Whether you are a HODLER, HOLDER or day trader or whatever.
Noone likes to lose money.
That’s why I just wanted to put something together for the #cryptonation regarding security of their coins.
When it comes to security, you all should know- you can only increase the security(hence the title).
There will never be 100% security solution for anything in the world.
Let me first talk about a few misunderstandings I have seen over the years regarding coin security.
1- MYTH - Hardware wallet is the most secure option.
This is true in most cases but crpytonauts should still take caution while storing coins in a hardware wallet.
- Don’t accept hardware wallets that are used or broken in package.
- Be vary with people sending you hardware wallets(make sure you check the packaging).
- They may be fake models designed to steal your private keys… Compare the device and the packaging to YouTube video reviews…
- Make sure to update your computer to the latest version. Some wallets have web browser extensions. Do not use other third party extensions that are not popular and accepted by the community. An attacker can intercept your transaction or a flaw can be found in hardware wallet browser extension which could lead to loss of funds.
- Store your seed keys in a safe location. I have seen many people laminate it and storing it. Some people store it in two different cities… How far you should go is totally up to you & the risk of your wallet.
- Hardware wallet company may be hacked… As the hardware wallets get more popular, it becomes potential honey pot for hackers. Hackers may target specific vendor and firmwares. Make sure you keep your wallet up-to date. Once you have received it, make sure to reload the firmware(check the integrity(signature) of the firmware if not automatically checked by the vendor before firmware refresh.
- Hardware wallet company may have black hat hackers in their team… Always make sure you are getting the wallet from a reputable company which can be hard in this dangerous world.
2- MYTH - Storing private keys online is safe
Don’t do this.
If you are storing your private keys online, they can easily be stolen.
You can argue that if you have encrypted your private key &then store it, they may be safe but…
If someone gets hold on to the file and tries brute force attack for a few years or even worse if a flow is found in the encryption software, your funds can be stolen in a matter of days instead of years…
It can be safe not but If not now, later it will be broken!
Realise that your private key is your wallet. If you lose it or if you have any doubt, you need a new one!
-Never ever post your private key online. If a website is asking for your private key, there is something wrong. Unless you are restoring your private keys to generate your wallet again, there is no reason to enter your private key anywhere.
-Never ever copy/paste your private key in an online computer(when you copy/paste things, the “things” are still in the temporary memory called RAM.
They can be extracted by a smart cookie hacker. If you have copied your private key, use RAM cleaner applications to get rid of the private key from the memory.
Or turn your computer off and wait a few minutes(press the power on button when the power is off to clear the memory).
With laptops, you need to take the battery out and press the ON button(if you have MAC like me, you are screwed).
If any doubt, create your wallet/private key offline.
What I mean by offline?
Download a wallet generator.
Check the signature of the file to make sure the downloaded file matches to the developers’ release binary file.
Copy the file to a clean USB drive.
Turn off your computer.
Take out the hard disk.
Take out the wifi and bluetooth cards if you have any.
Take battery out if you have any.
Boot your computer using a live CD or live USB operating system.
I prefer readable-only CDs. If you have a USB drive, make sure it is freshly formatted on a fresh OS(possibly on a live OS).
Create your wallet using the live offline operating system.
Write down your seed/private key & store it safely.
You can now use your wallet on another computer(make sure the wallet that you select does not store your wallet unencrypted).
& your wallet’s private key isn’t stored anywhere.
The best approach would be to use your wallet as a cold storage device.
Cold storage as the name implies. it does not directly interact with the blockchain network.
In fact, it does not interact with any network…
it is only used to verify the transactions(check your private key agains the block chain network).
When you send a transaction from a cold storage device, this transaction can be saved as a normal file.
This can then be imported to an online watching- wallet(this is your real computer where you do your online stuff).
Introducing too many terms all of a sudden… Yes I know I know Still hanging on?
This is where the magic happens, watching wallet is to only scan the transaction file and send it to the blockchain network. It has no idea of the private key.
If you have created a wallet using the above procedure, you can now create an online wallet which is used to only verify the transactions…
This way you can keep your wallet away from online attacks.
3- MYTH - Open source wallets are not secure
They can be secure if used properly.
Use the following methods to securely use your open source wallets.
-Check the integrity of the open source application(check the signature sum of the file). T
-Check the development community. Has it been update a year ago? A month ago or a two weeks ago or a day ago or an hour ago?(I prefer minimum 2 days… It needs to be totally active). If a wallet is not updated for a long period of time, find another wallet.
4- MYTH - Online wallets and exchanges are just fine.
These are the worsts place to keep your coins.
If you have coins in these, get them out right now.
Only transfer small chunks of coins to these if you are trading and do not leave any large amount in these.
They are known to disappear tomorrow with your hard earned coin!
They are also susceptible to hackers.
5- MYTH - 2 factor and IP white list are not necessary
If you are using an exchange, make sure they support 2 factor authentication.
2 factor authentication is usually via SMS or third party application.
If an exchange does not support 2 factor, walk away and find another exchange.
-Reset your phone to factory defaults to clear anything suspicious… You may have had a thousand different apps installed over the years on your phone. Make sure to clear them out before setting up 2 factor.
-Go to what is my ip and find your IP address & add it to exchanges.
6- MYTH - Using same passwords everywhere is ok because I have enabled 2 factor.
For each site that you sign up, use different combination of passwords. If you can, use different emails.
If you have enabled 2 factor, this does not necessarily increase the security of the account as the SMS messages on your phone can also be intercepted.
7- MYTH - Portfolio apps make trading and reporting easy
There are too many alt coins out there.
People build different wallet apps around these coins.
I personally stick to the original wallets of the specific coin.
You can find them on their original GitHub page.
You may argue that some companies put your portfolio together in one place.
And honestly this makes managing different coins easier.
But be aware…
If you put all your eggs in one basket, guess what?
8- MYTH - My 10 years old modem is safe.
Wifi is hackable.
You can use a strong password to mitigate the risks but be very careful…
If you have an old modem sitting around the house for years, replace it with a newer one…
And in the meantime, change your Wifi password.
Get something that you can download the firmware updates quiet regularly.
9- MYTH - I can recover my private keys
No you cannot!
Private keys are not passwords like you used to since the launch of email logins…
Once lost or you suspect the integrity of the private key, there is no way to recover it…
This is by design to increase the security.
10 - MYTH - Set it and save it and forget about it [PS edit]
The value of vigilance is that you need to create behavior patterns to constantly review your security, monthly at the least!
“Setting it and saving it” is a poor assumption. Just because you set up your wallets securely today doesn’t mean they’ll be secure tomorrow.
Make sure to set a schedule to continue to check the security of your value monthly.
The market changes quickly. We need to make sure our stored value is always updated and always secure.
I will add to these as we evolve on our way to the MOON.
(In my opinion blockchain security will be broken in the future. And it should. So that we can upgrade the BTC to a better more secure platforms).