Security Best Practices
Your security is your responsibility in the world of non-custodial wallets. This comprehensive guide covers how to keep your eckoWALLET and funds safe.
Understanding Non-Custodial Security
What Does "Non-Custodial" Mean?
eckoWALLET is non-custodial, which means:
✅ You control your funds - Complete ownership
✅ No middleman - Direct blockchain interaction
✅ True ownership - No one can freeze your account
But also:
⚠️ You are responsible - No password reset button
⚠️ No recovery service - eckoWALLET support cannot access your wallet
⚠️ Mistakes are permanent - Lost recovery phrase = lost funds
The golden rule: You alone control your wallet, and you alone are responsible for its security.
Critical Security Elements
1. Recovery Phrase (Seed Phrase)
Your 12-word recovery phrase is the master key to everything.
Protection Rules
❌ NEVER:
Screenshot or photograph it
Store it in cloud services (Google Drive, iCloud, Dropbox, etc.)
Email it to yourself
Store it in notes apps that sync online
Share it with anyone (including support staff)
Enter it on websites
Store it digitally on your computer
Say it out loud near smart devices
✅ ALWAYS:
Write it down on paper with pen
Store paper in secure location (fireproof safe, bank vault)
Make multiple copies stored in different locations
Keep it completely private
Consider metal backup solutions for long-term storage
Store offline only
Advanced Recovery Phrase Protection
Multi-Location Storage:
Keep one copy at home (fireproof safe)
Keep one copy in a bank safe deposit box
Consider giving one copy to a trusted family member (in sealed envelope)
Metal Backups:
Paper degrades over time
Metal plates resistant to fire/water
Products: Cryptosteel, Billfodl, etc.
Splitting Your Phrase (Advanced):
Shamir's Secret Sharing
Split phrase into parts
Requires multiple parts to recover
Only for advanced users
2. Password
Your eckoWALLET password encrypts your wallet data locally.
Creating a Strong Password
Requirements:
Minimum 8 characters
Mix of uppercase and lowercase
Include numbers
Include special characters
Good passwords:
MyKad3na!Wallet#2024Tr0pic@l-Sun$et-79B1ue$ky&M00n!light
Bad passwords:
password123- Too commonkadena- Too simple12345678- Sequential numbersYour name or birthday - Easily guessed
Password Manager (Recommended)
Use a password manager:
1Password, Bitwarden, LastPass, Dashlane
Generate strong random passwords
Store securely encrypted
Access with master password
Sync across devices
Important: Your recovery phrase should NOT go in password manager. Keep it offline.
3. Device Security
Your wallet is only as secure as your device.
Computer Security
✅ Must do:
Keep operating system updated
Install security updates promptly
Use antivirus/anti-malware software
Enable firewall
Encrypt your hard drive
Use strong login password
Lock screen when away
❌ Avoid:
Pirated software
Suspicious downloads
Unknown browser extensions
Public/shared computers for wallet access
Outdated software
Mobile Security
✅ Must do:
Keep OS updated (iOS/Android)
Only install apps from official stores
Enable biometric authentication (fingerprint/Face ID)
Use strong device PIN/password
Enable "Find My Device" features
Regular backups
Auto-lock after short timeout
❌ Avoid:
Jailbreaking/rooting device
Installing unknown apps
Clicking suspicious links
Using unsecured public Wi-Fi for transactions
Browser Security
For browser extension:
✅ Must do:
Keep browser updated
Only install extensions from official stores
Review extension permissions
Use reputable browser (Chrome, Edge, Brave)
Clear cache/cookies regularly
❌ Avoid:
Too many extensions (increases risk)
Extensions from unknown sources
Browser versions no longer supported
Common Threats and How to Avoid Them
Phishing Attacks
What is it: Scammers impersonating legitimate services to steal your credentials.
Email Phishing
🚨 Warning signs:
Emails claiming to be from "eckoWALLET Support"
Urgent messages requiring immediate action
Links to websites asking for recovery phrase
Spelling/grammar errors
Threats of account closure
✅ Protection:
eckoWALLET will never email asking for your recovery phrase
Never click links in unsolicited emails
Manually type eckowallet.com in browser
Verify email sender address carefully
Website Phishing
🚨 Warning signs:
Websites with similar URLs:
eckow4llet.com,eckowalet.com,eckawallet.comAsking for recovery phrase
Too-good-to-be-true offers
Urgent "verification" requests
✅ Protection:
Bookmark official eckowallet.com
Always check URL carefully
Look for HTTPS and SSL certificate
Never enter recovery phrase on websites
Social Media Phishing
🚨 Warning signs:
DMs from "support" staff
Replies to your tweets/posts claiming to help
Friend requests from impersonators
"Admin" in Discord/Telegram asking for details
✅ Protection:
Official support never DMs first
Never share recovery phrase in DMs
Verify accounts are official
Report suspicious accounts
Malware and Keyloggers
What is it: Software that steals your passwords and data.
