GreenAddress Best Practices

Here at GreenAddress we want to give you the highest security yet smooth user experience. This document will show you how to have the best experience and explain why we do things the way we do.

  • Native or downloaded wallets are preferred over web wallets
    • While we support a web wallet interface, they should be used only when no other reasonable choice exists. It is much preferred to use our Chrome App, our GreenBits Android App, or our Cordova-Based GreenAddress wallet. Using a web wallet means that the underlying code can be changed at any moment. If your browser is compromised, or GreenAddress hacked, someone could hijack your session and steal your keys.
  • Write down your mnemonics, and keep them in a safe place
    • Your mnemonics are your keys, and GreenAddress has no access to them. This is by design. If we had access to your keys, we could be hacked and you’d lose all your money. Or we could be coerced to do so by governments. Controlling your own keys means you control your money. If you lose your mnemonics and fail to send your funds to a new wallet, you risk losing your funds.
  • Activate nLockTime backup settings, and keep the zip safe
    • The nLockTime backup is a fancy way of keeping your funds safe in the case of GreenAddress ceasing to function, or you losing your 2FA. This nLockTime, combined with your mnemonics and Gentle software allows you to regain your funds after a timeout you will choose. The standard waiting time is 90 days.
    • The nLockTime zip is encrypted with your mnemonics seed, so it’s safer to store wherever is convenient.
  • Use 2FA, and use a different device
    • Using 2FA properly means that even if one of your devices is hacked beyond saving, your 2FA authentication can save you from losing your funds. For example, one could set up an e-mail that is not connected to your phone, and use your phone for making payments. Any payments larger than your spending cap will have to be confirmed through access to your other account.
    • Warning: If you lose your 2FA access, GreenAddress will not unlock your funds outside of your chosen spending limit policies. This again is for your own protection. If we did otherwise, social engineering attacks become very profitable. Instead you should get your mnemonics and refund transaction together and recover them once the nLockTime expires.
    • With 2FA activated, you can set spending limits for ease of use for small amounts. If you only spend less than that amount in a day, you won’t be prompted for a 2FA challenge.
  • Use hardware wallets
    • Hardware wallets significantly improve your security
    • On our Chrome app and GreenBits we support a variety of hardware wallets: Ledger’s Nano, HW.1, TEE and KeepKey and other devices using the TREZOR protocol.
  • Use watch-only login
    • If you don’t need to spend you can login using our custom login mode which is watch-only, that is, no mnemonics/hardware wallet is used and no transaction can be send, only receive.
    • This login mode improves your security and can be used to check things without having to expose your mnemonic passphrase or hardware wallet unnecessarily.