The following are security recommendations to secure your Metamask account using both the Metamask browser extension and Metamask mobile app.
General best practice for security of your Metamask wallet
- Never use the wallet on a shared computer
- Use desktop rather than mobile wallet. It’s much easier to access/steal or compromise a phone than a laptop
- Backup your seed phrase securely
- Use a password manager such as Lastpass or KeePass to save password and seed phrase.
- Also back up on paper or in your favourite book that you would never part with.
- A good method for backing up is to store your secret phrase and password in 3 parts in different places
- You can also “salt the password and secret phrase backup” E.G.
- If your password is password1Secure then back it up as password15SecureSecret5 and write somewhere else your salt words: E.G. Secret 5
- Similarly if your secret phrase is happy phone hammer radio then back it up as happy grass phone hammer blue radio and write somewhere else your salt words: E.G. grass blue
- Generate a secure hashed password using password manager
- Check your browser extensions. If you are not using a browser extension then turn it off. Browser extensions can record your screen or log your keyboard easily.
- Run anti-malware and ant-virus programs regularly to check for key-logging software or spyware
- Regularly clear your browser’s history and cookies
- Lock your Metamask account when not in use
- Deactivate/turn off the Metamask extension when not in use
- If holding large amount of funds then consider creating several accounts in your wallet and split the stake between accounts
- Also consider moving profits out of your wallet at regular intervals
- NEVER EVER tell anyone your secret phrase or post it to any channel. If someone gets your secret phrase they can steal all your funds.
- Your password can only be used on your device so treat your device like a vault to protect from theft and damage.
Recommended Metamask Security Settings
The following are recommended settings for using the Metamask browser extension and mobile app securely. Hopefully you will have many of these turned on by default but it is worth checking and making any changes.
Metamask wallet browser extension:
- Settings → Advanced → set Auto-Lock Timer to < 5 minutes
- Settings → Advanced → turn off any experimental features
- Settings → Advanced → select preferred ledger connection type if using a hardware wallet
- Settings → Security & Privacy → turn on Show incoming transactions
- Settings → Security & Privacy → turn on Use Phishing Detection
- Settings → Security & Privacy → turn OFF Participate in MetaMetrics
- Settings → See https://coinflex.com/support/2-2-9-flexdao/ for recommended Network settings for the FLEX DAO
- Settings → Alerts → turn on all alerts
- Settings → Experimental → turn off any experimental features
Metamask wallet mobile app:
- Mobile app → Settings → Security & Privacy → set Auto-Lock Timer to < 30 sec
- Mobile app → Settings → Security & Privacy → recommend to use password/passcode instead of face ID but if your password is weak then face ID is preferable
- Mobile app → Settings → Security & Privacy → turn on Privacy mode
- Mobile app → Settings → Security & Privacy →clear privacy data, browser history and cookies at regular intervals
- Mobile app → Settings → Security & Privacy → turn OFF Participate in MetaMetrics
- Mobile app → Settings → Security & Privacy →Mobile app → change password specific to mobile
Helpful links for using Metamask to stake in the FLEX DAO