How to use Abra safely

We put together a quick list of safety tips while investing in new, decentralized cryptocurrencies.

These tips come from the many conversations we have with Abra users. They tell us what’s working, what kinds of features they want to see, and they tell us about lessons they have learned on their journey of investing in cryptocurrencies.

We also get asked a lot of questions. We keep adding to our FAQ section (we now have some video tutorials on frequently asked items), so please check that out.

Here’s a quick rundown of some of the top safety and security tips that we have gleaned from our community.

1. Mind the WiFi: Before logging into the Abra app, best practice is to use a trusted WiFi, like your home network, or some other option that you have a high degree of trust. It’s best to avoid public WiFi networks, like from a busy coffee shop.

2. Lock your phone and use some kind of two-factor authentication setup. Remember that your phone is part of the security chain and it is what connects you to your crypto wallet. So create some defensible space around your phone and treat it like one part of the key to the vault where you store your cryptocurrency keys.

3. Along those lines, keep your phone in your possession at all times. Again, your phone is now part of your crypto custody chain, so treat it like a set of keys.

4. And while we are still on the topic of phones — make sure you know where your phone came from. Buying a second-hand phone off the internet or using a jailbroken phone is not advised. You want a phone where you know its full security history and have confidence that you are the only one in complete control of what’s going on behind the scenes.

5. Mind your hardware ports. One of the biggest risks and simplest ways to breach a phone’s security is through a hardware port. To ensure safety, make sure you either disable hardware ports or at least be aware of your external hardware connections.

6. Stop visiting sketchy websites, on your phone at least. You are probably already aware that these websites can be a backdoor into your devices and a way for bad actors to steal critical identifying information and arrange social engineering and other kinds of attacks and takeovers.

7. Only download Abra through the Apple App store or from Google Play. Any other website or service that instructs you to download Abra is a fraud and is likely trying to steal your funds or start transacting on your behalf. If you see any suspicious Abra impersonators out there, please let us know at support@abra.com.

Abra app security and 2FA

We frequently get questions about why Abra doesn’t have two-factor authentication at the level of the app. The most straightforward explanation is because Abra only exists on your phone (or more accurately, your phone is what connects you to your assets on the blockchain).

So, if your phone is already compromised, sending a receiving a text confirming your ID to enter Abra wouldn’t work as a security measure.

The biggest takeaway from all of this is that you should try to keep your potential attack surfaces as minimal as possible. A big portion of these security threats can be managed by just beginning to think differently about your phone or mobile device.

Instead of merely a portal to the internet, think of it like a wallet or safe deposit box.

Keep in touch, and let us know if you have any other security-related questions or comments by emailing support@abra.com.