Is your Bitcoin safe? Improve security of your devices and crypto holdings
Last updated: January 7, 2019 13 min read
If you own cryptocurrency such as Bitcoin or any other, the feeling of insecurity you get to experience when reading about huge hack incidents might seem familiar. In fact, it became so common that some of us, unfortunately, do not recognize the danger it reflects anymore.
There is so much news about data breaches, password leaks and massive cryptocurrency thefts (which managed to cause some well-known forks), it is hard not to start worrying about your own safety. Especially when so many people already have experience of being hacked, or at least targeted as a victim.
The internet is a dangerous world full of digital stalkers, but you probably already know that. Did you ever receive an email from Facebook or Gmail telling you that someone is attempting to access your account? Perhaps you recall that one friend who tried to buy something online from a fake website, and sent his Bitcoin straight to the thieves?
These are the most casual encounters you might face on your day-to-day life. However, those who practice the art of hacking often use much more advanced techniques. For example, social engineering, phishing, and numerous others, and target bigger fishes accordingly. So much so that we hear about hacking or scamming victims quite often, whether it is a big company, or a well-known person, or a centralized cryptocurrency exchange.
Judging from the current scale of the issue, it seems that most think their digital devices are more secure than they really are.
Cryptocurrency owners are big targets
The truth is that on the Internet (or what is connected to it), nobody is ever safe enough. If you use social media or pretty much any online service, your personal information is out there. It doesn’t even matter if it is a decade old. So, if someone wants to know you a little bit better without ever seeing you, it is most likely possible. Sometimes it is enough to trick you into giving out sensitive information or infect your device with dangerous malware or ransomware programs.
In fact, Bitcoin and other crypto enthusiasts should be extra careful. They potentially expose themselves the most by recording their activity on a blockchain. Although cryptocurrency is theoretically the most secure way to store the value to date, you are completely responsible for your own protection as you are the sole owner of your private keys.
From one side, it is a good thing to be in full control of your own capital. On the other hand, it requires some additional measures to ensure that nobody will ever get to your digital property. It especially applies to those who own a substantial amount of cryptocurrencies. They are known to often become hot targets for hackers to scam.
The basic security measures
Today, we share some useful tips on how to effectively protect your cryptocurrency holdings, social media accounts and linked emails as well as the identity behind them. Do not worry – there are many different ways to protect yourself. With that said, we encourage you to use all available tools that help strengthen your security. We will start with the basics of security, and then jump right into the protection of private keys.
Create a very strong password
Whether you use an online wallet, crypto exchange or email, first thing you must do is create a strong password. There are several techniques that you can use to create a truly complicated passphrase. All of them share some common ground:
- The password should be long enough, that means not less than least 12 characters;
- Include numbers, symbols, capital, and lower-case letters;
- Avoid using dictionary words – make it as random as possible.
By following these three rules, you will be able to create a password that is nearly impossible to guess. It applies even to those hackers who use password-cracking techniques like brute-force attacks. That means a hacker will not be able to obtain your password using tools that guess all dictionary words, their combinations, and their most common variations.
You might be thinking, “How can I possibly remember such a password?”. Well, one way to do it is to think of a long sentence you will remember, and then modify it in a way only you can decipher it. For example, let’s think of a random sentence like: ”Tomorrow I will spend 250$ on food at the Supermarket and feed my family of 9”.
Just by remembering this phrase, you can create a variety of passwords that would fit the criteria. Let’s take the first characters of each word and include all symbols, numbers, and letters as they are: TIws250$ofatSafmfo9. Our example includes 19 characters with numbers, symbols and capital letters that does not include any dictionary words. It should suffice as a very strong password that is easy to remember. Of course, this is just an example, and you are free to create your own techniques.
Worth mentioning that all passwords you use should be different. Not all websites are as secure as they advertise, hence data leaks happen from time to time. If so, your password may end up in the wrong hands, and all your accounts will be compromised.
Too difficult to keep track? Use Password manager
Creating a strong password is easy, but when you deal with hundreds of websites, it will eventually get unbearable. That is why it is a good idea to use password managers.
A password manager is a software that stores all your passwords in an encrypted vault. The vault itself is locked using the master password. These programs are designed to efficiently manage multiple passphrases, as well as identify the duplicates and the weak ones. With a help of such software, you are able to generate and use incredibly complex passwords without the need to remember them at all. Dashlane or KeePass are good choices that offer a variety of ways to increase your protection, such as automated password changers, security strength indicators and so on.
Password managers are completely secure from theft as long as you keep your master password, or master file, safe. Though you should never keep a copy of it online, or worst – on your computer. The best thing you can do is write it down on a piece of paper, or upload it to secure hardware, and lock it in a bank vault. In fact, anything will do as long as it is far away from the Internet connection.
But even if you encrypt your whole device, you are not completely protected from key-loggers that can track your actions on a keyboard, ransomware and other malware programs that could potentially trace your private keys.
Secure your devices with a proper Anti-Virus program
To make sure you are safe, you must install a decent Anti-Malware program that could efficiently detect possible threats on your device. Moreover, you have to make sure that your security system is up to date at all times. Without it, you leave your devices completely exposed to numerous threats, and there is no better way to protect yourself but with a well-trusted Anti-Virus program.
There are lots of options to choose from. You cannot go wrong with Bitdefender which monitors non-stop running processes on your devices and, using Advanced Threat Control, is able to identify most of the unknown threats, even the most sophisticated ones. On top of that, it also provides anti-ransomware, and many more customizable features to maximize your security. It is a decent choice for cryptocurrency owners as it effectively hides the transmission of your sensitive information.
