Overview
MetaMask is a self-custodial crypto wallet that runs as a browser extension and mobile app. Logging in unlocks a local vault protected by your password and Secret Recovery Phrase (SRP). Because MetaMask stores keys locally, users are responsible for keeping their SRP and device secure.
Secure login steps
- Install only from the official site or official app stores.
- Use a strong, unique password and keep SRP offline (paper/metal).
- Prefer hardware wallets for large balances; they sign transactions externally.
- Never enter your SRP into a website — MetaMask will not ask for it online.
Phishing & extension hygiene
Confirm extension publishers, check domain names, and review extensions often. Be skeptical of unsolicited messages requesting access or offering help.
Transaction review & permissions
Carefully review approval screens: recipient address, amount, and allowance scope. Revoke unlimited token approvals after use.
Recovery planning
SRP is your only built-in recovery method. Keep multiple secure physical backups and consider a trusted legal plan for heirs if needed.