Steemit - Security - Exchanges & Why - By a guy that has been in Crypto since 2009 - [NEW PEOPLE - READ THIS NOW]

in #steemit8 years ago

Hacker Stealing all Your money

I once lost 150 Bitcoins due to an exchange being hacked, I am more careful now with who I exchange with!


First things first - Your Steem & SBD is valuable - Secure it Hard!

Lets start by getting into a good security routine that you should apply to all of your accounts from now on, but let us begin with Steemit:

Step #1: Go to https://lastpass.com/ and install the chrome & firefox addon - buy the premium package, security is worth paying for.

Step #2: Go to Permissions here on Steemit and change each password so you have a unique password for each login (Posting, Active & Owner)

A great password should contain at least 100 chars and look something like this: 9J7Jw64fH&SuoTPZj1y7LmsVDZnwW1X4B3u084*DxgY!y8vv94@9nA6%g8U1LyIuU6gThAO!R6gw0JjThj8yVNSF0csh$F&D!J

The Password-handler (LastPass) will take care of remembering it for you.

Use your Active Login for Money/Transfers
Use your Posting Login for posting & upvoting.
Put your Owner-Login away in cold storage, do not use it to log in with EVER, unless you are selling your steemit account.


Keep your master-password and owner-key in a safe & secure place in case you ever need them


Exchanges that I trust & why!

The #1 Secure Exchange is Bittrex - You can read the story of Bittrex on Richies blog, but long story short - The owners of Bittrex are hardcore security experts from the largest data-centers in the world. In the time of need, when "all" exchanges got hacked, they built this enormous fortress we know and love as Bittrex Exchange. They take security so serious that their internal jokes are impossible to understand due to all the encryption. Use them and ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS

The #2 Secure Exchange is Poloniex - They got hacked once, and lost a lot of their customers bitcoins, but they have mad respect from me and others (even the bittrex owners) for how they handled the hack by being upfront with their users, took a socialized loss divided on everyone and paid everybody back. They have never been hacked again after that, as they now take security very seriously due to their previous experience. ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS

The #3 Secure Exchange is BitShares decentralized exchange created by the guys who also made Steemit. Bitshares is ultra fast & decentralized. It is a step more technical to get into and understand then Bittrex & Poloniex, but if you can understand Steemit, I am sure you can also understand Bitshares and will love using them as well. But as always: ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS


It does not matter how good lock you have if you leave the doors and windows open.


How to avoid to be scammed or lured into "secret" groups

The best way to avoid being scammed or lured into secret groups is by being member of a big open group who you can consult with if someone is contacting you privately to get you into some pump & dump group or to invest in a coin that you have no clue about.

I personally spend about 17 hours every day on Stakepool Teamspeak & Stakepool Radio Fintech Market Watch open for all and governed and guarded by a community of analysts, traders and investors in crypto who will look at anything with critical eyes and give you their honest opinions 24/7 all year.

I also spend a great deal of time on Steemit Slack to make sure I stay informed, actually - I spend time in every slack group of the coins I trade to stay informed, and talk about it live on Stakepool - sharing the information in realtime using voice is so much more effective then text-chatting, you got to agree with me on that.


Having a large group of serious people to consult with is a virtue, never respond to strangers with invitations to join big money - I have seen a lot of rich people become poor doing that.


Always keep your browsers, antivirus & OS updated

Now that you are making money on #steemit - you need to think twice about what sites you visit, what you download (or have already downloaded in the past) and make sure your operative system is updated and not outdated.

If you over the years have downloaded and tried out a lot of free crap, chances are that you already have a keylogger installed on your computer, so unless you know for sure that is not the case - make sure you know by downloading the most popular antivirus for your computer & os and do a deep scan of everything. You will be scared to death of what you might discover that has installed itself on your machine and is reporting all kinds of sensitive information to the people who really should not have it - and it is all your fault for not being careful in the first place, so maybe the best thing is to buy a brand new computer with a clean installation and start a new and better computer-life.


