12 Steps to Improve the Security of your Cryptocurrency Holdings
I must confess, I am pretty new to the cryptocurrency world, but I am trying to learn the ins and outs of blockchain, bitcoin and altcoins as fast as I can.
This post is one of the many that will follow, describing the ups and downs I'll encounter throughout this journey, the reasons for investing in certain crypto coins and avoiding others, the financial gains and losses I'll go through along this path and many other personal opinions about the cryptocurrency space.
Before diving into the topic of this post, the basic steps that you can follow to maximize your wallet security, let me tell you a short story about me and how I ended up getting involved in the crypto world.
About a month ago, a friend of mine shared his “adventures” in the ICO world, talking about things like tokens, Ethereum, 10x gains and so on. As days went by, I got more and more excited about all of this and started to do my own research at a very fast pace. That was the time I invested in my first ICO, Aventus, which seems to have a solid project and team behind it and it really aims to solve a problem in today’s world. You can find more about their project on https://aventus.io/.
No, they don’t solve world hunger or bring peace in the Middle East, but they do address a major issue when it comes to event ticketing – fraud, in any way, shape or form. And that was the very first thing that I found attractive about this ICO – problem-solving, period. And I strongly believe that this should be an essential criterion, among others that we will discuss in other posts, whenever you evaluate an ICO or an already existing coin.
Moving along from Aventus, in the last couple of weeks I witnessed a lot of turbulence in the crypto market, with coins rising and falling dramatically overnight, with markets crashing because of a Tweet some guy posted on his profile, with rumors of ICO and exchange bans in China and with actual, real announcements from some Chinese exchanges that they will go out of business at the end of September.
So, I thought I will have a soft landing in the world of crypto, instead, my plane almost left the runway, lost a wing, grew another one, lost it again and so on. A hell of a ride, indeed. I wasn’t prepared for that. Actually, I didn’t see this storm coming so hard at me, at us, at the entire market.
But I definitely fell in love with it. It’s like a virus, like a first kiss, like a rollercoaster. You either love it or you hate it. Well, you get my point, I won’t stretch this metaphor any longer.
Furthermore, if you decide (and you should!) to join the Slack, Telegram or Discord communities of the projects you invest in, then you will have access to a world dominated by two major feelings, each of them with their own various masks. We have greed at one end of the spectrum and then we have fear. And these two are the ones who create the charts you’ll see and love and hate every day. Really! Any spike or fall on those charts has either greed or fear at its core, as its root.
Moreover, inside these online communities, you have the opportunity to see people who are angry they invested $100 in some coin or ICO and they didn’t become a millionaire the next day. People who spread FUD (fear, uncertainty, and doubt), no matter if the market is in a FUDdy place or not, at the moment. They panic no matter what. They came to this world with unreal expectations and once those expectations were not met, they immediately start to curse, spread rumors and, even worse, sell everything they have, hoping to save something when the market goes down by 5%. These are the people who invested their rent or food money, people who don’t get the first principle of investing: “Always invest money you can afford to lose!”. Or, in even simpler words: “Don’t be stupid!”. It’s that simple.
Anyway, at the other side of the spectrum, you will find people like me, people that have already adapted to the volatility of the market and who expect better or worse times with each coinmarketcap.com page refresh. As in life in general, things will get better or worse, you cannot have this under your control. The important thing is how you react to each of these scenarios. And that is a personal choice, based on your character, life experiences, and intellect. That’s the equation and its variables, in my opinion. I am really relaxed whenever a market fluctuation occurs, I am already used to them, given the recent experiences. I followed the first principle of investing and I made a decision: I am here for the long term.
But will there be a “long-term”? I definitely think it will. Bitcoin and the whole cryptocurrency world is here to stay. As others said already, Pandora’s box has been opened and nothing will revert cryptocurrencies to the state of non-existence. Not any government, not any bank, not any war. Nothing.
Blockchain and crypto are the foundation of the new Internet and the new economy, respectively. It’s a reality. I heard someone saying (apologies for not remembering who!) that “You can ignore reality, but you cannot ignore the consequences of ignoring reality”. Smart quote, smart guy or girl.
