How to properly set up and secure a Blockchain.info wallet.
If you don't have a Blockchain.info wallet, please see our guide "How to set up your first Bitcoin wallet and use the Bitcoin ATM".
Once you have done that, go into your Account settings. On the left side of the page, under Account Information, you will see Personal. Click on it, then enter an email address, an alias, and verify your phone number. The alias allows you to login with something memorable, rather than the long default string of characters. You can use something simple like your full name.
Under Personal, you will see General. Click on it, and set an inactivity logout time (I use 30 minutes), and set your Default Fee Policy to normal, or generous.
Under General, you will see Display. Click on it, and set your local currency. You can change the other settings if you like too.
Under Display, you will see Notifications. Click on it, and change the settings to whatever you want.
Under Notifications, you will see Passwords. Click on it, and then Show / Hide Password Mnemonic. Write down your mnemonic; keep it safe. Now choose a second password. Make it something you will never forget. Write it down; keep it safe. Also, fill in a password hint.
Should you leave your browser open while you're still logged in, the secondary password you entered will prevent someone from sending coins out of your account. It does this by prompting you for a second password anytime you try to send coins.
Congratulations, your account is now much safer; however, there is one more security measure you can take to make your account virtually unhackable. It is called Two Factor Authentication.
Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.
Moving on, under Passwords, you will see Security. Click on it, and then select an option from the drop down menu. Blockchain.info gives you a couple of different options for two factor authentication: SMS, email, Yubikey, and Google Authenticator. We highly recommend either using a Yubikey, or Google Authenticator. If you choose Google Authenticator you need to download the Google Authenticator app from the App Store (iPhone), or the Play Store (Android).
Because Google Authenticator is the quickest and easiest to set up, I'm going to use it as an example.
Download Google Authenticator from the App Store (iPhone), or the Play Store (Android). Once you have done this, go back to your computer, and in the Security settings, choose Google Authenticator from the drop down menu. A large QR code will be displayed. Open the Google Authenticator app on your smartphone and choose Scan a barcode. Then scan the barcode displayed on your computer's screen. After scanning the QR code, the app will display a 6 digit code that changes every 30 seconds. Enter this into the box below the QR code on your computer screen.
Congratulations, because an attacker would need to know your main password, your secondary password, AND have access to your smartphone in order to enter your authenticator code, your account is now virtually unhackable!
To the moon!