From the universal two-factor authentication to VPN and firewall that will protect your digital money.
If you managed to make good money on bitcoin (Bitcoin), do not rush to rejoice. Your money can easily end up in the hands of hackers. To protect your crypto-status as much as possible, follow these 10 rules.
1. Do not use two-factor authentication (2FA) via SMS
To register for any digital platform, you must enter your e-mail address. It is also used for account password recovery. If hackers take possession of the electronic box, it is likely that access to it will not be restored. Thus, any account associated with the mail will be compromised.
However, in most countries it is very easy to copy the sim card, so attackers can access your phone number and forward calls and SMS TO a new device. As soon as the hacker succeeds, he, knowing only one email address, will be able to use the password recovery procedure via SMS and get full access to your account.
2. Instead of 2FA, use a universal two-factor authentication (U2F) for all accounts
A more secure alternative to 2FA is U2F, a universal two-factor authentication developed by the Fido Alliance. It combines openness, security, safety and ease of use. The U2F device connects to the USB port and sends a signal confirming the user’s login when the button is pressed.
This standard is more secure than the usual 2FA, because it is an independent physical device. If a hacker gets remote access to a device with the 2FA app, he can easily open all the linked user accounts. But in order to access accounts with u2f authentication, he will have to take possession of the device itself. This greatly reduces the risks for the user, since it is impossible to open such a key remotely.
3. Get a hardware wallet and use it
Of course, a hardware wallet is the safest way to store cryptocurrency. In the crypto community, even there was such a saying:”If you do not control the keys, then you do not control the crypto currency.” This very accurately reflects the essence of risk. The investor who stores cryptocurrency on the exchange does not control the private keys to his accounts — they belong to the exchange. In the case of a cyber-attack, he risks losing all of their assets (remember the hacking of Mt. Gox, Coinrail, Bithumb, Bitfinex and other exchanges).
And remember: don’t keep your private keys in Evernote or Dropbox — use hardware wallets. In the worst case, write them down on a piece of paper. Hardware wallets like the Ledger and best wallet, can be used for U2F authentication. Not only do they protect private keys and provide two-factor authentication, but in the event of theft, an attacker will not be able to access them without knowing the PIN (unlike traditional U2F devices like Yubico, which open access immediately when connected to a computer).
4. Do not expose your condition
It’s very common to see someone talk about their success on social media and then complain that they’ve been hacked. In this case, the cause and effect are obvious. Example No. 1 Example No. 2 to Flaunt their cryptologists on the Internet — all the same what to write on my forehead “I Have a lot of money!”and go for a walk in the dark corners. Talking about profits or posting screenshots of wallets, you encourage hackers to search for vulnerabilities in your environment. And they are sure to find them-and take advantage of it. Don’t be careless.
5. Keep anonymous
Anonymity on Twitter and other social networks adds another layer of protection between you and attackers. By staying anonymous, you hide your identity, gender, age, race, nationality, origin, etc.
In many countries, even involvement in the crypto market is perceived as a symbol of wealth. In some cases, it can harm not only the investor, but also his friends and family. Criminals do not shun kidnapping or extortion. You can write about profits while remaining anonymous, and it will get away with it, because the concealment of personal data greatly complicates the work of hackers.
6. Don’t talk about yourself
Whether you are anonymous or not, try not to disclose your personal information online. A very common way to give yourself away is to post photos of your home/street/car. Attackers will crezam to gather all available information to learn about the victim as much as possible. Each piece of personal information can be used to find a potential vector of vulnerability and access to crypto assets. Don’t become an easy target for social engineering.
7. Create different email addresses for different purposes
Do not use the same email address for social networking and registration on cryptocurrency exchange websites. Usually social networks are easier to hack than exchanges. Here are a couple of examples:
Twitter doesn’t have two-factor account authentication, and you don’t need to sign in every time. An attacker could gain access to e-mail if you, for example, briefly leave your work computer or forget to log out.
Everyone knows that Facebook sells users ‘ private information to third-party companies. It may include your email address and other personal information.
Division e-mail addresses, depending on the level of importance will help to protect yourself from hackers. For example, one address can be used for Twitter, Facebook, Instagram, Snapchat, Dropbox, Evernote, etc., and the other — exclusively for cryptocurrency exchanges. If one of the social networks is hacked or it decides to sell your data to third parties (which is sure to happen), only the e-mail associated with these accounts will be affected.
For even more security, use a separate email address for each exchange. In this case, the problem will be to remember the passwords for all these addresses, but paranoia sometimes works wonders. Of course, do not create the same password for different accounts, otherwise you greatly simplify the task of hackers.
8. Bookmark your sites
The easiest way to lose cryptocurrency is to go to a phishing site. Imagine that you bought a new laptop and decided to make a deal on the stock exchange. You open a browser, enter “Binance” in the search bar and accidentally click on the first advertising link. You sign in to your account (with two-factor authentication disabled) … and you lose all your money not only on Binance, but also, perhaps, on other exchanges. Creating a duplicate site and placing it at the top of your Google Ads search is easy.
This has happened many times with the popular mew wallet, so keep an eye on your actions, do not click on the links in the Google search; enter them yourself in the address bar or open from saved bookmarks.
9. Use VPN in public networks
Working in public networks with an unknown organization is like having sex without a condom with a complete stranger. Use VPN services. They will help to avoid Wi-Fi spoofing, interception of unencrypted packets/cookies and other types of attacks.
10. Install antivirus and firewall
Antivirus protects your computer from malware. Given the abundance of all kinds of software in the crypto space, a good antivirus is a must. Firewall protects your computer from unwanted incoming connections (including malicious users seeking remote access to the operating system).
Every day, users are increasingly willing to disclose information about themselves on the Internet and especially in social networks, thinking that they are safe and behind the screen, protecting them from real dangers. But it is not. We’re as vulnerable on the computer as we are on the streets. The only difference is that in the network you publish your thoughts, photos, share experiences and open personal data not to thousands, but to millions of people.
Behave in the virtual world as well as in the real world. Be careful not to show off your money, keep your keys in a safe place. Use common sense — there are far more malware, intruders and artificial intelligence tracking systems on the net than you can imagine.