Getting back to my long-term strategy, I noticed there are basically two types of traders - day traders, who wish for short-term gains, like 1.2x, who like flipping coins all day and make a small profit. And then there are long-term traders, also known as investors. People who choose to invest in one or several projects (again, ICOs or various altcoins, for example) and expect the results in 1, 3, 5 or 10 years from now, without constantly worrying about last night’s market crash or what will Litecoin be worth next Tuesday. I don’t give a crap about this kind of things and that’s why I consider myself a long-term investor in cryptocurrency. Also, this approach implies you're expecting not a 2x profit, but, at least in my case, 500x to 1000x.
Oh, my God, I’ll stop here with this introduction, I already wrote too much. I will expand on this in my future posts.
Now, it’s time for me to keep my promise and reveal the 12 steps or bits of advice that I think are crucial for an enhanced security when storing your crypto coins (and any other digital assets you have, as well).
- Rule number 1: NO mobile wallets!
I don’t care how good the mobile wallet features look like, how promising the app looks on Play Store or Apple Store, how many 5* reviews are there on that page, I’m not using and will never use a mobile wallet app.
Simply because our mobile phones are, by far, the most vulnerable devices (apart from IoT refrigerators and toasters) we can use. And I mean vulnerable to spying, keylogging, traffic sniffing, malware injection, malicious apps that require more permissions than they actually need and so on. Moreover, our mobile phones are very likely to get lost – forgetting them in a taxi or being stolen at a concert – compared to our laptops or PCs. Unless you bring your laptop to concerts, which would be weird.
So, if you really care about your coins, I strongly advise you to not trust your phone with your finances. In my case, this also applies to online banking apps or PayPal. I never ever mix my smartphone stuff with my money and savings. Facebook? Yes. Slack? Ok. Blockfolio? Definitely. But nothing above this level.
- Rule number 2: Keep your operating system up-to-date!
Really, I mean it. We already agreed upon the fact that the smartphone is a big No-No when it comes to wallets and private keys and stuff. But, should you decide to use a software wallet locally on your laptop or remotely on the web (MyEtherWallet, Exodus, Jaxx or others), you must secure your laptop before thinking of securing the wallet software or any other digital assets you might have.
So, even though I know that sometimes it’s a real pain to update your OS, especially when you’re heavily working and you have 35 open tabs in Chrome and a few spreadsheets in the background and that f*cking window pops up saying “Please restart to update!”, please do it! Don’t postpone it again!
Hackers can inject malware in your OS much easier when you leave all the doors and windows open. Updating your system adds crucial patches to your software and fills most of the cracks in your walls. I strongly advise you to do it before it’s too late. Go wash the dishes or grab a sandwich while the update takes place. You need a damn break from all that work, anyway!
- Rule number 3: Have an antivirus solution installed!
I know, I know, if a hacker wants to get inside your computer, it will crush most antivirus solutions without even blinking.
However, having such software adds a layer of defense when it comes to basic malware or spyware or trojans knocking on your door. And keep in mind that any piece of malware that gets into your operating system can make a hacker’s life so much easier if and when you become a target.
Personally, I use McAfee LiveSafe on both my laptops and my smartphone. I have no affiliation with McAfee, feel free to choose whichever antivirus solution you like, but always try to make an educated decision. Why do I use McAfee? Well, it’s somehow a personal choice, because I really admire John McAfee, I’ve been following his work for quite some time and I always tend to believe in the people behind a piece of software, before believing in the software solution itself.
Most antivirus solutions today come with additional features like firewalls, intrusion detection, anti-spam engines and web browser protection, so always try to look for a complete solution, rather than just an antivirus.
- Rule number 4: Use an anti-ransomware solution, as well!
As you know (and if you don’t, you will find out now), ransomware has become one of the most powerful online weapons today. And there are so many computers that are vulnerable to ransomware, that the “ransom industry” is flourishing more and more.
Now, imagine you have a couple of wallets installed on your computer, with their private keys stored on the same or a separate partition (doesn’t really matter) and some guy on the other side of the globe takes over your computer, encrypts everything in the background, while you watch a YouTube video and then asks you for $500 for the decryption key, otherwise you lose everything. And you have $1000 or $10k worth of coins in your wallets. Would you pay the ransom? Yes, you would, of course. Would you like this scenario to happen in real life? Of course not, who would? However, there are thousands of people who already went through this nightmare.