Thank you for reading all this important text - Please comment, upvote & share with all your friends


Sort:  

After having come out of the first Steemit hack alive... I'm looking for any and all info to secure my account, thanks for holding my hand as I take those steps.

Your welcome @wingz - This guide will definitely make you do things the right way.

read this again! <--- note to self

What?!! Why?! on!?! earth?!!? are you still using an insecure password?! FIX IT NOW. Right now!

Yes... while I'm waiting. I'm waiting... Do it. Go. Click. Yes, up there. On the right. No don't save it in your email, aaarrgggh!!!!! What? Too hard? Okay, email is a fair compromise if you have two factor authentication on. TURN IT ON NOW.

Remember, even your phone sim card can get cloned with just a copy of your ID... so don't keep anything on there that you're not afraid to lose.

If you can copy down your password onto paper, it will probably get cracked. I can crack BILLIONS of passwords per second, if I wanted to. Think about it! BILLIONS! I can save every single password ever dumped, on a few harddrives, and test them all in just minutes. I can test trillions of permutations of them in a day.

Randomness and entropy, and length are your only real friends here... you want to be really safe? Move the bulk of your funds across several paper wallets you created offline, using not just any code, but the code you got at source, and ideally that you reviewed yourself.

Want to be even safer? Back up your online wallet password by taking a photo with an offline camera with a display (not analogue... oh you trust the camera shop?) that you can hide and find in a box of a few hundred other identical cameras... or from a clean computer - brand new install on a brand new harddrive, copy and paste it into a text file created directly on a flash disc or two that is only used for this purpose... What? you want to keep them in a safe with just a few digit lock?! Have you seen how quickly safes are cracked by safe experts? Fine, there are only so many safe experts in the world, why would they target you.... right?!

....Are you starting to see why banks still make so much money?

Security only exists in layers. Save your password in an encrypted file with a password you know, on an encrypted drive, with another passphrase, on a phone with another password.... and even that will only slow down someone who's really after your funds.

Funny enough, the safest place to save your funds easily, is on a fairly new Android phone, factory defaulted, without any account synced and without any apps installed, not bought from a dodgy source such as second hand, grey import, etc. - with full phone encryption on and a screen lock pattern. And making a backup of your keys on a flash disc or sdcard that you can hide well.

Or you can just use a bank.... just don't piss off the politicians who run your country, too much, okay?

what if lastpass leaks like it did a couple of years ago?

In worst case if that happens, you need to immediately react to the news and change your passwords to something temporary before they get abused. Security is an ever changing landscape.

Great post @fyrstikken, although I'm not a fan of lastpass. I prefer KeepassX, an opensource, lightweight, and crossplatform password manager. Guess it might be a remnant from my linux days, but it does the job without any risk for security leaks.

KeepassX is an excellent password manager as well. Upvoted.

You're doing a superb job here. I love your content. Especially your songs :D

Btw. Förstår du Svenska? ;)

Thank you, and yes - Det er klart jeg skjønner svensk, jeg er jo fra Norge :D

Haha, jag misstänkte det. Men det är inte alla som förstår Svenska! Jag bodde faktiskt granne med en man ifrån Norge tidigare och han förstod inte många ord alls. :D

Thank you for posting. Hope you get this to snowball to the top!
I up-voted you too... BTW, should steemit let us steemers advertise using steem? Be sure to tell everyone you know to come vote here at: https://steemit.com/steemit/@kingtylervvs/if-steemit-ever-does-decide-to-advertise-there-is-only-1-way-it-could-work-in-my-opinion-debate

This is a democratic community decision.


lol. fyrstikken is certainly a fun one...and content like that just keeps you coming back...(well that and being an absolute crypto nerd).

hehehe, @officialfuzzy - I should change my middle name to Nerd :D

So helpful, security is someething worth paying for.

Greta Job fyr, its really important that we make sure we have people secure their accounts the right way and dont lose them to hackers in the future. I think they took a step in the right direction with how strong the password needs to be but there is still more like 2FA that should be done.

