Security Best Practices

Below are general security practices commonly applied.

Cryptocurrency, web3 and blockchains are a very new technology and like all new technologies, they are open to scams and bad ethical behaviour. Below is a list of different types of scams, hacks and schemes plus best practices to help you navigate the web3 space. These scams can be very well thought out, deceptive and sometimes ingenious. It pays to be extra careful with every action you take.

Phishing Scams

Phishing is when scammers trick you into providing sensitive information (like your password or private key) by pretending to be a service you trust, often via email or a fake website.

Avoidance strategies:

  • Never click on suspicious links in emails or text messages.

  • Always double-check the URL of the site you're on, particularly if you've followed a link there.

  • Never share your private keys or sensitive information.

Phone Scams

Scammers may pose as support agents or investment advisors, asking for sensitive information or encouraging you to invest in scams.

Avoidance strategies:

  • Be skeptical of unsolicited phone calls.

  • Never share sensitive information over the phone.

  • If you receive a call from someone claiming to represent a company you trust, hang up and call back using a trusted number.

Fake ICOs (Initial Coin Offerings)

Scammers create a fake ICO, hype it up, and then steal the funds when investors buy in.

Avoidance strategies:

  • Do thorough research before investing in an ICO.

  • Be wary of ICOs that promise guaranteed profits or have aggressive marketing tactics.

Ponzi or Pyramid Schemes

In these scams, the returns of older investors are funded by the investment of newer investors until the scheme collapses.

Avoidance strategies:

  • Be skeptical of investment opportunities that promise high returns with little risk.

  • Always research before investing - if it sounds too good to be true, it probably is.

Impersonation Scams

Scammers impersonate well-known figures in the crypto community on social media and claim to be giving away cryptocurrency. They often ask victims to send a small amount of cryptocurrency first in return for a larger amount later.

Avoidance strategies:

  • Be skeptical of giveaways that require you to send cryptocurrency first.

  • Verify the identity of social media accounts by checking for the verified badge.

Ransomware Attacks

In these attacks, a hacker gains control of a victim's system and encrypts their files, demanding a ransom (usually in cryptocurrency) to decrypt them.

Avoidance strategies:

  • Always keep your software and antivirus up-to-date.

  • Never click on suspicious links in emails or messages.

  • Regularly back up important files so you can restore them if necessary.

Man-in-the-Middle Attacks

In this attack, a hacker intercepts communication between two parties and can potentially alter the information being communicated. In the context of crypto, they may change the address a victim is sending cryptocurrency to.

Avoidance strategies:

  • Always double-check wallet addresses before sending transactions.

  • Avoid using public Wi-Fi for transactions when possible.

  • Use VPN for added security.

Remember, a healthy level of skepticism can be your best friend in the world of crypto. Always double-check sources and never provide sensitive information to anyone you don't fully trust.

Password Handling, Pass phrases and Private Keys

Passwords

  1. Length and Complexity: Longer passwords tend to be more secure. A password should ideally be at least 12 characters long, but 16 or more is even better. It should include a mix of upper and lower case letters, numbers, and special characters to increase complexity.

  2. Uniqueness: Do not reuse passwords across multiple sites or services. If one service is compromised, all your accounts using the same password are at risk.

  3. Avoid Predictable Passwords: Avoid using predictable passwords such as "password123", your name, the name of your pet, or other information that could be easily guessed or found out by someone else.

  4. Password Managers: Consider using a password manager to create and store complex passwords. They can generate strong passwords and store them securely, requiring you to remember only one strong master password.

As for how long a password would take to break, it depends on the strength of the password (length and complexity) and the resources of the attacker. For instance, a strong password with 12 characters including numbers, letters, and symbols would take millions of years to crack using a brute force attack with today's technology.

Secret Passphrases

  1. Length and Complexity: Similar to passwords, longer and more complex passphrases are more secure. A good passphrase might be a sentence, including punctuation.

  2. Unpredictability: Choose a passphrase that can't be easily guessed. It should not include common quotes or well-known phrases.

  3. Memorability: The advantage of passphrases over passwords is that they can be easier to remember. Choose something that is significant to you but would be hard for others to guess.