One way to avoid it is installing Cybereason RansomFree (https://ransomfree.cybereason.com/), a free tool created by the folks at Cybereason, that claims to protect you against 99% of ransomware. I had no ransomware problems thus far and this program runs quietly in the background and monitors your system for ransomware related behavior. It has a very low impact on your computer’s resources, so I definitely recommend it for your data’s security.
- Rule number 5: Always double-check the website you log in to access your wallet!
A friend of mine recently had some Ethereum stolen from his online wallet and trust me, there’s no way of getting it back. Once the transaction was approved and generated, bye bye! There’s no central authority to call or email about your issue and that can be a pain, I truly understand.
Was it phishing? Was his private key intercepted or stolen? Was his password under the eyes of someone else? I don’t know yet, I haven’t had the chance to talk to him about this in depth.
However, phishing is real and it’s not that hard to impersonate or clone a website like myetherwallet.com or any other, for that matter. Then, simply change a character in the name of the new website (something like myetherwal1et.com) and wait for users to send you their private key and type in their passwords. You don't even need to modify the domain name, actually.
This happens a lot with online banking websites and the cryptocurrency world will also face a lot of phishing, no doubt about that.
So, whenever you use an online wallet, double-check (hell, triple-check) the address in your browser bar and make sure your connection is HTTPS and not HTTP.
- Rule number 6: HTTPS Everywhere!
Speaking about HTTPS, you can use EFF’s (Electronic Frontier Foundation) browser add-on called HTTPS Everywhere (https://www.eff.org/https-everywhere). Its job is to enforce HTTPS whenever a website is offering you its HTTP (non-secure) version. The add-on actually says “HTTP? No, thanks! Give me that S, as well!” (Well, that may sound weird, I know).
And this not only applies to your online wallets, this is a best practice to put in place whenever you browse the web and especially when you input personal or financial data into a web form.
Should your web traffic be sniffed by anyone (and this can be easily done by everyone with a laptop and the right software nowadays), the malicious person will be able to see your data when you send it over to an HTTP website, but in the case of HTTPS your data will be encrypted and thus unreadable.
So please go ahead and install this browser extension, it takes about 30 seconds and you will add a new level of security to your browsing experience without the need to be a cybersecurity geek. Not that there’s something wrong with being a geek.
- Rule number 7: Use a password manager! For everything!
Again, this is an advice which not only applies to the cryptocurrency world, but to each and every account you hold on the websites you use, from Gmail to Twitter, from Bittrex to Dropbox.
Furthermore, when possible, enable two-factor authentication (or 2FA for short), to add a layer of security to your logins and be in complete control using your smartphone (Google Authenticator) or email address. Having 2FA enabled, you prevent an attacker who knows your password to login to a website unless he also stole your mobile phone and knows how to unlock it. And speaking about unlocking your smartphone or laptop, I always use devices that have a fingerprint sensor so I can restrict access even more.
Call me paranoid, but better safe than sorry!
As a password manager, I strongly recommend LastPass (https://www.lastpass.com/) which comes as a browser extension and offers to remember your usernames and passwords as you log into various websites. Then, all this data is encrypted and all you have to remember is the master password you used to encrypt your login information. It’s quite easy and intuitive to use, really. And it takes away a lot of headaches, trust me on that. You can choose the Free version or go right to Premium, it’s your call.
- Rule number 8: Use a VPN!
I don’t use the Internet until my VPN connection is established. I simply don’t use it, period. Not at home, not at work and especially not in a coffee shop or an airport.
And this is valid for both my laptops and my smartphone. I really feel way comfortable knowing all my traffic is encrypted and no one can sniff it. Actually, they can sniff it but they’ll get nothing out of it. No matter what kind of traffic is it (web browsing or sending files), everything is secured. And you should implement this as soon as possible on all your devices. Encryption is key nowadays, even WhatsApp has added it, although I prefer using Signal or Telegram for encrypted messaging, rather than an application owned by Facebook.
