# Device Security Guidelines ## Overview SSP Wallet uses a **2-of-2 multisignature system** where both your browser extension (SSP Wallet) and mobile app (SSP Key) must approve transactions. This means protecting both devices is essential for securing your cryptocurrency. ## 🖥️ SSP Wallet (Browser Extension) Security ### Browser Extension Protection **Essential Browser Settings:** * ✅ **Pin SSP Wallet extension** to toolbar for easy access * ✅ **Enable automatic browser updates** * ✅ **Use official browser stores only** (Chrome Web Store, Firefox Add-ons) * ✅ **Verify publisher** is "Run on Flux" before installing * ❌ **Never install** SSP Wallet from third-party websites ### SSP Wallet Password Security Your SSP Wallet password protects access to your browser extension: * 🔐 **Use strong, unique password** (12+ characters) * 💾 **Store in password manager** * 🔄 **Never reuse** passwords from other accounts * 🚫 **Don't use browser's built-in password saving** for SSP Wallet ### Computer Security for SSP Wallet **Critical Requirements:** * 🔒 **Lock your computer** when not in use * 🔄 **Enable automatic OS updates** * 🛡️ **Run antivirus software** (Windows Defender is sufficient) * 🚫 **Avoid using SSP Wallet on shared computers** ## 📱 SSP Key (Mobile App) Security ### Mobile App Protection **Essential Mobile Settings:** * 📱 **Enable strong screen lock** (6+ digit PIN or biometric) * 🔐 **Enable biometric authentication** for SSP Key if available * 🔄 **Keep mobile OS updated** to latest version * ✅ **Download only from official app stores** (App Store, Google Play) ### SSP Key PIN Security Your SSP Key PIN protects transaction approvals: * 🔢 **Use 6+ digit PIN** (longer is better) * 🤔 **Choose non-obvious numbers** (avoid birthdays, sequences) * 🔄 **Change PIN periodically** for high-value wallets * 🚫 **Never share PIN** with anyone ## 🔐 2-of-2 Security Implications ### Why Both Devices Matter In SSP's 2-of-2 system: * 🔑 **Both keys required** - Compromise of one device alone cannot steal funds * ⚡ **Both devices needed** - Losing access to either device blocks transactions * 🛡️ **Distributed security** - No single point of failure ### Device Loss Scenarios **If you lose SSP Wallet device (computer):** 1. 🆕 **Install SSP Wallet** on new computer 2. 🔑 **Restore using seed phrase** 3. 🔄 **Re-sync with existing SSP Key** **If you lose SSP Key device (mobile):** 1. 🆕 **Install SSP Key** on new mobile device 2. 🔑 **Restore using SSP Key seed phrase** 3. 🔄 **Re-sync with existing SSP Wallet** **If you lose both devices:** 1. 🔑 **Need both seed phrases** for complete recovery 2. 🆕 **Install both apps** on new devices 3. 🔄 **Restore and re-sync** both components ## 🚨 SSP-Specific Security Warnings ### Never Do These: * ❌ **Don't use SSP Wallet on public computers** (libraries, internet cafes) * ❌ **Don't approve transactions without verifying** details on mobile * ❌ **Don't store seed phrases digitally** (photos, cloud storage, etc.) * ❌ **Don't ignore sync errors** - they may indicate security issues * ❌ **Don't share QR codes** from sync process with others ### Critical Security Practices: * ✅ **Always verify transaction details** on SSP Key before approving * ✅ **Keep both devices updated** and secure * ✅ **Store seed phrases separately** in secure physical locations * ✅ **Test recovery process** with small amounts first * ✅ **Monitor transaction history** regularly on both devices ## 🛠️ Secure Usage Patterns ### Daily Usage * 🔒 **Lock both devices** when not in use * 📱 **Keep mobile device with you** for transaction approvals * 👀 **Verify transaction details** match on both screens * ⏰ **Don't approve transactions** you didn't initiate ### High-Value Transactions * 🔍 **Double-check recipient addresses** * 💰 **Test with small amounts** first * 🏠 **Use secure network** (avoid public WiFi) * ⏱️ **Take time to review** - don't rush approvals ### Regular Maintenance * 🔄 **Update both apps** when new versions available * 🔍 **Review transaction history** weekly * 🔑 **Verify seed phrase backups** are secure and accessible * 📱 **Check device sync status** regularly ## Emergency Response ### If You Suspect Device Compromise **Immediate Actions:** 1. 🚨 **Stop using compromised device** immediately 2. 🔄 **Move funds to new wallet** if possible 3. 🆕 **Set up fresh SSP Wallet** on clean device 4. 🔑 **Use seed phrases** to restore on new device ### Getting Help * 📝 **Report security issues** via [GitHub Issues](https://github.com/RunOnFlux/ssp-wallet/issues) * 🔍 **Check transaction history** on both devices for unauthorized activity * 📱 **Contact device manufacturer** for device-specific security concerns *** **Remember: SSP's 2-of-2 multisignature design means both devices must be secure, but also provides protection against single device compromise.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sspwallet.gitbook.io/docs/security-and-best-practices/device-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.