Hi fellow steemians, i'm here again to bring you another guide on security just some basic stuff that can make your life a lot easier
As you all probably know, whenever you introduce your info or credentials into a website and send a request to login or to post something, your data travels from your computer to the web server and if you do not take some precautions an attacker might capture your info or even modify it in his own advantage
So how do you protect yourself?
Well you don't need to be a computer genius to understand what i'm about to explain, it's really simple and can help protect all of your accounts so pay attention.
Passwords
This is something you should already know
- Passwords should be more than 6 digits
- You should avoid common words
- Use capitals
- Use numbers
- Use special characters like <_-/@#!»?=)(some websites might not allow some of those)
- Never use the same passwords on different accounts
For steem accounts you should never and i really mean NEVER allow your browser to store the password.
For example you go out with your laptop and login to steem using some random public wi-fi, you accept that your browser stores the password so you don't have to input it everytime it will store your password without encryption and that is almost the same thing as trowing your password around in a crushed paper hoping no one will open it..
You can use password managers just remember that if the passwords are stored on a company's server they will still be at risk if the servers get hacked
There is also an attack that fakes a login page and asks you to input your credentials and then sends them to the attacker but you can easily avoid these by not clicking any links or inputing any credentials on websites you don't fully trust you should also use HTTPS everywhere it is a great plugin that ensures that your data is encrypted trough HTTPS (yeah it can be easily downgraded using sslstrip but if you follow the rest of the sugestions you should be fine) i wouln't worry much with this attack since i think it can't be done on steem (i haven't tried so can't confirm) because it doesn't have a login page like facebook and instead you have this login "popup"
Gimme the cookies
Cookies also can be a security vulnerability however you cannot fully disable them if you pretend to login on facebook and many other social media the best thing you can do to protect yourself is to delete them everytime you close your browser (you can edit this option in your browser privacy settings
Yes yours will definitely be different since this is Opera in portuguese. The option selected with the red arrow means "Keep local data until i leave my browser" in my experience it's the one that works best
And by now you are probably thinking that you dont want to introduce your password everytime
Just use a usb stick or an external hard drive encrypt it with a password (don't worry about size since it can only be bruteforced if you manage to lose it and you don't wanna lose your steem password) and inside it put a simple text file just to copy and paste the password
You can store your password in an image using a process called steganography but this isn't really practical and would definetely make this post a lot bigger so i'll leave it to next time...
Plugins...
There are a lot of great plugins out there the main one i tend to use are
- HTTPS everywhere - Ensures that you are using the HTTPS protocol
- No-script/No-script suite for opera - blocks most of the scripts that the website tries to run, you can whitelist some websites so that i doesn't apply rules to it
- Betterprivacy - protects you against super-cookies ( "A super cookie is a type of browser cookie that is designed to be permanently stored on a user’s computer. Super cookies are generally more difficult for users to detect and remove from their devices because they cannot be deleted in the same fashion as regular cookies. " from https://www.techopedia.com/definition/27310/super-cookie
And many more it's really up to you just don't go crazy on the plugins they also have their own flaws
There is many more other tricks and tips but also remember that the more stuff you remove and block the less functionality you get and it will definitely break some web sites
Also never use public wi-fi even if you go there everyday and nothing happens someday it might and it will probably cost you more than these simple steps that can't prevent this from happening but can sure protect you a lot more from it....
The Steemit password is so long and complicated though that I doubt I could ever memorize it. I do keep it on my home computer and other places. It is definitely dangerous though. That's one reason I keep my account balances in the locked away places. I use my account every day too, so I'd know if I got hacked or if someone tried to take from my wallet, right?
I'm not so nervous about it right now since my account doesn't have much in it, but I plan to let it grow...
Not actually @finnian , someone could access your account and just stalk on you until you had some significant value in your account and steal you.
However if he were to make a transaction it would be logged so you would know however it would be too late...
If you think your account might be compromised reset your password and maybe talk to steemit support so they can check if someone logged from other Ip than yours
Also storing your password on your home computer might not be the best place use a usb stick or a memory card... and always have a paper backup hidden
I use this to store my password it is encrypted and the passwords are in a protected file so it is pretty much harder to obtain it and really easy to hide