this rule, but for the most part you should be the only person who can control your wallet. Accidentally leaking or sharing your private key and secret phrase means your wallet is permanently compromised. It’s not like the traditional internet where you can simply reset your password. Private keys and secret phrases are unchangeable. Your only course of action would be to start a new wallet.
5. Consider investing in a hardware wallet.
If you have a very large amount of money, getting a "cold" hardware wallet like a Trezor or Ledger and following its security practices can give you even greater protection. These kinds of wallets are meant for longer term holding of assets that you aren't going to be using on a regular basis. A software wallet like Rainbow is still very secure and best for being your “daily driver” or “social wallet”.
6. Follow the tips outlined in our “Avoiding Crypto Scams” guide.
Just like in the traditional finance world, there are some bad actors looking to steal your assets. It’s not hard to avoid these scams though if you know what to look for. We have a helpful guide to avoiding crypto scams that you can read following the link below.