Now, there are a lot of VPN providers out there, each with their own strengths and weaknesses, but what I use for two years or so is CyberGhost VPN (https://www.cyberghostvpn.com/). Again, I’m not in any way affiliated with them, but I really like their software and the support team is simply awesome. Apart from the VPN service, their software also provides ad blocking, malicious websites avoidance, online tracking prevention and lots more. Whichever VPN provider you choose, there’s a huge chance you’ll need to go for the paid version, which usually provides more features, improved stability and sharing across multiple devices.
- Rule number 9: Store your sensitive data (like private keys) on a separate, encrypted partition!
Let’s say you created a folder in which you store your MyEtherWallet private key and some text files containing passwords and seeds for your other wallets (Yes, I know, we really need a universal wallet for all cryptocurrencies!). Sensitive data, for short.
Now, the question is: Where do you store that folder? On your desktop? In another folder called “Secret folder – do not enter”? Hidden between the pictures from the wedding you attended last week? NO!
What I did is I used a tool called MiniTool Partition Wizard (https://www.partitionwizard.com/free-partition-manager.html) to create a small (1 GB) partition, separate from all the others, on which to store the above-mentioned sensitive data. Then, I transferred all the files over to the new partition and finally, using a free software like VeraCrypt (https://www.veracrypt.fr/en/Home.html) I encrypted that partition. Now, even if someone hacks my computer and sniffs all around the place to find my private keys and passwords, they won’t be able to access that partition, unless they know the decryption password.
Not that complicated, right? And BAM! Another layer of security for my crypto coins.
- Rule number 10: Always lock your PC/laptop when you walk more than 3 feet from it!
Lock it! Just lock it! Whether you’re using a password, a PIN, fingerprints or face recognition, just make sure that whenever you walk away from your computer you leave no one the chance to take a peek on your Desktop or even worse, on other partitions.
Of course, in case of a password or PIN, needless to say, you should not reveal it to anybody, otherwise locking it becomes useless.
This was a quick and to the point rule, I don’t feel like I have anything else to add here.
- Rule number 11: Be aware of your surroundings when you type your passwords!
Another short one – be very careful if someone looks over your shoulder when you log in to your computer or on your MyEtherWallet account, for instance.
However, to enforce this rule, make sure that you always set up complex passwords, especially for your financial services and software, like wallets or online banking accounts. Please don’t use “September2017” as your password. There are a lot of cyberattacks that can find out your password within minutes and a lot of people who can easily read your keys as you type them in. Then again, having “Tr&sdgwqbddq71029912” as your password will strongly lower the risk of a successful dictionary attack.
- Rule number 12: Consider using a hardware wallet!
This is, by far, the best solution we have at hand for dealing with all the software and online issues above. Having a hardware wallet strongly decreases any chance of hacking, making it technically impossible.
Two of the most famous solutions are the Ledger Nano S (https://www.ledgerwallet.com/) and the Trezor (https://trezor.io/).
“Yeah, but they’re kind of expensive!”
Oh really, take a look again at your cryptocurrency portfolio, determine its value (or you can use Blockfolio to keep track of everything) and then say that again to me. I dare you! Yeah, I thought so!
I am currently waiting for my Ledger Nano S to arrive. I chose this instead of Trezor because it supports a slightly bigger number of cryptocurrencies and I have like 10 of them, for now.
That’s it, guys and girls, I hope you found this post useful and I urge you to start implementing these steps as soon as possible, otherwise, you face the risk of losing all your Ether or Bitcoin or Ripple and making a hacker very happy.
Do you really want to make a hacker happy?
P.S.: Starting with my next post, I will begin to reveal the 10 cryptocurrencies I have invested in and why I chose each of them and I will also document and track all my progress regarding my investment and coin portfolio. Consider it as the journey of a noob trying to make as few mistakes as possible and learn from each and every one of them.
Those rules can save a lot of hardship if followed. @cleverbot how are you protected from password theft?
'I don't think you understand me.' What exactly did you mean by that?
Thanks for the tips!! Excellent post.. I'll have to do some research on that Ledger Nano s now. Keep On Steemin On!!🤘🏽
Resteemed.
Thank you so much!
Great tips. Security should definitely be a #1 priority.
great tips for old and new users
Thank you!
Great post with actionable info
Good guide :)
Thanks! :)
A great post; one of the most clear and concise articles I have read in the crypto space.
very helpful info great blog keep encourage others @mihaiteodosiu