The Security Checklist

Thirty days of security education, distilled into a practical checklist.

Exchange security:
□ Two-factor authentication enabled on all exchange accounts (use an authenticator app, not SMS)
□ Strong, unique password for each exchange account
□ Withdrawal whitelist enabled where available — only your own wallet addresses can receive withdrawals
□ Only hold on exchanges what you’re actively trading or have recently purchased

Wallet security:
□ Hardware wallet purchased directly from the manufacturer
□ Seed phrase written down correctly and verified
□ Seed phrase stored offline, physically secure, separately from the device
□ Consider a second seed phrase backup in a different location
□ Hardware wallet PIN set
□ Optional: passphrase enabled for additional security on larger holdings

Transaction security:
□ Always verify the receiving address before confirming any transaction
□ Send a small test amount before a large transfer
□ Never rush — urgency in any Bitcoin transaction is a red flag

Inheritance:
□ A trusted person knows you hold Bitcoin
□ A letter exists (kept with your will or solicitor) pointing to where the seed phrase can be found
□ The seed phrase is stored separately from the letter

Scam awareness:
□ Nobody legitimate will ever ask for your seed phrase
□ Hardware wallet software downloaded only from official sources
□ Healthy scepticism applied to all unsolicited contact about Bitcoin

None of these are technically complex. Together, they represent a security posture that the vast majority of Bitcoin losses would not have penetrated.

Tomorrow: the $300 million mistake — James Howells and the hard drive.

— The Daily Bit