Xaman Help Center
Ask or search…

Best Security Practices Using the Xumm (Tangem) Cards

How we recommend using the cards
Here are our top 5 recommendations when using our cards...

Never use your card in an untrusted environment

For maximum security, you should be using your Xumm cards at home, in a private, secure and trusted environment. It is generally not a good idea to sign transactions in large public areas. (Think grocery stores, malls, crowded streets, etc.)
If you do a lot of transactions in public environments, consider using the cards in conjunction with a regular XRPL account managed by Xumm. Such an account could be used to store limited funds that will be accessed on a daily basis, keeping the majority of your funds safely managed by your Xumm cards. If you need to top up your balance in your regular account, you can do so using your Signing card when you get home.

Keep your pin/passcode safe

Your Xumm card is basically an advanced version of your master password to access your XRP Ledger account, so keeping your pin/passcode safe (if you configure one), is vitally important. You are probably very cautious when entering your pin/passcode for your bank card or credit card so you should be just a vigilant when it comes to your pin for your Xumm card.

Never use your card on an untrusted device

You should only add the card(s) to a trusted phone. Things to ensure are:
  • your device has the most recent security and OS updates.
  • you have strong and complex passcodes/passwords
  • Do not 'root' or jailbreak your phone.
  • install applications only from the App Store and Google Play. Do not install “cracked” apps from random sites on the internet.
  • Review your installed applications from time-to-time and remove those you don’t use.

Never connect to the internet using public WiFi

Public WiFi can be very dangerous. The list of possible attack vectors using public WiFi include: malware, viruses, worms, network snooping, session hi-jacking... the list goes on and on. If you use Xumm or Xumm cards, we strongly recommend against using public WiFi.

Consider having at least two XRPL accounts

In some cases, having two or more separate XRPL accounts can be a good idea. It really depends on how you plan to interact with the XRP Ledger community, but some people will have separate accounts for:
  • airdrops
  • DEX trading
  • NFTs
  • daily spending
  • long term savings
  • gambling
  • games
By spreading your funds between multiple accounts, it ensures that if someone were to somehow get access to one account, they would not get access to all of your funds. Some people have gone so far as to have multiple Xumm card accounts (each with their own backup card configured) and divide their funds between them. Having a single account is like having all of your eggs in one basket. Even if it is the most secure basket in the world, everything is still in one place. Having multiple accounts helps minimize the risk.