Ga naar de hoofdinhoud

Basic safety and security tips for MetaMask

opmerking

Nieuw bij crypto en web3?

Ga naar MetaMask Learn voor een eenvoudige leerervaring, speciaal ontworpen voor nieuwkomers in web3. Het is volkomen gratis, beschikbaar in meerdere talen, en bevat nuttige hulpmiddelen zoals simulaties om je te helpen je weg te vinden met MetaMask.

Wat is een geheime herstelzin en hoe kan ik er een back-up van maken?

Het gebruik van een seed phrase, of geheime herstelzin, is standaard voor de meeste crypto-wallets. It's generated randomly when you create your MetaMask wallet, and provides access to all the accounts (addresses) within that wallet.

When you first create a wallet, you will be prompted to write down your Secret Recovery Phrase (SRP), or connect your Google or Apple account to MetaMask. While both options have an associated SRP, they function differently in the backend.

If you secure your SRP, and do not connect your Google or Apple account to MetaMask, then MetaMask does not control any of your personal or private data on our servers. Alles wordt in je browser versleuteld en beschermd via je MetaMask-wachtwoord. So, if you lose your MetaMask accounts and need to restore them, you can only do that with your SRP. In this case, your SRP is your single point of failure for access to your accounts.

If you connect your Google or Apple account to MetaMask, your SRP is encrypted and sharded across five different nodes. Only your Google or Apple account and password can access and decrypt all five shards. In this case, your Google/Apple account and password are your two points of failure. Because of this, make sure you do not reuse your Google/Apple password for your MetaMask password. The two passwords should be completely unique. We also recommend you still secure your SRP in case you lose your password or Google/Apple account.

Why you need to store your Secret Recovery Phrase

MetaMask is a self-custody wallet. Whoever has access to an SRP has access to all of its accounts. If your device breaks, is lost, stolen, or has data corruption, there is no way for the MetaMask Support team to recover your SRP for you.

Don't share your Secret Recovery Phrase and private keys

Anyone who has your SRP or private keys can control your assets, and therefore send tokens out of your accounts. Deel ze dus met niemand, inclusief het MetaMask-team of iemand die beweert ons te vertegenwoordigen.

We will never ask you to provide your SRP. If someone claims that we do, insist on not sharing. If you encounter someone who claims to be a MetaMask or MetaMask Support team member, or asks for your SRP and/or private keys, report them by getting in touch with Support. If anyone else asks for your SRP and/or private keys, assume they are trying to steal all of your assets.

This applies to websites and apps, as well. The only legitimate situations where you'll need to enter your SRP are:

  • When you're creating your wallet for the first time, since you need to input certain words from the phrase to confirm you've recorded it.
  • If you're restoring your wallet on a new device or from a fresh install, or you reset your password (a similar process).

There are, however, scammers that try to simulate these two situations. See here for more information: How do I recognize the real MetaMask?

Als je een grote waarde aan tokens op je account(s) hebt, overweeg dan om een hardware-wallet aan te schaffen.

Hardware-wallets worden algemeen beschouwd als de veiligste manier om je tokens te bewaren. Ze worden vaak 'koude' wallets genoemd, omdat ze meestal of helemaal niet verbonden zijn met het internet. Deze aanpak betekent dat je privésleutels online nooit bereikbaar zijn voor kwaadwillenden, en dat de hardware-wallet zelf alle transacties moet ondertekenen (autoriseren).

Don't share your password(s)

You should never share any of your passwords with anyone, but for now, we will focus on your MetaMask password. If you connect your Google or Apple account to MetaMask, your password is required to access your accounts.

MetaMask Support will never ask you to share your password. If someone has access to your password and your Google/Apple account, they can access all of your MetaMask accounts.

If you don't have your Google or Apple account connected to MetaMask, your password functions differently. Having access to your password will not give someone access to your accounts. However, you should still secure your password and practice good password hygiene.

Password best practices
  • Use a strong password, with a mixture of uppercase and lowercase letters, numbers, and special characters.
  • Use a different password for each account.
  • Store your passwords in a secure, offline location. Cloud services and password managers can be hacked, and are not the most secure way to store your passwords.
  • NEVER share your password with anyone.

Je kunt nooit veilig genoeg met je bezittingen omspringen. Onze basishandleiding hier is zeker niet uitputtend. Blijf jezelf informeren over hoe je je tokens beter kunt beschermen, door van de crypto-gemeenschap, informatieve artikelen of discussiekanalen te leren.

Additional resources

Hier zijn enkele extra bronnen over hoe je je computer veilig kunt houden:

What are token approvals and why are they important?

Token approvals grant permission for a dapp to access and move a specific type of token and token amount from your wallet. If you are not careful about what token approvals you are approving in your MetaMask wallet, then this could potentially be an attack vector for your wallet to get drained.

To avoid this from happening try and follow these guidelines:

  • Always check what a dapp is actually requesting before clicking 'approve '. In MetaMask, you can also adjust the amount that the dapp has access to. Even if you only provide access to 10% of your tokens, and the dapp turns out to be a scam, that's still a considerably better outcome than if you 'd granted unlimited access.
  • DYOR. The best time to get in the habit of performing due diligence on any dapp before interacting with it was six months ago; the second best time is today. Look out for misspellings, low-quality images/logos, and other giveaways.
  • Remember that if something seems too good to be true, it probably is. If you're being offered 498,563% APY, you're probably on thin ice.

For a more detailed explanation on token approvals and how to manage them please read the following article.

Was this helpful?
Connect MetaMask to provide feedback
What is this?
This is a trial feedback system that uses Verax to record your feedback as onchain attestations on Linea Mainnet. When you vote, submit a transaction in your wallet.