Private Keys

  1. Never Share: You should never share your private keys. Anyone who has your private key can access your crypto assets.

  2. Secure Storage: Store your private keys securely. This could be on a hardware wallet, a piece of paper stored securely (paper wallet), or in an encrypted file.

  3. Backups: Always have a backup of your private keys stored in a separate, secure location. If you lose access to your private keys, you lose access to your crypto.

  4. Secure Generation: When generating new private keys, ensure that you're using software that generates them securely and that your computer is free from malware.

  5. Destruction: If you're recording your private key on paper, make sure to destroy it thoroughly when you no longer need it. If it's in a digital file, make sure to delete it securely (simple deletion is often not enough as files can be recovered).

Remember, security is paramount when dealing with cryptocurrencies. One small mistake can lead to the irreversible loss of your assets.

Privacy

Avoid Reusing Addresses

Many wallets allow you to use a new address for each transaction. This can make it more difficult to link transactions to you.

Be Aware of Public Information

Remember that the blockchain is public. Anyone can see the transaction history of a public address. So, if you ever link your identity to a public address (for example, if you post your Bitcoin address on your public Twitter account), all transactions using that address can be traced back to you.

VPNs , TOR, KYC and Permissions

Using Virtual Private Networks (VPNs) or The Onion Router (TOR) can help to mask your IP address and location, enhancing your online privacy.

Keep Keys and Recovery Phrases Private

Your private keys and recovery phrases give full access to your crypto assets. Never share them and store them securely.

Be Cautious with KYC Procedures

Know Your Customer (KYC) procedures require you to provide personal information to exchanges or other services. Be sure you trust the service and understand how they will protect your information before completing these procedures.

Beware of Phishing Attempts

Always be on guard for phishing attempts - scams where someone attempts to trick you into providing your private keys, recovery phrases, or other sensitive information.

Monitor Permissions

Be mindful of the permissions you grant to applications linked to your wallet. Some applications might have access to more information than you're comfortable with sharing.

  • Maintain Good General Digital Hygiene

    This includes things like regularly updating software, using strong, unique passwords for all accounts, and keeping the operating system and antivirus software up-to-date.

I added this extra material here, I was thinking we could possible use this section for some software partners? Advertising space etc. Just an idea for now, obviously we can scrub all this if it’s too much. Just wanted to have one of the best wiki’s in the space.

Password Managers, Private Key Storage and Other Security Tools:

Password Managers:

These tools securely store your passwords and can generate strong, unique passwords for you. Here are some small examples of tools you can use. Remember, always do your own research and find the tools that work best for you.

  1. LastPass: Offers free and premium plans. It can store passwords, generate strong ones, and autofill them on websites and applications.

  2. 1Password: A comprehensive password manager with a focus on privacy. Offers individual, family, and business plans.

  3. Dashlane: Provides a password manager, digital wallet, and personal information autofill functionality. Offers free and premium plans.

  4. Bitwarden: An open-source password manager, offering free and premium plans for individuals and businesses.

Private Key Storage:

These tools securely store your cryptographic keys offline to protect them from potential online attacks. Here are some small examples of tools you can use. Remember, always do your own research and find the tools that work best for you.

  1. Ledger: A popular hardware wallet that supports a wide variety of cryptocurrencies.

  2. Trezor: Another highly regarded hardware wallet. It's open-source and community-driven.

  3. KeepKey: A hardware wallet that integrates with the ShapeShift exchange, enabling trading directly from the wallet.

Other Security Tools:

  1. Authy: A free app for two-factor authentication (2FA), adding an extra layer of security to your accounts.

  2. Google Authenticator: A popular 2FA app by Google.

  3. ProtonMail: A secure, encrypted email service that respects user privacy.

  4. ProtonVPN: A highly secure, community-supported VPN service from the makers of ProtonMail.

  5. NordVPN: A popular VPN service known for its robust security features.

  6. Tails: A security-focused operating system that you can start on almost any computer from a USB stick or a DVD.

  7. Tor Browser: A web browser that helps to protect your privacy by bouncing your communications around a distributed network of relays run by volunteers worldwide.

Remember, even with these tools, you still need to follow best practices for online security and privacy. Always keep your software up-to-date, be careful with your personal information, and stay informed about new threats and security techniques.

PreviousSecurityNextSuspicious URLs and Links

Last updated