Types of Malware
Keyloggers: Record your typing
Clipboard malware: Changes addresses when you copy-paste
Screen capture: Takes screenshots
Remote access: Gives attackers control
✅ Protection:
Use antivirus software
Keep software updated
Don't download pirated software
Scan downloads before opening
Use hardware wallets for large amounts
Never access wallet from public/shared computers
Clipboard Hijacking
What is it: Malware that replaces crypto addresses when you copy-paste.
How It Works
You copy recipient address:
k:abc123...Malware detects it
Malware replaces with attacker address:
k:xyz789...You paste attacker address (thinking it's the right one)
You send funds to attacker
✅ Protection:
Always verify address after pasting
Check first and last few characters
Send test transaction for large amounts
Use QR codes when possible (mobile)
Keep system clean of malware
SIM Swapping
What is it: Attacker convinces phone company to transfer your number to them.
Why It Matters
If you use SMS for:
Two-factor authentication
Account recovery
Notifications
Attacker can intercept these.
✅ Protection:
Use authenticator apps (not SMS) for 2FA
Contact carrier to add PIN/password to account
Use hardware security keys when possible
Don't rely on phone number for security
Social Engineering
What is it: Psychological manipulation to trick you into revealing information.
Common Tactics
🚨 Impersonation:
"I'm from eckoWALLET support, I need your recovery phrase to help"
"I'm the developer, send me your phrase to fix this bug"
🚨 Urgency:
"Your account will be locked in 24 hours, act now!"
"Limited time offer, send KDA now!"
🚨 Authority:
"Admin here, we need to verify your account"
"IRS/Tax authority, pay immediately"
✅ Protection:
No legitimate service ever asks for recovery phrase
Take time to think, don't rush
Verify through official channels
When in doubt, don't act
Advanced Security Measures
Hardware Wallets (Ledger)
For maximum security, use Ledger hardware wallet:
Benefits:
Private keys never leave the device
Physical confirmation for transactions
Resistant to malware
Best for large holdings
How to use with eckoWALLET:
Connect Ledger device
Add Ledger account to eckoWALLET
Sign transactions on Ledger device
See Hardware Wallets
Multi-Signature Accounts
Use multiple keys to control one account:
Benefits:
Requires multiple approvals for transactions
Protects against single key compromise
Good for organizations/shared funds
Example:
2-of-3 multisig: Need 2 out of 3 keys to sign
Useful for treasury management
Note: Advanced feature, requires Pact knowledge.
Separate Accounts for Different Purposes
Account segregation strategy:
Cold Storage Account: Large holdings, rarely accessed, possibly Ledger
Hot Wallet Account: Small amounts for daily use
dApp Interaction Account: Connecting to applications, minimal funds
Trading Account: Active trading, moderate amounts
Benefits:
Limits exposure per account
Compartmentalizes risk
Easier to track
Enable Two-Factor Authentication (2FA)
eckoWALLET supports 2FA for additional security:
How to enable:
Go to Settings → Security
Enable Two-Factor Authentication
Use authenticator app (Google Authenticator, Authy, etc.)
Save backup codes
Benefits:
Extra layer beyond password
Protection if password compromised
Important: Save backup codes in case you lose your phone.
Auto-Lock Settings
Configure eckoWALLET to lock automatically:
Browser Extension:
Settings → Security → Auto-lock
Choose timeout (1 min, 5 min, 15 min, 1 hour)
Shorter = more secure
Mobile App:
Settings → Security → Auto-lock
Enable biometric authentication
Set short timeout
Biometric Authentication (Mobile)
Use fingerprint or Face ID:
Benefits:
Convenient and secure
Harder to steal than password
Quick access
Setup:
Go to Settings → Security
Enable Biometric Authentication
Configure fingerprint/Face ID
Transactional Security
Before Sending
Every time before sending funds:
Verify recipient address - Check every character
Check amount - Ensure decimal points correct
Confirm chain - Verify destination chain
Check network - Mainnet vs Testnet
Test first - Small amount for new recipients
When Using dApps
Connecting to decentralized applications:
✅ Safe practices:
Only connect to trusted dApps
Read transaction details carefully
Understand what you're signing
Disconnect after use
Use separate account for dApp interactions
❌ Dangerous:
Blindly signing transactions
Connecting to unknown/suspicious dApps
Giving unlimited token approvals
Leaving connections active when not using
See Connected dApps for more.
Reviewing Transactions
Before confirming any transaction:
Read carefully - Don't rush
Understand the action - What is this transaction doing?
Check all parameters - Recipient, amount, gas, etc.
