Stay safe while using crypto

A crypto wallet should be, first and foremost, safe.​

But what does that really mean? At ZenGo we strive to build a very simple and secure solution to store and manage your digital assets, but it is important to truly understand the security mechanisms powering the solution you are going to use, including its limits. It is also critical to understand what you can do to protect yourself from human error and other risks. Indeed, even with ZenGo there are things you can do to improve your safety and increase security.

Below, we’ll cover the topics you need to understand to help you be better protected with ZenGo.

Better than 2FA, ZenGo’s 3FA

The 3 security factors used by ZenGo

2FA is a security process that requires setting up a second authentication factor. ZenGo’s security model is, by design, 3FA (3 Factor Authentication). Here are the 3 factors that we use to keep you safe:

Your Email

Confirm when signing up with a magic link

Backup File

Used to store a decryption code associated with your account in your personal cloud service

Your Face Map

A securely encrypted representation of your face stored on our servers so that in case you delete the app or switch devices, you can still restore your account.*

By combining these 3 factors, as well as our cutting-edge, MPC-based cryptography, we’ve minimized the risk that comes with cryptocurrency storage. ZenGo’s Keyless security keeps you safe by eliminating a significant point of failure in crypto storage – the private key.

*The face map is encrypted before reaching our servers.

 

Protecting the 3 factors of your ZenGo account

As long as you have access to the 3 factors mentioned above, you will nevernot lose access to your account.

The level of safety can be reinforced depending on how you set up and protect each one of your 3 factors. Keeping the 3 factors safe is critical, since losing access to any of the factors means you will not be able to restore your account.

Here’s what you should do to make sure that your 3 factors are safe:

  1. Do not create your ZenGo account on a device that is not yours
    You should use ZenGo only on a device that is accessed and owned by you.
  2. Verify your keyless backup
    Once set up, you can check the status of your backup anytime in your account. You can also verify that your face map is valid, using the “Test My Face Map” feature.
  3. Add an additional face map
    You can use a close family member or friend’s face to restore your wallet. Simply get them to add a biometric face scan to your account and you’re all set. Adding an additional face map guarantees that your crypto is safe even if your face changes.
  4. Enhance the security of your email and cloud accounts with 2FA
    To reinforce the security of the email and cloud accounts that you use with ZenGo, activate 2-factor authentication. Here’s how you can add 2FA in Gmail, Outlook, Yahoo. Here’s how you activate 2FA on Apple iCloud and Google Drive. We recommend not using SMS as your 2FA method (to prevent, for example, Sim-swap attacks). Instead, consider using verification code-based solutions (such as Authy).
  5. Create an offline copy of your cloud data
    Have a password-protected copy of your Cloud stored locally to reduce the chance that your cloud account gets compromised. This will also help eliminate your reliance on Google and Apple. You can also choose to have an encrypted offline backup of your phone. This is how you create one with iPhone and on Android.
  6. Keep both ZenGo and your operating system up-to-date
    For the optimal user experience and increased safety, make sure you are using the most recent versions of both your mobile’s OS as well as ZenGo. Update your operating system and ZenGo by following this guide on iOS and this guide on Android.

If one of your factors is compromised, here’s what you should do:

Unless all of your factors are compromised, your funds are not at risk. However, for extra safety, if you have the device at hand, take control over your account and upgrade its security as described above. Then resume to ZenGo.

Protect your device

If your device is stolen or lost, here’s what you should do:​

  1. Use Find My iPhone (iOS) or Find My Device (Android) and try to locate your device.
  2. If your device is lost, recover your ZenGo wallet from a new device using your same email and cloud service and move funds to a new account.
  3. Once you have recovered ZenGo, remotely reset your former device. Here are guides for performing a remote reset on iOS and Android.

Protect your digital environment

Here’s how you can increase the safety of your device and more generally of your online setup. These tips are not exhaustive but should already give you an edge:

  1. Follow these iOS and Android safety guides
    These will help you protect your device according to the vendors’ instructions.
  2. Use a strong device passcode or biometrics
    Use biometrics (e.g., iOS Face ID) if your device supports it. If not, make sure your device passcode is hard to guess (avoid sequential numbers, birth dates, etc.). You can even set a custom alphanumeric code and custom numeric code. Here’s how you can set and change your passcode on iPhone and Android.
  3. Avoid public WIFI connections
    These connections can be used by attackers to monitor your device. Only connect to WIFI connections that you trust.
  4. Set up automatic phone backups
    Make sure your device is backed up so that even if something goes wrong, you can always restore to a recent version. Here’s how you can set up automatic backups on Apple and Android.

Crypto investing and DeFi risks

Cryptocurrencies and decentralized finance services (also known as “DeFi”) are innovative and cutting-edge products. But innovation always comes with risks, and it is important to act responsibly when dealing with volatile assets and new technologies. There is no such thing as perfect security or a guaranteed return on investment: always exercise caution and stay alert while managing and investing in crypto assets.

  1. Watch out for scams
    Be careful out there. Make sure you send funds only to services or persons with a verified reputation (verified by you). Be even more vigilant with unvetted people that you meet on social networks. Read our overview of recent scams for more information.

    We’ve recently witnessed an increase in complaints regarding pyramid schemes such as
    Crowd1 and Coins Iconex. Please be vigilant and avoid these services.
  2. Crypto transactions are irreversible
    Once a transaction is confirmed by you, there is no turning back. ZenGo cannot reverse, modify or cancel a transaction that you have confirmed. Only you can confirm your transactions. 
  3. Verify your recipient wallet address
    Before confirming a transaction you can easily verify a wallet address on the confirmation page. Some malicious services may hijack your clipboard manager. It is always a good idea to verify an address before sending.
  4. Take extra care when executing large transactions
    If you’re sending any amount that you consider to be significant, we recommend sending a very small amount before sending the large transaction. Only send a larger amount after you have verified that the small amount has reached its destination.
  5. On Twitter
    Our handle is @ZenGo. If you ever get in touch with any other account that claims to be us, don’t reply and please let us know immediately.
  6. Our website is ZenGo.com
    Check the for the lock  in the URL bar to verify
  7. ZenGo or any of its representatives will never contact you to send any funds.

These are some of the things that you should know or do to make your crypto journey safer. Improving your safety is an ongoing practice. Keep revisiting this page if you want to get the latest tips from us.

Updated: March 22nd, 2020

Notify me when ZenGo is available for Android