This is a great video highlighting some concerns I have had about getting crypto into the mainstream. There are bad people who see this time in cryptos life as a major opportunity, and new people getting into it that do not know the risks or understand how they can protect their assets.
Let’s look at some of the facts that are causing this.- Most people want convenience and will sacrifice security to get it
- Most people don’t know or understand the risk of these types of virus
- Most people are used to relying on a bank to protect their money
- Most people are not ready to be freed from being a debt slave
We as a community need to create and demand better standards from exchanges and coin/wallet providers to help raise the level of security.
Most hackers or thieves go for the easiest and least protected targets. For this reason a lot of security experts say that if you have more security in place than your neighbor it’s likely that the thief will move on from your house to another less secure one (that is unless you have some major value and the target you specifically). Standards based practice for safeguarding of private keys need to be developed because right now we are all using the same entry point, which means the thieves only need to target one process. We need to make it so that they have to go through 2 – 3 different roadblocks to get at your money/data and create better hardware to protect against the very simple attacks mentioned above.
First and foremost
Personal security best practices should always be followed.
- Don’t click a link or attachment that comes from someone you don’t know OR didn’t expect an email from.
- Don’t download files from non-trusted / secured websites.
- Don’t save your passwords in an excel file
- Many many more
How to secure the set up
How do you know your private key or its recovery phrase is not compromised the second you receive it digitally? If you are an everyday computer user and you sometimes make questionable clicks you could be at risk and never even know it. Some ways we can do better in wallet creation….
- When a wallet is created an encrypted recovery file locked to the user should be created to be saved offline. The unlock key is not sent until (options here)
- requested to a predetermined email which can only be sent after a TFA event has been reconciled
- snail mail after creation of the account (privacy/security issues here w physical address)
- emailed after 24 hours to a verified email address with TFA
- Information request cannot be sent or made if 5 unauthorized login attempt is made in the past 24 hours to the wallet
- Once a successful recovery has occurred, a new encrypted key and file is created immediately to replace the used one
- This same process should be used in the case of creating a paper wallet
This way a hacker would need the encrypted file, have access to the TFA that has the files password that would be sent via email and they would have to use them both with the main account password. They can’t simply copy and paste or take a screen shot of your recovery/private key. Because you never opened the encrypted file, they cannot take a screen shot or copy/paste of the info contained in it, and you shouldn’t open that file until absolutely need to. Once the encrypted file is opened it is replaced by a new one limiting the attack time and surface that a hacker would have to access and remove funds if your machine was infected. If the hacker has access to your computer files, your email password and TFA device and you crypto wallet password then yes, they could access your funds whenever they wanted. But this takes a lot of work, time and luck to acquire all of this info and as stated above, most would just move on to easier targets.
At the end of the day, you the user need to create security protocols but we need the folks on the other end to help guide and sometimes force us into them. Its inconvenient sometimes yes, but its better than having your money stolen.
