Laktawan at dumiretso sa pangunahing content

Basic safety and security tips for MetaMask

note

Baguhan sa crypto at web3?

Pumunta sa MetaMask Learn para sa isang simpleng karanasan sa pagkatuto na partikular na idinisenyo para sa mga baguhan sa web3. Libreng-libre ito, available sa maraming wika, at may kasamang kapaki-pakinabang na tools gaya ng mga simulation upang matulungan kang maging pamilyar sa MetaMask.

Ano ang isang Lihim na Parirala sa Pagbawi at paano ko ito iba-back up?

Ang paggamit ng parirala ng binhi, o Lihim na Parirala sa Pagbawi, ay isang pamantayan na ginagamit ng karamihan ng mga wallet ng crypto. It's generated randomly when you create your MetaMask wallet, and provides access to all the accounts (addresses) within that wallet.

When you first create a wallet, you will be prompted to write down your Secret Recovery Phrase (SRP), or connect your Google or Apple account to MetaMask. While both options have an associated SRP, they function differently in the backend.

If you secure your SRP, and do not connect your Google or Apple account to MetaMask, then MetaMask does not control any of your personal or private data on our servers. Ang lahat ay naka-encrypt sa iyong browser at protektado sa pamamagitan ng iyong MetaMask password. So, if you lose your MetaMask accounts and need to restore them, you can only do that with your SRP. In this case, your SRP is your single point of failure for access to your accounts.

If you connect your Google or Apple account to MetaMask, your SRP is encrypted and sharded across five different nodes. Only your Google or Apple account and password can access and decrypt all five shards. In this case, your Google/Apple account and password are your two points of failure. Because of this, make sure you do not reuse your Google/Apple password for your MetaMask password. The two passwords should be completely unique. We also recommend you still secure your SRP in case you lose your password or Google/Apple account.

Why you need to store your Secret Recovery Phrase

MetaMask is a self-custody wallet. Whoever has access to an SRP has access to all of its accounts. If your device breaks, is lost, stolen, or has data corruption, there is no way for the MetaMask Support team to recover your SRP for you.

Don't share your Secret Recovery Phrase and private keys

Anyone who has your SRP or private keys can control your assets, and therefore send tokens out of your accounts. Huwag kailanman ibahagi ang mga ito sa sinuman, kabilang ang MetaMask team o sinumang nag-aangking kumatawan sa amin.

We will never ask you to provide your SRP. If someone claims that we do, insist on not sharing. If you encounter someone who claims to be a MetaMask or MetaMask Support team member, or asks for your SRP and/or private keys, report them by getting in touch with Support. If anyone else asks for your SRP and/or private keys, assume they are trying to steal all of your assets.

This applies to websites and apps, as well. The only legitimate situations where you'll need to enter your SRP are:

  • Kapag ginagawa mo ang iyong wallet sa unang pagkakataon, dahil kailangan mong ilagay ang tiyak na mga salita mula sa parirala para kumpirmahin na nairekord mo ito.
  • Kung ibinabalik mo ang iyong wallet sa bagong device o mula sa bagong install, o kailangan mong i-reset ang iyong password (Isang katulad na proseso).

There are, however, scammers that try to simulate these two situations. See here for more information: How do I recognize the real MetaMask?

Kung mayroon kang malaking halaga ng mga token sa iyong (mga) account, isaalang-alang ang pagkuha ng wallet ng hardware.

Ang mga wallet ng hardware ay karaniwang itinuturing na pinakaligtas na paraan para magtago ng mga token mo. Madalas silang tinutukoy bilang mga 'cold' wallet, dahil diskonektado sila sa internet kadalasan o sa lahat ng oras. Ang pamamaraang ito ay nangangahulugang hindi maaaring maabot ng mga gumagawa ng masama ang iyong mga private key sa online, gamit ang hardware wallet mismo na nangangailangan na lagdaan (awtorisahan) ang anumang transaksyon.

Don't share your password(s)

You should never share any of your passwords with anyone, but for now, we will focus on your MetaMask password. If you connect your Google or Apple account to MetaMask, your password is required to access your accounts.

MetaMask Support will never ask you to share your password. If someone has access to your password and your Google/Apple account, they can access all of your MetaMask accounts.

If you don't have your Google or Apple account connected to MetaMask, your password functions differently. Having access to your password will not give someone access to your accounts. However, you should still secure your password and practice good password hygiene.

Password best practices
  • Use a strong password, with a mixture of uppercase and lowercase letters, numbers, and special characters.
  • Use a different password for each account.
  • Store your passwords in a secure, offline location. Cloud services and password managers can be hacked, and are not the most secure way to store your passwords.
  • NEVER share your password with anyone.

Walang maituturing na sobrang kaligtasan. Ang pangunahing gabay dito ay hindi nangangahulugang komprehensibo. Palaging alamin kung paano mas mapoprotektahan ang iyong mga token, sa pamamagitan ng pag-aaral mula sa komunidad, mga materyal na nagbibigay-kaalaman o mga channel ng talakayan.

Additional resources

Here are some additional resources to keep your computer safe:

What are token approvals and why are they important?

Token approvals grant permission for a dapp to access and move a specific type of token and token amount from your wallet. If you are not careful about what token approvals you are approving in your MetaMask wallet, then this could potentially be an attack vector for your wallet to get drained.

To avoid this from happening try and follow these guidelines:

  • Always check what a dapp is actually requesting before clicking 'approve '. In MetaMask, you can also adjust the amount that the dapp has access to. Even if you only provide access to 10% of your tokens, and the dapp turns out to be a scam, that's still a considerably better outcome than if you 'd granted unlimited access.
  • DYOR. The best time to get in the habit of performing due diligence on any dapp before interacting with it was six months ago; the second best time is today. Look out for misspellings, low-quality images/logos, and other giveaways.
  • Remember that if something seems too good to be true, it probably is. If you're being offered 498,563% APY, you're probably on thin ice.

For a more detailed explanation on token approvals and how to manage them please read the following article.

Was this helpful?
Connect MetaMask to provide feedback
What is this?
This is a trial feedback system that uses Verax to record your feedback as onchain attestations on Linea Mainnet. When you vote, submit a transaction in your wallet.