Basic Cryptocurrency Account Security Practices
Most of us using Steem know some basics about how cryptocurrency works. Some of us even trade in Steem for fun or to make money. Many have no doubt invested a lot of time in cryptocurrency, but do we know how to properly secure our cryptocurrency accounts? Here's how.
Generate strong password
The first and best thing you can do to secure your cryptocurrency accounts is to set a very strong password for your account. Thankfully, Steemit does so by default, but remember to follow this practice on other websites too! And remember to store the password securely, else it won't matter how strong the password is if a hacker can get it. Don't reuse it anywhere. Use a password manager (I've talked about password managers before in previous posts (scroll to last paragraph for links)).
Beware of keyloggers and unsafe computers
Don't login to Steem or any other cryptocurrency account on someone else's computer, even if you do trust them. Their computer might have a keylogger or virus on it which could send your account details to a hacker.
Also beware of keyloggers and viruses on your own computer. Don't download any suspicious programs or "crack" and "hack" apps. Most are viruses. Regularly scan your computer with a good antivirus.
Accepting and giving payments
Be careful of who you give cryptocurrency or money to convert into Bitcoin, USD, or some other currency. Only use websites and services that are either officially recognized by Steem (such as Bittrex) or ones that many people you know have used. If you choose to use one which is a bit shady but offers better prices or conversion rates, then they might simply keep your money and not pay anything out.
Watch our for mirror or "fake" Steem sites
These are called "phishing" sites, and most are there to steal your login details. Remember to check the link in your browser bar before logging in! If it's not an official Steem site, report it to Steem and leave the website. It's not worth the risk to login and "see what happens".
Disclaimer: The advice in this post does not guarantee 100% security. However it will probably protect you from most attacks. I don't take any responsibility for any stolen/hacked accounts.
Some good tips there.
I work in I.T. specialising in Disaster Recovery and Business Continuity. Now one of the challenges all major companies have is how to handle the plethora of passwords at the DR facilty. In the days when operating a mainframe there were maybe 10 key passwords and these would just be put in an envelope , stapled closed and stored in the 'battle box' at the DR facility. Now you can imagine a modern day I.T shop with all the diverse technologies and upwards of a thousand I.T staff alone.... How many passwords are there...how does one identify key passwords? Also with enforced password changes every 6 weeks ....
You understand the problem?
So I had a word with our security officer on his take. First though I suggested that we have a directory on our fileshare appliance where we store the passwords in a password protected excel spreadsheet with an innocuous name, like breadrecipes or petrolslips. The fileshare has literally millions of files and directories and is synchronously replicated to the DR facility.
Nope he says, that is too insecure. And he heads off to a Password Manager vendor and sets up a Proof of Concept exercise . The long and the short of it is that vendors primary facility was hacked that same week!!!
To my mind hackers are more inclined to target sites where they KNOW that there is something worth getting access to. After all if you want honey do you wander randomly around the meadows hoping to stumble on some..... Or do you go look for a beehive??
Thanks though for answering my request @dhumphrey... There are some good points to take out of your post...I am just not in the Password Vault camp.
I agree completely with you. I also don't like the idea of a cloud-based password vault that most of these password managers use. However, it is the easiest for most normal people to use and it's better than using one weak password for everything.
I personally use Master Password, which solves those problems. You should try it out.