05 Jan The TLDR security guide. SIM Jacking and 2FA.
2FA is must. But it’s not enough to just have it enabled. This is meant to be simple and quick, obviously you should learn more about each point.
Down and dirty security:
1- Get a google voice number. VOIP numbers can’t be SIM jacked. Free for U.S. use.
2- Get LastPass Authenticator or Authy. Don’t use Google Authenticator unless you understand the consequences, i.e. losing the device with your google auth loses those 2FA OTP codes. If you do understand the consequences then you should be using a YubiKey.
3- Remove your cell number from your google account security, replace with google voice number or nothing.
4- If you use a password manager and you should, remove SMS 2FA from this or change to GVoice. Set PW manager to use YubiKey or TOTP Authenticator for 2FA.
5- Over the next month, cycle that dumb password you keep using on all your accounts with minor variations to something psuedo randomly generated via a password manager. BtC2DaM00n$ is not special.
We can keep going and get more granular but this is a good 90% solution for most entry level crypto users.