The guide of the little “cryptonian”

  1. Use a non-public email address for this purpose only.
  2. Do not log into public networks (Hotel, Café etc.), especially not through public Wi-Fi that others also have access to. If there is no other option, the usage of a VPN * becomes mandatory. A temporary solution can be using your own mobile phone as Hotspot. (Do not accept someone else’s “kind offer” of logging into their hotspot) 
  3. Never leave your smartphone or laptop unsupervised. 
  4. Use an encrypted “Password Manager”. Combining VeraCrypt with procedures depending on the human factor is optimal. Most of the time, the classic Password Manager runs on the server of a private company and if it does not have an internet connection (the problem may be with you or them), the passwords are not available. 
  5. If you want comfort, then manually add over the password, at least 4 extra characters that the password manager “does not know”. Thus, the saved password becomes just a password stub to which the rest of the password must be added manually (the so-called “password salting” concept).
  6. Add to your browser a “Master Password” that must be entered before the other passwords can be “auto-filled”. For example, Firefox uses: https://www.support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins
  7. Enable 2FA authentication wherever possible.
  8. Use 2FA from a separate mobile phone. 2FA such as Google Authenticator does not require a GSM connection (SIM card access).
  9. Please note that someone can clone your phone’s SIM and have access to your phone number (password recovery per SMS, for example). How? Very easy. He goes to the telephone operator with a fake document and “asks” to receive a new SIM.
  10. Check three times before you finalize a transaction. (A misplaced comma, dot or 0, can have devastating effects).
  11. Delete all remote access programs (Zoom, TeamViewer, MS Teams, etc.) **
  12. Don’t brag about how many “Bitcoins” you have. (You risk being misunderstood and becoming a target person).
  13. Log out of MetaMask after you finished your transactions (not only applicable to MetaMask).
  14. Use a crypto browser only. (e.g., “Brave”)
  15. Use a separate computer only for this and do not connect online unless absolutely necessary. A Linux distribution is preferred as the operating system. For example, https://www.linuxmint.com (similar to UI from Microsoft Windows) or worst-case scenario a fully updated MS Windows10 plus additional protection e.g., Bitdefender. For Mac antivirus, firewall, anti-spam use “Intego”.
  16. Use crypto cold storage, such as Ledger. Before the first use, I recommend resetting to the factory settings to eliminate the danger of the Ledger being manipulated beforehand. https://www.support.ledger.com/hc/en-us/articles/36001 7582434-Reset-to-factory-settings-? docs = true
  17. Set a regular interval at which you backup everything of importance. Imagine that if your computer “disappears” and you buy a new one, you need to be able to restore everything vital to you. For Mac users, in addition to manually backing up your vital data, I recommend “Time Machine” automated backup https://www.support.apple.com/en-us/HT201250
  18. Vital data should be saved on encrypted partitions such as VeraCrypt. If necessary, invisible partitions can be created that only after a secret key combination are made visible in the file system. (Initially, this was created to protect you from divulging your password under threat). 
  19.  Details: en.wikipedia.org/wiki/VeraCrypt 
  20.  How To: https://www.youtube.com/watch?v=C25VWAGl7Tw
  21. Use multiple USB sticks. Always have one with you, on the key ring for example (e.g., banks have “Disaster recovery” systems placed on different continents just in case).
  22. In terms of mobile phones, Apple is preferred over Android (it’s like Ethereum instead of BSC).
  23. Never give private keys to anyone. NEVER.
  24. Never interact with shady links (whether they are emailed or received on social media, etc.). One click is enough (in the case of NFTs) to have your entire account looted. 
  25. Never interact with NFTs that randomly appeared in your wallet without knowing what’s going on! 

* Do not confuse VPN with Firewall or another form of active protection. VPN is just a virtual private network that encrypts data between the client and the server, this way you are sure that your data is being transported with further encryption but only until it reaches the server of the VPN service provider. From there it is on its own again, meaning the only protection of the connection remains the encryption provided by the HTTPS protocol in the browser. Among other things, the utility of a VPN is to hide the real IP address and use the IP of the VPN provider’s server. In this way hiding the real location.

** There are a lot of ‘zero-day vulnerabilities that are fixed as they become known. If someone becomes a target and is worth the effort, then Zoom becomes one of the first options for hackers: https://www.cvedetails.com/vulnerability-list/ vendor_id-2159 / Zoom.html

Related Articles

Responses

Your email address will not be published.