Education, How Abra Works

How to use Abra safely

Updated March 2022.

User Conversations Lead To Updated Safety Tips

Users tell us what’s working, what kinds of features they want to see, and about lessons they have learned on their journey of investing in cryptocurrencies. These conversations have led to the following safety tips while participating in cryptocurrency offerings.

See also our  FAQ section for frequently-updated answers — now with some video tutorials.

Here are some of the top safety and security tips gleaned from our community:

  1. Mind the WiFi. Before logging into the Abra app, best practice is to use a trusted WiFi, like your home network, or some other option that you have a high degree of trust. It’s best to avoid public WiFi networks, like from a busy coffee shop.
  2. Secure your phone. Automatically lock your phone. Use two-factor authentication (2FA) for added security. Remember that your phone is part of your security chai; it connects you to your crypto wallet. Create defensible space around your phone and treat it like one part of the key to the vault where you store your cryptocurrency keys.
  3. Hold on to your phone. Along those lines, keep your phone in your possession at all times. Again, your phone is now part of your crypto custody chain, so treat it like a valued set of keys.
  4. Ensure you’ve got a clean phone. While on the topic of phones — make sure you know where your phone came from. Buying a second-hand phone off the internet or using a jailbroken phone is not advised. You want a phone where you know its full security history and have confidence that you are the only one in complete control of what’s going on behind the scenes.
  5. Mind your hardware ports. One of the biggest risks and simplest ways to breach a phone’s security is through a hardware port. To ensure safety, make sure you either disable hardware ports or at least be aware of your external hardware connections.
  6. Avoid web-based exploits. Stop visiting sketchy websites, on your phone at least. You are probably already aware that these websites can be a backdoor into your devices and a way for bad actors to steal critical identifying information, arrange social engineering, and other kinds of attacks and takeovers.
  7. Get authentic Abra. Only download Abra through the Apple App store or from Google Play. Any other website or service that instructs you to download Abra is a fraud and is likely trying to steal your funds or start transacting on your behalf. If you see any suspicious Abra impersonators out there, please let us know at [email protected].

Abra app security and 2FA

We frequently get questions about why Abra doesn’t have two-factor authentication at the level of the app. The most straightforward explanation is because Abra only exists on your phone (or more accurately, your phone is what connects you to your assets on the blockchain).

So, if your phone is already compromised, sending a receiving a text confirming your ID to enter Abra wouldn’t work as a security measure.

The biggest takeaway from all of this is that you should try to keep your potential attack surfaces minimal. A big portion of these security threats can be managed by just beginning to think differently about your phone or mobile device.

Instead of merely a portal to the internet, think of it like a wallet or safe deposit box.

Keep in touch, and let us know if you have any other security-related questions or comments by emailing [email protected].