While Envestir's noncustodial architecture provides strong foundational security, there are additional steps you can take to protect your account and assets. Following these best practices will help ensure that your investments remain safe.
Start with a strong, unique password. Your Envestir password is used to encrypt your private key locally, so its strength directly impacts the security of your wallet. Use a password that is at least 12 characters long and includes a mix of uppercase letters, lowercase letters, numbers, and special characters. Avoid using the same password you use for other accounts. A password manager can help you generate and store strong, unique passwords for each of your accounts.
Your 12-word recovery phrase is the most critical piece of security in your Envestir account. Write it down on paper — not on a digital device where it could be exposed by malware or a data breach. Store the paper in a secure location such as a safe or a locked drawer. Consider making a second copy and storing it in a different physical location as a backup. Never share your recovery phrase with anyone, and be suspicious of any message, email, or website that asks for it.
Be vigilant against phishing attacks. Scammers may create fake websites or send emails that look like they are from Envestir, asking you to enter your credentials or recovery phrase. Always verify that you are on the official Envestir website before entering any information. We will never send you an email asking for your password or recovery phrase. If you receive such a message, do not click any links and report it to our support team.
Keep your device secure. Since your encrypted private key is stored on your device, maintaining device security is essential. Keep your operating system and apps updated with the latest security patches. Use a screen lock with a strong PIN or biometric authentication. Avoid installing apps from unknown sources, and be cautious about connecting to public Wi-Fi networks when accessing your Envestir account.