Docs Security & Privacy Security Best Practices

Security Best Practices

Practical steps to keep your Bervice account, keys, and data safe—covering device hygiene, wallet security, encryption hygiene, and team processes.

Security is a shared responsibility. Bervice encrypts your content locally and stores it on decentralized infrastructure, but your choices around devices, keys, and sharing determine your overall security posture. Follow the guidelines below to minimize risk.

1) Device & Account Hygiene

  • Keep OS, browser, extensions, and firmware up to date. Enable automatic updates when possible.
  • Use a modern, supported browser. Disable unknown extensions; review permissions periodically.
  • Enable a reputable endpoint protector (anti-malware). Avoid sideloading untrusted apps.
  • Lock devices with biometrics or strong passcodes; enable full-disk encryption on desktops/laptops.

2) Identity & Login

  • Use a unique, strong password for your Bervice account (if applicable) and enable 2FA/TOTP where offered.
  • Do not reuse passwords from other services. Rotate credentials if you suspect exposure.
  • Beware of phishing: always check the domain and TLS lock; avoid links from unsolicited messages.

3) Wallet & Key Management

  • Prefer hardware wallets for on-chain actions. Never share seed phrases or private keys.
  • Back up seed phrases offline (paper/steel). Store in separate, physically secure locations.
  • Use separate wallets for testing vs. production. Consider multisig for team-controlled funds.
  • Verify chain/network and contract addresses in-app before signing. Review transaction details carefully.

4) Encryption Hygiene

  • Let the app generate strong keys; avoid weak passphrases. Use a modern KDF () with high parameters.
  • Keep local exports/archives encrypted. If you must share, use time-boxed links and out-of-band key exchange.
  • Rotate keys and re-encrypt sensitive items if you suspect device compromise.

5) Network Practices

  • Avoid public Wi-Fi for sensitive actions. If unavoidable, use a trustworthy VPN and HTTPS-only mode.
  • Disable developer mode/remote debugging on daily-driver devices unless necessary.

6) Team & Collaboration

  • Follow least privilege: give members only the access they need. Review access quarterly.
  • Use shared vaults with role-based permissions for team secrets; avoid sharing keys in chat.
  • Document incident response: who to contact, how to rotate keys, how to revoke devices/sessions.

7) Detect & Respond

  • Enable security alerts. Investigate unusual sign-ins, referral spikes, or unexpected on-chain activity.
  • If compromise is suspected: disconnect, rotate wallet, revoke sessions, re-encrypt affected items, and contact support.

For deeper guidance, visit Key Management, Blockchain Security, and Data Encryption.

Previous

Post - Quantum Cryptography(PQC)

Next

Data Privacy & Compliance