How to best secure your Shakepay account

We recently received a question on Reddit on how to best secure funds in your Shakepay account. Here's a re-post of the insights we shared.

How well does the PIN Code feature protect your account?

Shakepay's PIN Code feature is provided as an extra way to protect your Shakepay wallet if somebody has access to your unlocked phone. We recommend using a different PIN for your Shakepay wallet than the PIN used to unlock your phone.

PINs do not persist after re-installing and logging back into the app, or logging into the Shakepay app from different phone.

Implement strong password security

We recommend choosing a strong password, randomly generated with an app like 1Password or LastPass.

For extra security, you can generate your Shakepay account on a mobile phone, as it is least likely to have a keylogger or malware.

Turn on Email Confirmations for outgoing cryptocurrency transactions

While we are working on adding further security options like 2-Factor Authentication (2FA), you can best secure your account by turning on Email Confirmations for outgoing cryptocurrency transactions. Interac e-Transfer cash-outs will only be sent to your verified e-mail address on-file.

If you are leaving a balance in your Shakepay wallet, we recommend doing everything you can to secure your e-mail address so that your Shakepay password can’t be reset with it.

If you have a Gmail account, or an e-mail address that has 2FA, we recommend implementing the following steps:

• Implement 2FA with the Google Authenticator app and/or a Yubikey, not with SMS
• List a recovery e-mail that nobody else knows or has access to (and secure that e-mail well too)
• Remove your phone number from your Gmail account so that it can’t be used for account recovery (by social engineering a SIM swap, call forwarding, or even an SS7 attack)
• Choose very obscure answers to password recovery security questions that nobody else will have the answers to. Treat these like passwords in their own right.

Take all the steps you can

More generally speaking, funds (CAD, BTC, & ETH) stored on Shakepay are not CDIC insured, which means they are not insured like your money would be if stored in a bank account, so it’s important to take all the steps you can to secure your account.

Use a hardware wallet for long-term holding

When holding cryptocurrency in the long-term, as a best practice, we recommend holding your cryptocurrency with a hardware wallet (or separate trusted phone-based wallet) and storing your seed recovery keys in a safe place.