What precautions and best practices can I use for Counterwallet?

  1. Do not install browser plugins (add-ons, extensions) from untrusted authors or sources (or better yet, use a dedicated browser instance without any add-ons when you access Counterwallet)

  2. For domain counterwallet.io (and the old domain counterparty.co) disable all extensions that have access to your browser data (like automated translation tools and such)

  3. Consider running your Counterwallet session in the “anonymous” (incognito, private) mode.

Such mode disables caching and hence Counterwallet will take longer to load, but it also disables browser plugins which improves the security of your session.

More on the Incognito Mode of Google Chrome can be found here:
Other browsers have similar options.

  1. Apply usual best practices for system security (antivirus and antimalware software, etc.)

  2. NEVER share your wallet pass phrase or Quick Access URL password with anyone. NEVER share private key of any address with anyone. “Anyone” includes Counterparty project members. Keep your wallet pass phrase, password (Quick Access URL) and private key private.

  3. Do not share, sync or export bookmarks if you bookmared Quick Access URL to your Counterwallet

  4. Do not use TOR or proxies that cannot be trusted.

  5. Never import other private keys known to other people (e.g. if someone asks you to “help” them by importing their private key to your wallet) to your Counterwallet.

  6. Remember that private keys imported to Counterwallet cannot be recovered from the pass phrase (because unlike “native” addresses generated by Counterwallet they cannot be unlocked by your pass phrase), so do not discard private keys of imported addresses if those addresses need to be recoverable from outside of Counterwallet.

  7. Consider using cold storage (e.g. Armory - see this tutorial here).