Another excellent choice would be Emsisoft. An award-winning software uses 4-layer protection in real-time which secures you from widely spread cryptocurrency mining malware, ransomware, and other threats. Armed with powerful threat detection technologies, it does an excellent job of protecting your privacy.
If you are looking for more affordable options, Avast Free Antivirus is great security software that can shield your activities from tracking when using SafeZone Browser in Bank Mode. Of course, they offer a much wider variety of features and are definitely worth checking out.
Use 2 Factor Authenticator (2FA)
You might have heard about this feature before, and maybe you even use it. It is the most common tool for account protection, which is offered on every site that takes their security somewhat seriously.
Basically, 2FA adds an additional layer of security to your account so it could not be accessed only by entering the password. When 2FA the option is enabled, after logging in it will ask you to verify your identity. You can do that with a code generated by the authenticator. You can also choose to receive the code, for example, via text message, though is the least safe option as sophisticated hackers can easily intercept them.
Instead, we recommend using 2FA apps that provide automatically generated codes. Just keep in mind that not all authenticator apps provide the same level of security. The beloved app like Google Authenticator might seem like a decent choice. However, it lacks many important features that other free 2FA apps have. Since Google did not update their authenticator in a while, they left it hanging with a bunch of vulnerabilities.
Apps like Authy or LastPass are better choices as they provide some additional features that increase both convenience and security. For example, both allow creating encrypted cloud backups. So, if you ever lose your phone, or just buy a new one, you will not have to reset the whole authenticator for each website.
Google Authenticator, sadly, does not have this option. It also lacks multi-device support and, most importantly, PIN protection. It means if someone knows your password and has your phone, they can easily access your account using an unprotected authenticator. Both Authy and LastPass provide this feature (including a fingerprint scanner and Face ID). Ultimately, it makes them a superior choice over what Google currently offers.
All in all, the authenticator is one of the most important second-line defense you can set up in a few minutes. Everyone should use it because it complicates the things for hackers considerably. Nonetheless, it does not make you 100% safe just yet.
How to protect your cryptocurrency holdings: tips & tricks
Now that we secured all the accounts and established some common ground, we can start discussing cryptocurrency.
There are a few crucial things you should know in order to keep your coins as safe as possible.
Do not trust the centralized exchanges
Cryptocurrency exchanges are often centralized, which means you do not have full control of your assets. Since such exchanges are the most attractive targets for hackers, it is dangerous to keep a large sum of cryptocurrency there. You never know how secure they actually are, and judging from the events of the past, such exchanges can collapse in a second. If that happened, all your funds would be lost immediately.
Use online and offline wallets instead
Every cryptocurrency out there has their own wallet you can store your coins in. There are also multi-coin wallets that support many different cryptocurrencies, and they are much safer to use. Of course, encryption of a wallet is crucial. However, it is not the safest option, especially for those who own large amounts of cryptocurrency.
Best option – cold storage
If you really want to keep your savings safe, the best way is to move your coins offline. That is possible by using encrypted hardware wallets like Cool Wallet S, Ledger Nano S or Trezor. You can also use a paper wallet which also counts as cold storage. All you need is a piece of paper, a pen and a secure place to hide your key.
What happens if you lose your hardware wallet, USB stick or that piece of paper with your keys? You should always consider the possibility that you might lose it in one way or another. Always have backups of your private keys, no matter what. Own several copies and store them safely where nobody could ever reach it.
Diversify your assets
You should not keep all your assets in one place. It is always smart to diversify a little bit and spread around your fortune across multiple wallets. That way you will make sure that even if someone gets the access to one of your wallets, you still get to keep the rest of them.
Use VPN services
VPN’s mask your IP address by creating a secure private network over the Internet. It allows you to hide your internet activity and is especially useful while browsing on, for example, public Wi-Fi. Though you should never use an unsafe internet connection while dealing with cryptocurrencies.
Always double check the address
Some malicious programs are able to modify the “copy/paste” procedure by pasting a completely different address that belongs to a hacker. It will not hurt to double check.
Consider decentralized exchanges
If you are a trader of cryptocurrencies, you might want to explore options of decentralized exchanges. Since they have no single point of failure, your coins are always safe. Well, at least much safer than on the centralized exchange as you are the one who owns private keys.
Be aware of fake websites
There are some websites that are created for a sole purpose of scamming. Usually, it is quite easy to distinguish a real website from a fake one, but there are always exceptions. Always do your due diligence before sending your crypto to the unknown merchant, especially if the shop looks somewhat fishy.
Shopping at CoinGate merchants is safe
Since Bitcoin payments are irreversible, it is important to be sure that you shop at a legit store. But sometimes it is not that easy to distinguish a legit merchant from a fraudster. However, we, as a payment processor, do our best to protect shoppers by allowing only fully compliant merchants to avail of our payment gateway.
So, if you ever stumble across a merchant who uses CoinGate payment processing services, we try to make sure that you are not using a website with fraudulent intentions. That is because all our merchants have to go through an extensive KYC identification. We do this in order to protect both our shoppers and our company from possible illicit activities.
Furthermore, the new 5th AML directory is coming into place this year. That said, we are preparing to launch even more protective measures to ensure that no fraudulent merchant will ever operate using our system. We strongly believe that there is no way for a company to grow if security and transparency are not taken utmost seriously, thus we prioritize it before anything else.
We hope that from now on, you will enjoy a much safer shopping experience! Use our tips and tricks and never again worry about your safety!