Security is always a trade off between protection from an outside attacker and usability to the end user. At Edge we have always strived to find the balance between the two, making hardened security as simple and even invisible to users.
In this article we’d like to provide several steps to fully maximize the security of Edge to create a vault caliber solution for users holding larger sums that they less frequently access.
Make Sure to Use a Strong Password
We have Edge users set up a username and password combination that we use to protect and back up their account. We use hashes of the username and password combo to encrypt user account’s locally on their device and we use the combo as a backup mechanism in case of a lost or stolen device.
Edge never sees the plaintext version of the username and passwords of our users. Edge users are the only ones with access to their assets and private information.
- Using a strong password makes it near impossible for an attacker to brute force or guess your password
- Use 10+ characters; in fact, the longer the better
- Don’t use known phrases or quotes
- Use special characters, uppercase letters, and numbers
- Write it down and store it somewhere safe
Enable 2 Factor Authentication (2FA)
Edge has native in-app 2FA support, meaning you don’t need another application like Google Authenticator or Authy to be protected. All an Edge user has to do is tap a button once and a unique token is saved on their device. There is no need to leave the application and type a random code in. One tap and you’re protected.
- Makes it such that ONLY your device can login to that account
- Even if an attacker knows your username and password, the attacker will NOT be able to log in on any devices other than the original device
- You can add additional devices so that you can sign in to more than one device
- 2FA can be found in Settings
Enable Spending Limits
A little known feature of our app is spending limits. This adds another layer of security over your assets.
- Enabling spending limits makes it such that every attempt to send assets out of your account will always require your PIN
- Set this at zero so that no matter the amount sent, it will always require your PIN
- Spending limits can be found in Settings under “Options”
Auto Log Off
If you ever leave your device unattended while it’s logged in, you could be putting your assets at risk. It might be wise to make sure your account logs out as soon as possible if it ever finds itself in an insecure situation.
- Your account will automatically logout after being in the background for the time set
- Set this feature to 1 second to be logged out immediately upon backgrounding
- Auto Log Off is found in Settings under “Options”
Fingerprint & PIN Re-Login Disabled
We incorporated features such as PIN and fingerprint login that increase ease of use, but there is often times a slight tradeoff between ease of use and security.For absolute maximum security, we recommend disabling PIN and fingerprint login.
- By having Fingerprint disabled, you will reduce the risk of having someone force you to sign into the account with your fingerprint
- By disabling PIN, you reduce the risk of an attacker being able to gain access if the device is stolen since it only requires 4 digits. The good news is PIN login is rate-limited, so they will only have so many attempts. Disabling PIN login completely removes this possibility of access.
- You can disable fingerprint andPIN login in Settings under Options
We’ve developed security tools from the ground up with the user always in mind. The above steps will give you a high degree of security, confidence, and peace of mind.
Reach out to our support team if you have any questions!