Security Best Practices

1.1 Account Hygiene

• Use unique, high‑entropy passwords and a reputable password manager
• Rotate passwords quarterly and revoke unused sessions/devices
• Enable login alerts and review access logs regularly

1.2 Two‑Factor Authentication

• Prefer authenticator apps or hardware keys over SMS
• Store backup codes offline and test recovery paths
• For institutions, mandate FIDO2 security keys for admins

See Account Setup for step‑by‑step 2FA enablement.

1.3 Wallet Security

• Use hardware wallets for significant holdings; separate hot/cold roles
• Validate addresses, simulate transactions, and verify on-device prompts
• Maintain multi‑sig policies for treasury and operational wallets

Refer to Wallet Integration for supported devices and setup.

1.4 Operational Security

• Keep systems up‑to‑date; restrict extensions and enforce least privilege
• Use secure networks and VPNs; avoid public Wi‑Fi for administrative tasks
• Implement incident response playbooks and periodic drills

1.5 Organization Policies

• Enforce role‑based access control and separation of duties
• Require code reviews, audits, and change management for smart contracts
• Adopt a disclosure program and maintain a vulnerability intake channel

For compliance integrations, see Compliance Setup.