Take care of your online security before getting into crypto

in #cryptocurrency7 years ago

Before you think of your cryptocurrency security, please take care of your general online security. Many people hold coins or fiat currency on crypto exchanges for different reasons. Even though I always avoid online wallets, it often happens to have some money stored online. We've heard countless stories about how people lost their coins from their accounts. This will continue to happen that's why it is important that many people are made aware of the issue and educated. Many users make a mistake of setting up a secure account on a crypto exchange but ignoring their email security. By gaining access to your email, hackers can acquire full control of your accounts.

Choose Strong Passwords

Most of the online users use one password for all their accounts. If you plan on diving into the crypto space, please at least change your email password. 

Your email will be an important part of your crypto life, therefore, making sure nobody could hack into it is crucial!

If you are not good with password use a password manager. These are also not the best choice but are often a better solution if you are not good with passwords. My favourite password manager is Master Password. Why do I prefer this app? It generates your password locally on the device and never stores it in a cloud. What is the downside of the app? It does not offer the convenience of apps like 1Password. The upside is that it is more secure and open source. So after you took care of your password you can proceed to the next step. 

Activate 2 Factor Authentication for Email and Online Exchange Logins

This step is a must for every crypto user. 2FA is an extra layer of security for your account which requires additional steps for the user login. There are three main ways of 2FA

  1. Use your telephone number for login
  2. Use a password generator like Google Authenticator or Authy
  3. Use a USB security key

1. From the three steps mentioned above the telephone number login is the least secure method. Why? Phone numbers especially the ones in the USA could easily be stolen from the owner and transferred to another person. After that the hacker receives the SMS for the account login. You can read the story of Bo Shen and his stolen REP coins. Please avoid this 2FA method if possible. It is still a better solution of not having 2FA activated. 

2. The second method for verification offers the highest convenience to security ratio for the user. Every crypto-exchange offers it as an option. You basically need to install an app on your phone and scan a QR code only once and you are ready to go. The only way for a hacker to get the information about the code generation process is to have access to the QR code you were presented early. 

3. The USB security key offers the highest security. Strangely enough, not many email providers offer this option. The best one I know is Gmail by Google. The way this USB works is every time you want to login into your account you will need to connect the security card to your computer. Unfortunately this only works with the Chrome browser (good job Google...). Here comes the usability problem. If you want to login into a mobile device which does not have a USB connector you need to go through additional steps. Your Google account offers you 10 unique codes for use on devices where you cannot use the USB. These codes are generated in your Google Account Settings and can be used for 2FA login. Each code can be used once. Did you know that you can use your Ledger Nano S as an USB security key for Gmail? 

Connected Email Accounts

Many email providers offer you to connect your email with another one of yours for backup reasons. Here is the problem: If your second email is not secure enough it may present a security vulnerability. Avoid adding other emails to your main account. 

Bragging Online about your Crypto Gains

I see many people on social media posting how much money they made and how many coins they own. This kind of behavior attracts hacker's attention and might make you a target of an attack. Just keep your mouth shut and don't let anxiety take control over your actions. 

Summing up

  • Use strong and unique passwords
  • If you are not good with passwords use password managers
  • Activate Two-Factor-Authentication for all your accounts
    • Avoid the SMS login option
    • Your Ledger Nano S hardware wallet can act as a USB secure key for login
  • Avoid connecting other emails to your mail account unless they are nicely secured
  • Don't brag online about your crypto



Sort:  

Congratulations @kondor1030! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Good info, thanks.
Master Password seem nice since it doesn't need to store any. But how does it deal with imposed generated passwords such as the ones used in Steemit ? I mean since it cannot re-calculate it, you have to store it somehow else, don't you ?

Master Password can only generate passwords and does not store third party passwords. It has limited functionality therefore it is more secure. You can generate a new password from Master Password and replace your Steemit password with it. This is the only option.