You are viewing a single comment's thread from:
RE: The Cryptocurrency Bank Spreadsheet
Thanks for this man, I'm a total mess with my book-keeping lol, gonna look into it. In fact, I'm trying to find out the best solution to secure all my crypto stuff. Kinda scary if I wake up one day not remembering all the stuff that'll give me access to my own cryptos..
"Remember"? You shouldn't remember more than two passwords. Go get 1Password immediately. Password manager all the things. The only thing you should remember is your computer login and your 1Password login. Everything else should be auto-generated by 1Password, secured, and backed up.
Please, don't learn this lesson the hard way. Get a password manager. :)
Hmm I've always assumed that password managers can be exploited and end up being worse for me. So I never keep any passwords anywhere except on paper. The one time I actually saved a password was for Steemit last year and guess what, that was the first time someone gained keys to my account..
So I'm pretty paranoid about keeping stuff on the pc.
I'll look into 1Password!
I'd say on paper is much worse. If your computer is compromised, it doesn't matter where you store your passwords, a key logger will pick them up when you use them. Another benefit of a password manager is it avoids phishing attacks.
I wrote more about this here: https://steemit.com/steemit/@lukestokes/password-security-you-re-the-problem
Key security concepts to keep in mind:
Key loggers are the biggest risk on any platform. Despite the solid security model of Unix / Linux / Mac, if you manage to get infected with a key logger (typically you get infected through email or websites) NO schemes for password security will help, since the key logger will capture any passwords you use when you type them in.
I have been looking for reliable keylogger detector software for all 3 platforms I use (Windows, Mac & Linux) for the last 2 years and still have not found solutions for all 3 platforms yet.
I haven't looked at 1Password, I'm sure it's good if Luke endorses it, and there are many others to choose from. I myself use an encrypted USB stick. If my password to unlock the encryption of the USB key is captured by a keylogger, the attacker couldn't use that info if the usb key is not plugged in, and I don't leave it plugged in very long.
It's not a perfect system. If I fail to detect a keylogger, over time it would capture any passwords I used from the encrypted usb stick.
Response to Luke's comment below (6 level depth restriction):
Yes, I DO have 2 copies of the usb. A weakness of that is they are not always in sync with each other. Password managers like 1Password etc are very good, and I recommend you keep a backup in multiple locations. A cloud location is one solution, I prefer local myself, and although the chances of cracking a password vault left in a public location (dropbox, cloud storage etc) is extremely unlikely, I prefer to keep such sensitive data under my personal control / possession and thus eliminate any chances the vault can be accessed by anyone but me.
Many may not want to sacrifice the convenience of keeping such data available anywhere, I'm not one of them.
Interesting that you didn't say anything regarding keyloggers.
What happens if your USB stick fails? What if you lose it? Do you have multiple backups?
The reason I like 1Password is because the browser extensions also protect you from phishing attacks.
But I did:
LastPass is great for keeping track of passwords and private keys, at least :)
You can improve the security with 2FA, and you can also add your own layer of security on top of that.
Indeed! 2FA all the things with something like the Google Authenticator. Via text message used to be a thing, but now that's not recommended because spoofing mobile numbers is getting too easy.
What do you recommend instead?
Oh wait, you're saying 2FA with Google Authenticator (or similar) is good, but not the "2FA" that involves sending a text with code to mobile number. If I understand right, then yes, I agree.
Yep, sounds like you figured out my meaning.
I have been using CoinTracking for the past two years and all I can say are good things. One of the smartest customer support I've ever experienced. I've used about 4 other portfolio tracking, and none come close to what CoinTracking offers, usability and design is great.
The companion app is amazing as well. Now I can quickly see a snapshot of all my investments, regardless of where they are located, in one easy to use app.
Although the free version is good, import each CSV file from each exchange is time consuming, with the PRO version all your transactions are up to date with one time setup.
You can use my affiliate link which gives you 10% discount.
Hope this helps!