Bitcoin best practices for those that are newIf you are new, these two beginner-friendly sources are probably the safest way to buy bitcoins
1) Coinbase / Gemini - Both of these companies are well known, highly regulated companies with good track records and cheap rates. Phone and email support are also available if you have questions. (It's probably not safe to store a lot of bitcoins on coinbase, though. Probably better to get a trezor instead.)
2) Bitcoin ATMs - Bitcoin ATMs are usually located in safe, high-traffic areas like convenience stores, malls or gas stations. Because you are dealing with a machine and not a person, the chances of getting robbed or scammed is drastically reduced. Most BTMs have a customer support number you can call if there are problems.
If you are brand new to bitcoin, just use the Coinbase wallet and buy directly from Coinbase. It's a "cloud" wallet, so you don't have to remember to backup all the time, and it has insurance. This is the safest method for users if you're an absolute beginner and have a low amount of bitcoin you need to store/buy.
Cloud wallets are not private, so if you feel uncomfortable with that, or if you need to store larger amounts of cryptocurrency, you can use a "offline wallet" to store your bitcoins. I wrote a mini-article on the pros and cons of doing this, but the short synopsis is to use this:
mobile phone (android/apple): Mycellium
computer (mac/pc): Electrum
trezor (for larger amounts): Trezor
Viruses tend to collect on personal computers over time (ever notice how your computer gets slower with time?). Microsoft Windows has a particularly acute problem with this, but even Apple get viruses from time to time. The three common virus hacks associated with bitcoins are:
1) ransomware - your computer gets "locked" and hackers won't unlock it unless you pay them a high fee, around $1000 typically.
2) clipboard hi-jacking - clipboard hi-jacking occurs when the computer pastes a different bitcoin address than the one you originally copied. So if you're not careful, bitcoin gets transferred to the hijacker's bitcoin address instead of the intended bitcoin address.
3) outright theft - the virus detects a bitcoin wallet on your computer, and copies the wallet to his own computer. Keyloggers are usually used to extract passwords.
An OS I like to use is linux. It's a safe alternative, it has basically no viruses, and it's also free. Cell phones OSes like iOS and Android are also typically virus-free as well. Finally, tails can be used, as it is an operating system can load directly off of a usb drive. Tails is very, very anti-malware in it's product philosophy, and is basically impossible to hack.
Bitcoin exchanges get hacked all the time (MtGox and Binance are two examples of this). If the cloud wallet company is not properly insured or if the severity of the hack is too high, you risk losing your investment. So if the amount of money in your bitcoin wallet is too much to lose, we recommend getting a trezor.
A trezor is a "bitcoin safe" designed to store your bitcoins offline. Offline wallets are called "cold storage" and are impervious to hack attacks. The private keys never leave the trezor, so your bitcoins are protected even if your computer gets a virus. The only "hack" is for the robber to physically steal the unit. Anyone using cryptocurrencies as a long term investment should get one. The price can range from $45 - $160. Trezors can store a variety of crypto-currencies other than bitcoin such as ethereum, dash, zcash, etc.
Please beware of scammers and "scamcoins"
I will italicize for emphasis: There are a lot of scammers associated with the bitcoin industry! Reason being is that bitcoin transactions cannot be reversed which makes bitcoin attractive from a scammer's point of view. So if someone is selling you a high priced item, such as a car, and he wants you forward bitcoins first, it is most likely a scam. So if the offer seems too good to be true and it involves bitcoin, please say "no" to the deal.
And about scamcoins. Starting in about 2017, we had a great deal of new 'coins' that were being offered on the market, and 90% of them ended up being scams. Naive people bought them in the hopes of replicating the financial success of bitcoin, only to find out their "investment" was worthless nearly a year later. Onecoin and Bitconnect are two examples, but there are others and there will be more in the future. As in the wise words of Warren Buffet, "Beware of advice when it's good for the adviser". Personally, I tend to stick with the "boring", well-known cryptocurrencies such as bitcoin, ethereum, monero, etc. The best ones, in my opinion, are the coins with the best network effects.
An excellent way for identifying "scamcoins" is to check Reddit. Reddit is an online community where people can post content and other members can vote up or down whether they like it or not. The "good" content surfaces to the top fairly readily. Discussions often form around the content, so if a user does something dishonest, they are usually called out pretty quickly. Reddit can be very valuable in determining if a said coin is a scam or not.
Use bookmarks for all your cryptocurrency sites
One of the most common ways to get scammed is to click on a phishing link for a bitcoin related site. By doing this, the hacker can either steal your password credentials or trick you into sending money to a hacker's address. For this very reason, assume any link from an email or chat channel to be dangerous! Verify the URL, bookmark it, and then only visit bitcoin websites using that bookmark. Bookmarking can also save you from accidental misspellings that can lead you to a hackers site. Example:
Use 2-factor authentication for anything cryptocurrency related
2-factor authentication is a login system where you need a password AND an online code in order to gain access to your account. The second code is usually given by an app on your mobile phone. While this is a bit of hassle, it is much harder for a hacker to get into your account, because the hacker needs more than just the password to login. Bitcoin is a common target for hackers, so 2-factor authentication is a good mitigator for trouble.
And while you're at it, it might be a good idea to put 2-factor authentication on your email account as well. Hackers are sometimes able to steal bitcoins when they have the target's email system because they can reset passwords with hacked email accounts.
Many cryptocurrency-related apps will ask you to make backups in case something bad happens, usually in the form of writing down a "seed". A seed is a long list of words ("horse battery cart staple. . .") that you write on a piece of paper for safekeeping. So if your device gets lost or stolen, you can type in the seed and restore your bitcoins. Please be diligent about this! Most people tend to do backups improperly, so please follow this advice:
Do not store your seeds or backup codes on the internet!
Don't email it to yourself, don't take a picture of it with your mobile phone, and don't put it in your "Dropbox". Online services get hacked all the time. Instead, write down the words on a physical piece of paper.
Store your seed in a physically safe location where it won't get lost.
A personal safe, a bank deposit box, or even a file cabinet are good places. Years down the road, if you ever need to restore your cryptocurrency, you want to make sure you both remember where you put it and have access to it when you need it.
Keep your seed private!
If someone steals that piece of paper (the seed) they can steal your bitcoins! Remember, bitcoin isn't a credit card. If someone goes on a shopping spree with your bitcoins, there is no one that can reverse the charge. Once they're gone, they're gone. Please keep your seed safe from prying eyes.
Remember to also backup your 2-factor authentication codes if you have them.
Many providers will give you "one time login passwords** just in case you either lose your phone or you lost access to your 2-factor app.
If you upgrade your cell phone, keep your old phone around for a while
Finally, cell phones passwords, signatures and 2-factor apps are not backed up for security reasons. If you one day decide to upgrade your phone, please make sure your bitcoin wallet backups are restored and working on your new phone BEFORE you trade in your old phone.