If unsure, reject - Better safe than sorry
Research if needed - Take time to understand
Recovery and Backup
Backing Up Your Wallet
What to backup:
✅ Recovery phrase (12 words) - CRITICAL
✅ Password (optional, in password manager)
✅ Account names/aliases (for reference)
✅ List of accounts and their purposes
What NOT to backup digitally:
❌ Recovery phrase
❌ Private keys
❌ Screenshots of sensitive info
Testing Your Backup
Regular verification:
Every 6-12 months, verify you can read your recovery phrase
Ensure it's still legible and properly stored
Check storage location is secure
Make sure you still have access to storage location
Important: Don't test by entering into wallet unless necessary.
If You Lose Your Device
If device lost/stolen:
Your funds are safe - They're on the blockchain
Restore on new device - Use recovery phrase
Create new password - Old password won't work
Regenerate accounts - Create accounts until you restore all
Preventive measures:
Keep recovery phrase separate from device
Don't store recovery phrase on device
Have backup device or plan
Recognizing Scams
Common Crypto Scams
🚨 Giveaway Scams:
"Send 1 KDA, get 10 KDA back!"
Celebrity impersonators
Too good to be true returns
🚨 Support Scams:
"DM me your seed phrase to fix your issue"
Fake support staff
"Verify your wallet" requests
🚨 Investment Scams:
Guaranteed high returns
Pyramid/Ponzi schemes
"Exclusive" investment opportunities
🚨 Romance Scams:
Online relationship
Eventually asks for crypto
Emergency situations requiring funds
✅ Red flags:
Guaranteed returns
Pressure to act quickly
Requests for recovery phrase
Too good to be true
Unsolicited contact
If You've Been Scammed
Immediate actions:
Stop all communication with scammer
Don't send more - Sunk cost fallacy
Preserve evidence - Screenshots, messages
Report to authorities - Local law enforcement, FBI IC3
Report to community - Discord, Twitter (warn others)
Move remaining funds - To new wallet if compromised
Recovery:
Unfortunately, blockchain transactions are irreversible
Law enforcement may help, but recovery is rare
Learn from experience, help others avoid same mistake
Regular Security Maintenance
Monthly Security Checklist
□ Check device for software updates □ Update eckoWALLET if new version available □ Review connected dApps, disconnect unused □ Check transaction history for suspicious activity □ Verify recovery phrase backup is still secure □ Review account security settings □ Clear browser cache/history (extension) □ Scan device for malware
Quarterly Security Review
□ Verify all backups are accessible □ Test recovery phrase legibility □ Review and update account organization □ Consider moving large holdings to cold storage □ Review and rotate passwords □ Update security software □ Review educational materials for new threats
What To Do If Compromised
If You Suspect Compromise
Immediate actions:
Transfer funds - Move to new, secure wallet immediately
Create new wallet - New recovery phrase, new everything
Analyze breach - How did it happen?
Secure devices - Scan for malware, change passwords
Monitor accounts - Watch for unauthorized transactions
If Recovery Phrase Exposed
If someone saw your recovery phrase:
Assume full compromise - They have complete access
Create new wallet immediately - New recovery phrase
Transfer all funds - To new wallet ASAP
Never use old wallet again - Permanently compromised
Secure new phrase - Don't repeat same mistakes
If Password Compromised
If only password is compromised (not recovery phrase):
Less severe - Still serious
Change password - Use stronger one
Check for unauthorized activity - Review transactions
Enable 2FA - If not already enabled
Secure device - Scan for malware
If both password AND recovery phrase compromised:
Follow recovery phrase compromise procedure
Create entirely new wallet
Staying Informed
Follow Official Channels
Official sources only:
Website: https://eckowallet.com
Twitter: @eckoWALLET
Discord: https://discord.com/invite/runonflux
Verify everything:
Check URLs carefully
Look for verified badges
Don't trust random accounts
Security Education
Continuously educate yourself:
Follow crypto security news
Learn about new attack vectors
Participate in security discussions
Share knowledge with community
Emergency Contacts
If You Need Help
For security issues:
Discord: https://discord.com/invite/runonflux
Twitter: @eckoWALLET
Remember:
Real support never asks for recovery phrase
Real support never asks for private keys
Real support never asks for passwords
Reporting Security Issues
If you discover a security vulnerability in eckoWALLET:
Email security team (check official website)
Don't disclose publicly before fix
Responsible disclosure helps everyone
Summary: Security Golden Rules
NEVER share recovery phrase - Not with anyone, ever
NEVER enter recovery phrase on websites - Only in eckoWALLET app
Always verify addresses - Before sending funds
Use strong, unique password - With password manager
Keep software updated - Wallet, OS, browser
Enable 2FA - Extra security layer
Store recovery phrase offline - Paper or metal
Use hardware wallet - For large holdings
Be skeptical - If it seems too good to be true, it is
Take your time - Don't rush important decisions
Additional Resources
Need Help?
Join our Discord: https://discord.com/invite/runonflux
Follow us: @eckoWALLET
Visit Troubleshooting
Remember: Your security is in your hands. Stay vigilant, stay safe!
Last updated