They are working on a blockchain based 2FA that should be released soon here on Steemit. I need to read what @ned or @dan publish next about that. They have been busy securing this place the last many days and I think they have done a great job so far, I am impressed.

after read Your post I changed my passwords.... thats scaryy story

Good to hear @wojooo - that was the purpose of this article.

Glad you are safer now.

Security is super important. Very detailed article. I enjoyed thoroughly.

Although, I'm not a fan of LastPass, so we switched over to Dashlane.

How do you feel about that as a solution?

I am not familiar with dashlane, but anything that creates random strong passwords that people can use is a better solution then using passwords like "butterfly" or "loveisintheair" :D

Thanks, keep it coming!

Great tips, especially on avoiding the pump and dump groups.

I personally use and recommend pass for password generation and storage, its simple and effective - encrypts your passwords with your gpg key and stores them in a local git repository.

My other must-have IMO is QubesOS , letting your completely isolate all the components of your system into separate virtual machines. Steep learning curve, but 100% worth the effort.

Hope these are useful for someone.

Great post @fyrstikken.
Im glad somone could spread this usefull stuff.
Be avare ppl, this could easy happend to you.

-N66

so true.

you're the stars.... @fyrstikken

Good post, but I have to disagree with you @fyrstikken
Remember the first rule of crypto
If you don't have your keys, then you don't have your coins.

Also the golden rule of crypto
He who has your keys has all your gold

That means products which do direct decentralized p2p exchanging are the most secure, except possibly cold storage.

Have a look at bitsquare and you'll see why you don't have to trust any exchange that isn't running on your own computer.
https://bitsquare.io/

totally @williambanks - but this article was meant for steemit-users and steem & sbd are exchanged on Bittrex, Poloniex and Bitshares. The points you raising is good material for another article.

fyrstikken thank you for so valuable advices, it is good to have suggestion from an experienced guy

Thank you, I live to serve.

its good advice for many newcomers in crypto !

Yep, and on #steemit there are MAAAANY newcomers - got to take security more seriously when money is at stake.

Don't forget to store your long term coins on paper wallets. No one can hack a paper wallet.

Great post @fyrstikken I appreciate the help and the Stakepool link. Your posts are generally informative and interesting. Those songs, wheew! I have been following you since you downvoted my first blog entry and did not respond when I asked why. I wish Steemit had a private messaging service so I would not have to ask you on your own post but would sincerely like to know if I unknowingly broke a Steemit code. Please let me know so I can improve my behaviour. I believe Steemit is a great example of a community that can police its own and your downvote has impacted me. Thanks in advance.
Truly,
H

Your post must have been mistaken as spam or something. Sorry about that, I upvoted your last few articles. Keep writing great content.

Thanks for the reply, the support and clearing this up. I love this community!

it is going to be great in the future - imagine a million users - what a milestone that will be!

Interesting article

Great post! Ordnet opp i alle passordene mine etter at en venn tipset meg om siden din her, greit med en liten oppvekker i blant. Takk for mange fine poster og nyttig info!

150 btc 99.900$ currently wow!!!!

Quality post from the shitcoin wizard himself, colour me purple.

Thanks for posting this. It's always great when vets inform the new people about the importance of security in this space.

upvote for you.. good luck

It seems there are more and more exchanges popping up all the times but I stick to the same ones you do. I also think Kraken is pretty solid but limited in the currencies they deal in.

Great article. I love Polo & Bittrex! But remember, even Lastpass can be compromised: https://steemit.com/lastpass/@framelalife/lastpass-hacked-don-t-use-this-for-steemit

Thank you so much for posting her. Please go to my profile... There is a kind of read about software antivirus free download >>> antivirus 2020

 8 years ago  Reveal Comment

If you have not been hacked or lost your keys you have not been in Crypto. Still remember how I walked right into a Dash Coin trap and lost a few Dash coins. Take Security Serious !! Also move your coins off Exchanges, they are the weakest link

soooo true bartcant.
Security is so tough for everyday users. I hope we can find a way to get trezor for steem. :)

 8 years ago  Reveal Comment