The other posts touch upon important distinctions between web wallets and online vs offline(cold storage) wallets.
The other thing to keep in mind though, is your personal choices. Since one of the strongest features of bitcoin is the avoidance of charge backs, you need to make sure you handle your newly acquired bitcoin seriously. This often makes users take a hard look at computing safety and computer security in general.
You need to learn about phishing,scams,malware,viruses,etc. This may seem like a lot but, at this point in time its important for users to educate themselves at even the most basic levels. You do not need to become a security researcher, just try to learn how to protect yourself. Also, these are the things that the average internet user should be doing to help protect themselves.
This post is not meant to scare you, just to touch on some of the all too common mistakes that happen with users new and old.
- Do not use the same password in more than 1 location
- Use long secure passwords. Generally make the password as long as your willing to deal with. Over 20 characters is probably a decent baseline(secure means many different things to people at this point, you can take the password generator approach or the xkcd approach and string together words,numbers,& symbols
- Use 2 Factor authentication on anything you possible can
- Do not use Email for 2 Factor Authentication (Its often regarded as a bad idea,since it is not as secure)
- Make sure you find a way to backup 2 factor authentication and make sure it works
- Be careful when opening links within emails(phishing emails are getting better. )
- Make sure the site you are going to is typed in correctly (bookmarks would help)
- Do not access any important sites over unencrypted connections such as free wifi at a coffee shops(you really shouldn't be doing any type of browsing on an unencrypted connection. Using a VPN in these situations is suggested)
- Pay attention to ssl certs (click on the lock that shows up when visiting a site with https to make sure the cert is valid and the site is spelled correctly
- Don't just open random donwloaded applications because YOLO (You may only live once but with this attitude so will your bitcoin )
- Within Blockchain require 2FA to do anything (this would help protect you by needing your code to send
- Within Blockchain enable notifications for everything to do with your account and routinely monitor your email (this is not fool proof of course but will give you more info)
A few other things to keep in mind. Your email account can be compromised without your knowledge. Having notifications setup can help mitigate that risk. With this in mind email as 2 factor authentication is often regarded as not a real level of security. Something like Authy or Google authenticator is a better idea as they work independent of an internet connection. Authy might be a better choice as you can back up your tokens much easier than with google authenticator (use what you like best).
Always use a long password when setting up a block chain wallet and it is in your best interest to not have the backups emailed to you. If you have the block chain wallet emailed to you someone can either intercept the backup as it was sent or compromise your account and have access to it. Now just having access to the file is not enough luckily as it is encrypted and hopefully secured by a very long password but we want to reduce risk not increase it.
A password manager like keepass
http://keepass.info , lastpass
https://lastpass.com , 1password
https://agilebits.com/onepassword is also a great idea. With these you can easily create long unique passwords for each site and still easily manage them. Each of the listed password managers have their pros and cons.
For a comparison of antivirus check out av-test.org
http://www.av-test.org/en/home/ & av-comparatives.org
http://www.av-comparatives.org/. Comparing the real world test results is often a good place to start when deciding between different antivirus software. Do your best to avoid ones with consistent false positives too, as they can become bothersome.
If you already know all these things disregard this information.
With all that being said. Enjoy being able to send money freely from all around the word within seconds with barely any fees.
Coincase Bewark of a phishing attack
http://blog.coinbase.com/post/47145265173/beware-of-a-phishing-attackxkcd password strength
http://xkcd.com/936/xkcd password reuse
http://xkcd.com/792/