We hear a lot about hacked governments and companies. Most of us are not affected directly by them, so why should we care about it?
Well, it is enough to have your email or phone number to be compromised to lose access to most of your online services.
Banking? - Gone
Phone? - Gone
Crypto exchanges? - Gone
So, the question is: what can the average person do, to minimize risks without a degree in computer science?
Read on a find out yourself!
Passwords became a necessary evil in our lives. You need a password for everything. You know you should use a completely different password every time. On top of that, every service has its own criteria, like using numbers and special characters.
Enter the scary but rewarding world of password managers.
Password managers exist for a long time now and they are great! There are several different options or solutions, depending on your needs. Some can sync your passwords across your devices, some are offline, some are mobile-only. The best thing is, most have a password generator built-in.
I will leave a few names of services at the bottom of the page for you to check out later. Try all of them and see which works best for you.
Using password managers is very simple: unlock your database with a master password and then can copy-paste the password you need.
Selecting the master password
A good starting point for secure passwords: make up a long sentence or use a bunch (12+) of words (separated or not), replace some of the letters with numbers, use capital and lower case, and add a few special characters (e.g: ! ? % &).
Make sure to memorize this and only continue with the setup if you are sure that you remember the master pass correctly. It's a good idea to open your empty database a few times to be sure you got it right before continuing. Most services don't store your master password for security reasons. This means that if you forget it you won't be able to recover it.
How to set up a password manager for the first time?
Now you have your chosen app, let's see the workflow of getting all your passwords in.
- Make a list of all the services you regularly use. Normally, managers need a name for the service, a URL, a username, and a password.
- Then visit each service one by one and create an entry in your manager leaving the password part empty.
- Once you have that done go back to the first entry in the password manager, create a new password with a password generator, and save it.
- Then, go on to the service's settings page and change your password to the one you just saved into your database.
Repeat steps 3-4 until you have all your passwords changed and saved into your database.
2FA or Two-factor Authentication is another great way to add extra security to your accounts on the internet. It adds another layer to verify yourself along with your password. Most companies offer 2FA by a generated one-time password (OTP) through text message, email, or by a third-party app.
Authentication with 2FA is simple: log into the service using the password manager, then input the 6-digit code (one-time password) from your 2FA app on the next screen and you are in. Every time you log in to a service you'll need to input your password and your OTP.
This sounds quite inconvenient for most people and it is sometimes. However, internet security is not about convenience!
Also, worth noting that using an app or a security hardware key is better than the text message or email option.
Let's set up 2FA on an account!
- Find the security settings in the service you want to secure
- Usually, under passwords you'll find the option to turn 2FA on. Click on it
- In your 2FA mobile app: tap on add new entry
- Scan the QR code with your phone
- At the next prompt, verify that it is set up correctly
That's it, you are set up now. There is one last step and most companies do this automatically: getting your backup keys for the 2FA you just set up.
You should get your security codes at the end of the set-up which you must save either on your computer, write them down or print them.
Whatever you choose, make sure that you save them because if your 2FA app does not allow import-export those security keys will be your backup codes in case you lose access to the app on your phone.
Most people have an email address in 2021. It is easy to take it for granted, it's there, nothing bad happened since you have it, never been hacked.
Well, in the crypto world there are tons of scams going around, not to mention that there is a quite high chance that your email had been leaked at some point in the past, you're just not aware of it. You can check it yourself here: https://haveibeenpwned.com.
The point I'm trying to make, if you haven't guessed it already, is that you should set up a separate email you'll use for your crypto stuff only. Remember, in crypto, you are your own bank. You also shouldn't trust anyone (that's why I'm not recommending specific services here. You should do your own research).
There are many secure and free email providers out there, register an account with them, set it up with your password manager, and enable 2FA. Then go ahead and update your email address at your chosen crypto exchanges and services.
Do not use this account for anything else. No newsletters, no online services or games, nothing. Maybe register another one just for subscribing to different crypto accounts to try them or use an email alias service.
All this above may seem overkill, but think about it: your money is on the table. And as I stated before, you are your own bank in crypto. You control your coins once you have your private keys (post is coming soon) so it is essential to minimize risks as much as you can.
This is also not a perfect solution. There is no such thing! But a good starting point for those who are not computer experts or starting out in this space.
Once you gain more knowledge about security in general you'll understand how important it is to keep risks to a minimum when it comes to securing your accounts.
As promised, here are some
links services to check out:
- KeePass XC
- Google Authenticator
- SoloKeys (Hardware)
- YubiKey (Hardware)
- OnlyKey (Hardware)
If you enjoyed reading my blog, please consider subscribing to my newsletter to get notified when I publish a new post.
Thanks for reading and see you out there!