Keeping Your Digital Assets Secure
The blockchain has eliminated the middleman and has aided cryptocurrencies to eliminate banks which has transferred power to the hands of the users. With this power comes responsibilities which the banks formerly carried on their shoulders.
Security is one of such responsibilities. Banks had customer care support for complaints but now you are the bank with no customer care representative. If you lose your funds, it’s all on you. You’ll have no one to forward complaints to or sue. Banks secure funds well but this does not stop thieves from stealing from them.
With your funds in your care and no state of the art security, how do you secure your funds?
Passphrases and strong passwords
Use passphrases and strong passwords to encrypt your wallets, email accounts, or any other software which might be used to access your funds. A passphrase is a group of words that can be a sentence or just random words. Do not use predictable phrases, sentences or song lyrics for your passphrases. If spaces are not accepted, you can join the words together or make use of their initial letters.
Boys eat grass and don’t regurgitate because they don’t have an abomasum
Can be written as
Boyseatgrassanddon’tregurgitatebecausetheydon’thaveanabomasum
Or
Begadrbtdhaa
(initial letters)They are easier to remember than passwords.
You can choose to use strong passwords (mixture of upper case and lower case letters, numbers and special characters).
Use different passphrases or passwords for each account, password managers help to hold your passwords safe a good choice would be KeePass it only has an official desktop version now no mobile app yet. It is open source, although not so user friendly but implements local encryption and cloudless syncing.
Use a different email address for each online account to protect your remaining funds if one gets compromised.
Backups
When you create a new wallet you usually get a 12/24 seed word, a keystore or just the private/public key pair.
It’s best not to screenshot your seedword or private key or write it in a document and store in a cloud service or email as they are centralized and if hacked leaves your funds at the mercy of the hackers. This beats the original purpose of the blockchain. It’s best to write them on a piece of paper and store them in a safe place. Having duplicates in different locations helps with redundancy as papers are susceptible to damage. Storage is not limited to paper alone you can become creative with it by engraving on glass or metal.
If your device gets lost, stolen or you decide to switch devices don’t just import your keys sweep them into a new address.
Two Factor Authentication (2FA)
2FA requires you to have two things to access your account your password and usually a code generated periodically. Always implement 2FA in your accounts if the service provider supports it.
Image credit: thehackernews.com
Although 2FA is a good measure of security, 2FAs which use SMS to send One Time Passwords (OTPs) are vulnerable to attacks. Positive technologies’ researchers have been able to hack the Signalling System No. 7 (SS7) network, an old technology used for sending and receiving SMSs and intercept OTPs.
Stay away from 2FAs which involve sending OTPs by emails or SMS rather use software that generate these codes locally on your device. Google authenticator and Authy are good choices.
Trusted wallets
Your choice of wallets also determines your level of security.
Cryptocurrency exchanges are not wallets and are currently the worst places to keep your funds. Through the history of bitcoin, they have shown to be very vulnerable from the Mt. Gox Exchange hack to the unbelievable Canadian exchange Quadrigacx case where the CEO died with the passcodes to the exchanges wallets. Like online wallets they defeat the original purpose of cryptocurrencies since they hold your private keys for you and can get hacked or disappear with your funds. In 2018 alone $856 million worth of crypto was stolen from exchanges according to a research by ledger. It’s very simple if you don’t own your private keys you don’t own your funds.
Only use exchanges and online wallets to hold little amounts you plan to trade. Mobile and Desktop wallets are better alternatives as they store your private keys locally. Before you download a wallet verify the software publisher and checkout the customer reviews. Downloading a malicious wallet or a legitimate but compromised one will put your funds at risk.
Hardware wallets are the best alternatives now and should be used for long time storage of large amounts. An air-gapped (strictly offline with no internet connection) device will provide the same security as a hardware wallet but is harder to setup and maintain.
Preventing Phishing Attacks
Social Engineering attacks have been a threat to the digital world for a long time. They involve luring or deceiving unsuspecting members of the public in giving out their personal information. Phishing scams are the biggest threat and the most common means of social engineering. According to Breach Level Index of 2018 First Half Review report, records breached in the first half of 2018 are 4,553,172,708.
You might receive mails or text messages to click on a link and enter one information or the other. Some of these mails are phishing mails aimed at collecting your personal information to access your funds. Don’t click on links from emails. It’s hard to tell the difference in an email you should go to the official site to find out the latest happenings. Clicking on a malicious link will put you at risk.
Phishing sites also try to collect your information by making a dummy site that looks exactly like the original site. Like this Binanceweb.com site reported on this reddit thread.
After typing in ur username and password and entering your 2FA code they"ll tell you your account has been locked due to new Security measures giving them time to have their way with your funds. The old https trick does not seem to work as these sites now also have SSL certificates. Its best to bookmark the original and always access it from there. Searching on google or clicking on a link can lead you to a malicious site.
Cryptonite is a Chrome/Firefox extension that helps to warn you of dangerous or unverified sites. It’s very useful and highly recommended as it protects you from possible phishing attacks.
Copy and Paste
When sending coins/tokens it all takes a simple address copy and paste to send them. But this process has also proven to be vulnerable. As seen in 2018 with the All-Radio 4.27 Portable program which replaces your copied address with another address and you send you funds there unknowingly. The program also contained a hidden miner used for cryptojacking. Experts from Malwarebytes found out the program got on computer systems of victims when they tried to use cracks of licensed programs and games including Windows activator, KMSpico.
Although stressful it’s best to always double-check addresses before clicking the send button. Using a QR code is an option which will save you from such a malware.
Ethereum Name Service (ENS) is a platform similar to Domain Name Service(DNS) it helps you create a domain name for your wallet address or smart contract and is built with smart contracts on the Ethereum blockchain making your domain name completely decentralized and free of attack.
To send funds you can simply enter the domain name instead of the wallet address and can create subdomains.
0x84055fc….
Can be entered as
Nonsewallet.eth
Antivirus
Having an antivirus to an extent protects you from malwares that aim to steal your personal information or cause you to give out your private keys. It also protects you from key loggers.
Always make sure the antivirus software is legitimate and up to date with the latest security patches. Desist from installing and downloading software from unknown or untrusted sources and use only licensed software.
Although antivirus software, encryption and two-factor authentication will keep your funds safe digitally to an extent. The main point of security and vulnerability is you the user. If you choose to make a silly mistake of giving your private keys or any means of funds access to an attacker no one will stop you it’s yours after all. All it requires common sense and good judgement.
We set out with a question on our minds on how to secure our funds which has been answered. I hope you enjoyed the article. I’d love to see your views about the article in the comments section if you have any suggestion or have questions please don’t forget to share.
