Keeping Your Digital Assets Secure

in #security6 years ago

The blockchain has eliminated the middleman has aided cryptocurrencies to eliminate banks and has transferred power to the hands of the users. With this power comes responsibilities which the banks formerly carried on their shoulders.
Security is one of such responsibilities. Banks had customer care support for complaints but now you are the bank with no customer care representative. If you lose your funds, it's all on you. You'll have no one to forward complaints to or sue. Banks secure funds well but this does not stop thieves from stealing from them.
With your funds in your care and no state of the art security, how do we secure our funds?

Passphrases and strong passwords
Use passphrases and strong passwords to encrypt your wallets, email accounts, or any other software which might be used to access your funds. A passphrase is a group of words that can be a sentence or just random words. Do not use predictable phrases, sentences or song lyrics for your passphrases. If spaces are not accepted, you can join the words together or make use of their initial letters.
Boys eat grass and don’t regurgitate because they don’t have an abomasum.
Can be written as

Boyseatgrassanddon’tregurgitatebecausetheydon’thaveanabomasum
Or
Begadrbtdh

They are easy to remember than passwords.
You can choose to use strong passwords (mixture of upper case and lower case letters, numbers and special characters).
Use different passphrases or passwords for each account, password managers help to hold your passwords safe a good choice would be KeePass. It is open source, although not so user friendly but implements local encryption and cloudless syncing.
Use a different email address for each online account to protect your remaining funds if one gets compromised.

Backups
When you create a new wallet you usually get a 12/24 seed word, a keystore or just the private/public key pair.

It's best not to screenshot your seedword or private key or write it in a document and store in a cloud service or email as they are centralized and if hacked leaves your funds at the mercy of the hackers. This beats the original purpose of the blockchain. It's best to write them on a piece of paper and store them in a safe place. Having duplicates in different locations helps with redundancy as papers are susceptible to damage. Storage is not limited to paper alone you can become creative with it by engraving on glass or metal.
If your device gets lost, stolen or you decide to switch devices don't just import your keys sweep them into a new address.

Two Factor Authentication (2FA)
2FA requires you to have two things to access your account your password and usually a code generated periodically. Always implement 2FA in your accounts if the service provider supports it.
Although 2FA is a good measure of security, 2FAs which use SMS to send One Time Passwords (OTPs) are vulnerable to attacks. Positive technologies' researchers have been able to hack the SS7 network, the old technology used for sending and receiving SMSs and intercept OTPs.
Stay away from 2FAs which involve sending OTPs by emails or SMS rather use software that generate these codes locally on your device. Google authenticator and Authy are good choices.

Trusted wallets
Your choice of wallets also determines your level of security.
Cryptocurrency exchanges are not wallets and are currently the worst places to keep your funds. Through the history of bitcoin, they have shown to be very vulnerable from the Mt. Gox Exchange hack to the unbelievable Canadian exchange Quadrigacx case where the CEO dies with the passcodes to the exchanges wallets. Like online wallets they defeat the original purpose of cryptocurrencies since they hold your private keys for you and can get hacked or disappear with your funds. In 2018 alone $856 million worth of crypto was stolen from exchanges according to a research by ledger. It’s very simple if you don’t own your private keys you don’t own your funds.
Only use exchanges and online wallets to hold little amounts you plan to trade. Mobile and Desktop wallets are better alternatives as they store your private keys locally. Before you download a wallet verify the software publisher and checkout the customer reviews. Downloading a malicious wallet or a legitimate compromised one will put your funds at risk.
Hardware wallets are the best alternatives now and should be used for long time storage of large amounts. An air-gapped (strictly offline with no internet connection) device will provide the same security as a hardware wallet.

Preventing Phishing Attacks
Social Engineering attacks have been a threat to the digital world for a long time. They involve luring or unsuspecting members of the public in giving out their personal information. Phishing scams are the biggest threat and the most common means of social engineering. According to Breach Level Index of 2018 First Half Review report, records breached in the first half of 2018 are 4,553,172,708.
You might receive mails or text messages to click on a link and enter one information or the other. Some of these mails are phishing mails aimed at collecting your personal information to access your funds. Don’t click on links from emails. It's hard to tell the difference in an email you should go to the official site to find out the latest happenings. Clicking on a malicious link will put you at risk.
Phishing sites also try to collect your information by making a dummy site that looks exactly like the original site. The old https trick does not seem to work as these sites now also have SSL certificates. Its best to bookmark the original and always access it from there. Searching on google or clicking on a link can lead you to a malicious site.
Cryptonite is a Chrome/Firefox extension that helps to warn you of dangerous or unverified sites.

Copy and Paste
When sending coins/tokens it all takes a simple address copy and paste to send them. But this process has also proven to be vulnerable. As seen with the All-Radio 4.27 Portable program which replaces your copied address with another address and you send you funds there unknowingly. The program also contained a hidden miner used for cryptojacking. Experts from Malwarebytes found out the program got on computer systems of victims when they tried to use cracks of licensed programs and games including Windows activator, KMSpico.
Although stressful it’s best to always double-check addresses before clicking the send button. Using a QR code is an option which will save you from such a malware.
Ethereum Name Service (ENS) is a platform similar to Domain Name Service(DNS) it helps you create a domain name for your wallet address or smart contract and is built with smart contracts on the Ethereum blockchain making your domain name clear completely decentralized.
To send funds you can simply enter the domain name instead of the wallet address and can create subdomains. E.g

0x84055fc….
Can be entered as
Nonsewallet.eth

Antivirus
Having an antivirus to an extent protects you from malwares that aim to steal your personal information or cause you to give out your private keys. It also protects you from key loggers.
Always make sure the antivirus software is legitimate and up to date with the latest security patches. Desist from installing and downloading software from unknown or untrusted sources and use only licensed software.

Although antivirus software, encryption and two-factor authentication will keep your funds safe digitally to an extent. The main point of security and vulnerability is you the user if you choose to make a silly mistake of giving your private keys or any means of funds access to an attacker no one will stop you it's yours after all. It all requires common sense and good judgement.
We set out with a question on our minds on how to secure our funds which has been answered. I hope you enjoyed the article. I'd love to see your views about the article in the comments section if you have any suggestion or have questions please don't forget to share.

Posted using Partiko Android

Sort:  

Your post made it to the top in the Wafrica Daily Curation Party
You will be rewarded with some wafro tokens as well.
Cheers, keep writing good content. 👍

Courtesy: @julietisrael

Congratulations @greybat! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!