Crypto Security

in vincentb •  7 years ago  (edited)

As we know security in this industry is of the utmost importance. However with so many newbies entering the market it can very scary seeing headlines talking about the equivalent of millions of USD in crypto being stolen from investors. In my opinion things like this are what's preventing institutional money from pouring in. These thefts are happening by hacking exchanges or brute forcing wallet passwords but more often it seems it's happening just by exploiting the ignorance of investors.

There have been reports of MIOTAs being stolen from investors' IOTA wallet who used online seed generators to create their private key. Being a previous investor of IOTA I find this very alarming. I believe my computer science background made me skeptical of using online seed generators for this very reason but news like this isn't going to help the market as a whole. For the mainstream adoption we are all hoping for we will need all cryptocurrencies to take security seriously especially ones valued in tens of billions of USD. It doesn't matter if your product is in its Alpha or Beta phase, these companies will need to ensure security is working from the start.

Universal wallets like what ETHOS is developing may offer an elegant solution to this problem but until they are mainstream we can't depend on them yet. In my research it appears that a hardware wallet like the Ledger Nano S or the Trezor are the best solutions to this problem. They store all your private keys on the device and require you to use a pin to access your funds. This solution prevents anyone including yourself from ever seeing your private keys so as long as you have the password to the hardware wallet you are good to go. They go even further by wiping the entire wallet if you enter the wrong password a certain amount of times.

This is all good but if you have noticed the Ledger Nano S is backlogged for another 2 months so what should we do in the meantime? The best solution I see is using a combination of a usb flash drive + bitlocker encryption + compression encryption. This solution is of course geared towards someone with some technical know how but I believe anyone can do this if they wanted. What this mean is saving your private keys/passwords in a folder on your computer then compressing that folder using compression tools like 7zip or Winrar and encrypting the compression file via a long strong password. When I say strong I mean it for example all my passwords are 30+ characters in length. Copy the encrypted file to a flash drive then encrypt that flash drive with bitlocker and provide it too with a strong password. This way if someone accesses your flash drive they will need not only 1 but 2 passwords.

product_page_aegis_secure_key_2_carousel1.png
I took this a step further by using an Aegis Secure Key flash drive by Apricorn. This flash drive requires you to physically enter a pin on the flash drive itself before you even connect the drive to the PC. It is 256 bit encrypted and wipes itself after so many failed attempts. This way someone with access to this drive needs not 1 not 2 but 3 passwords to access my private keys. I know this is overkill but with the amount of money you can potentially make in this industry I'm not leaving anything to chance.

However a word of caution, while this may seem foolproof the act of unzipping your encrypted file will copy your unencrypted files to your temp directory in your operating system. For this reason you will need to get into the habit of deleting your temp folder to ensure if the PC itself was compromised there would be no way for an attacker to access your files.

In the end, we must remember that we are in charge of our funds in this industry. There is no bank to complain to and be reimbursed for lost funds. We must change our thinking if we are to commit to this movement and protect ourselves. Of course you could just leave your funds on the exchange but if you don't own your private keys you don't own anything. Don't be a victim. If you have some better alternatives to securing your cryptocurrencies or see a flaw in my approach do not hesitant to tell me about them in the comments.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @ikeenan! You received a personal award!

1 Year on Steemit

Click here to view your Board of Honor

Do not miss the last post from @steemitboard:

Saint Nicholas challenge for good boys and girls

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @ikeenan! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!