Basic safety and security tips for MetaMask
암호화폐와 Web3를 처음 접하시나요?
MetaMask 학습으로 이동하시면 웹3 신규 사용자를 위해 특별히 마련한 간단한 학습 환경을 체험할 수 있습니다. 이는 완전히 무료이고 다국어로 제공되며 MetaMask를 사용하여 자신의 위치를 찾는 데 도움이 되는 시뮬레이션과 같은 유용한 도구가 포함되어 있습니다.
비밀복구구문의 정의와 이를 백업하는 방법
시드구문이나 비밀복구구문의 사용은 대부분의 암호화폐 지갑에서 사용되는 표준입니다. It's generated randomly when you create your MetaMask wallet, and provides access to all the accounts (addresses) within that wallet.
When you first create a wallet, you will be prompted to write down your Secret Recovery Phrase (SRP), or connect your Google or Apple account to MetaMask. While both options have an associated SRP, they function differently in the backend.
If you secure your SRP, and do not connect your Google or Apple account to MetaMask, then MetaMask does not control any of your personal or private data on our servers. 모든 정보는 브라우저에서 암호화되고 MetaMask 비밀번호를 통해 보호됩니다. So, if you lose your MetaMask accounts and need to restore them, you can only do that with your SRP. In this case, your SRP is your single point of failure for access to your accounts.
If you connect your Google or Apple account to MetaMask, your SRP is encrypted and sharded across five different nodes. Only your Google or Apple account and password can access and decrypt all five shards. In this case, your Google/Apple account and password are your two points of failure. Because of this, make sure you do not reuse your Google/Apple password for your MetaMask password. The two passwords should be completely unique. We also recommend you still secure your SRP in case you lose your password or Google/Apple account.
Why you need to store your Secret Recovery Phrase
MetaMask is a self-custody wallet. Whoever has access to an SRP has access to all of its accounts. If your device breaks, is lost, stolen, or has data corruption, there is no way for the MetaMask Support team to recover your SRP for you.
Don't share your Secret Recovery Phrase and private keys
Anyone who has your SRP or private keys can control your assets, and therefore send tokens out of your accounts. MetaMask 팀원이나 회사를 대표한다고 주장하는 사람을 비롯한 그 누구와도 이를 공유해서는 안 됩니다.
We will never ask you to provide your SRP. If someone claims that we do, insist on not sharing. If you encounter someone who claims to be a MetaMask or MetaMask Support team member, or asks for your SRP and/or private keys, report them by getting in touch with Support. If anyone else asks for your SRP and/or private keys, assume they are trying to steal all of your assets.
This applies to websites and apps, as well. The only legitimate situations where you'll need to enter your SRP are:
- When you're creating your wallet for the first time, since you need to input certain words from the phrase to confirm you've recorded it.
- If you're restoring your wallet on a new device or from a fresh install, or you reset your password (a similar process).
There are, however, scammers that try to simulate these two situations. See here for more information: How do I recognize the real MetaMask?
계정에 보유 중인 토큰의 금액이 크다면, 하드웨어 지갑을 구입하는 것이 좋습니다.
하드웨어 지갑은 토큰을 저장하는 가장 안전한 방법이라고 일반적으로 여겨집니다. 하드웨어 지갑은 '콜드 웰렛' 즉 차가운 지갑이라고도 불리는데 이는 항상 또는 대부분의 경우 인터넷과 단절되어 있기 때문입니다. 이 접근 방식을 이용하면 악의적인 온라인 사용자가 귀하의 개인 키에 접근할 수 없으며, 모든 트랜잭션을 승인(인증)하기 위해서는 하드웨어 지갑 자체가 필요합니다.
Don't share your password(s)
You should never share any of your passwords with anyone, but for now, we will focus on your MetaMask password. If you connect your Google or Apple account to MetaMask, your password is required to access your accounts.
MetaMask Support will never ask you to share your password. If someone has access to your password and your Google/Apple account, they can access all of your MetaMask accounts.
If you don't have your Google or Apple account connected to MetaMask, your password functions differently. Having access to your password will not give someone access to your accounts. However, you should still secure your password and practice good password hygiene.
- Use a strong password, with a mixture of uppercase and lowercase letters, numbers, and special characters.
- Use a different password for each account.
- Store your passwords in a secure, offline location. Cloud services and password managers can be hacked, and are not the most secure way to store your passwords.
- NEVER share your password with anyone.
안전을 추구하는 데 지나침이란 없습니다. 이 지침에서 소개하는 기본 가이드는 결코 완벽한 것이 아닙니다. 커뮤니티, 교육 자료 또는 토론 채널에서 배움을 통해 항상 토큰을 더 잘 보호하는 방법을 배우세요.
Additional resources
다음은 컴퓨터를 안전하게 유지하는 방법에 대한 몇 가지 추가 자료입니다.
- Windows - 가정용 컴퓨터의 안전한 보호
- Mac - Mac 안전 설정
What are token approvals and why are they important?
Token approvals grant permission for a dapp to access and move a specific type of token and token amount from your wallet. If you are not careful about what token approvals you are approving in your MetaMask wallet, then this could potentially be an attack vector for your wallet to get drained.
To avoid this from happening try and follow these guidelines:
- Always check what a dapp is actually requesting before clicking 'approve '. In MetaMask, you can also adjust the amount that the dapp has access to. Even if you only provide access to 10% of your tokens, and the dapp turns out to be a scam, that's still a considerably better outcome than if you 'd granted unlimited access.
- DYOR. The best time to get in the habit of performing due diligence on any dapp before interacting with it was six months ago; the second best time is today. Look out for misspellings, low-quality images/logos, and other giveaways.
- Remember that if something seems too good to be true, it probably is. If you're being offered 498,563% APY, you're probably on thin ice.
For a more detailed explanation on token approvals and how to manage them please read the following article.