NXT is next generation crypto platform that will enable features like voting, crowd sourcing, stock exchange (via coloured coins) and a new currency. Many other ideas are piling up.
Security (authenticity) of the platform is ensured by PoS (Proof of Stake) mechanism. To find out more about these basic concepts, look up nxtcrypto.org.
This writeup is intended as list of gotchas to avoid when starting with NXT.
0) Before you even start installing NXT client and creating your account, run an antivirus (preferably several).
In the worst scenario your system is compromised by malware or some key-logger and making a NXT account in these circumstances will have very sad consequences.
There is no bank helping you out in case of security breach - it is just you and you alone.
1) Get the client and verify what you have downloaded.
Currently you may need to install Java to start up the NXT client, but it is considered a reference software. More user friendly clients are in development as we speak.
Software and installation instructions you can find at nxtcrypto.org.
After downloading verify SHA256 signature (digest) of your download file with the one published on the nxtcrypto.org for that particular version. Use only publicly acknowledged download sites.
There are plenty people out there that can publish for download already compromised software. Be careful who you trust and do not get scammed like the author of this writeup.
2) If you fail to install or start up the client, you can look for help at nxtcrypto.org or nextcoin.org - it is a very friendly community. If everything goes ok, proceed to step 3.
3) You have installed the NXT client and you've entered
https://127.0.0.1:7875/ in your browser and you see a pink lock and four other icons. Congratulations! You have a running NXT client. Technically it is both client and server, but more details on this is out of scope.
4) Now I am getting to most important part. Creating an account.
If you have never used pass-phrases, this concept may seem strange to you. There is no username + password. There is just one unique passphrase to your account and that is why you need
to make your passphrase very complex and impossible to remember. If you can remember your passphrase it is 99.9% guaranteed that someone will get access to your account. I will give you some examples.
Consider passphrase "ILoveMyDog#5" it might look pretty unguessable to you, but it is not. This type of password user for NXT account could be broken with a basic hacking skills and a primitive word expression list in few hours.
A sample of a truly secure passphrase would be "2e0xtdt8bhecc1f5a1615yh6sj859sabfeh4gjof2ee72esz63b519icoyslq3aee5" and feel free to add some #, $, &, * symbols randomly for a good measure. Of course, do not use any part of this sample, as
after publishing this post it will end up in someones word-list. And do not bang your fingers in predictive asdf lkjh ert 987 sequences. Don't be naive, it's wild west out there.
There are some online password generators out there, but do not use them. Even if they are client-side generated - if you do not know how exactly the password is generated, just do not use such service. Use your imagination.
Now that you have created your passphrase, how are you going to store it? Best of all - write it on a paper and store in a safe. If you hate to type it out every time, save it in a file and copy paste it, but you can be sure that this exposes you more.
Besides when copy-pasting, make sure the application you are using for this simple operation does not mess up your passphrase (autocorrect, insert line-break characters, etc.) - MS Word, Wordpad and even Notepad are evil. Use Notepad++, for example.
Ok, you have your passphrase and you have stored it. You also have checked your computer for malware. You are now ready to create your NXT account.
In the browser after visiting
https://127.0.0.1:7875/ press on the orange lock icon. You will be prompted for a passphrase.
Now this may be tricky to grasp - at this point you will not create an account actually, you will open account represented by your passphrase. In fact you will just find out your account number.
You can think of it as already existing account which corresponds to your passphrase. Change one symbol/character/digit in your huge passphrase and you will open another account. Try it. There is no penalty.
Now that you see your account number in the top left corner of the page, write it down. Or copy - paste it somewhere. Or both.
NOW this is important!!! Before you are transferring any money to this account, open (unlock) it several times. Verify that the pass-phrase you have stored is indeed the pass-phrase for the account you wrote down and you are going to send money to.
That on the first attempt you did not miss some character, or wrote O instead of 0, or uppercase I instead of lowercase L. This is most relevant if you store your password on paper.
Ok, you have unlocked the account several times with your passphrase and it indeed was the same account every time. You are now ready to transfer some NXTs into your account. You can get some for free. Google up "NXT faucet".
Send your comments/questions. Will try to apply some better wording and list more gotchas.