Steemit - Security - Exchanges & Why - By a guy that has been in Crypto since 2009 - [NEW PEOPLE - READ THIS NOW]
I once lost 150 Bitcoins due to an exchange being hacked, I am more careful now with who I exchange with!
First things first - Your Steem & SBD is valuable - Secure it Hard!
Lets start by getting into a good security routine that you should apply to all of your accounts from now on, but let us begin with Steemit:
Step #1: Go to https://lastpass.com/ and install the chrome & firefox addon - buy the premium package, security is worth paying for.
Step #2: Go to Permissions here on Steemit and change each password so you have a unique password for each login (Posting, Active & Owner)
A great password should contain at least 100 chars and look something like this: 9J7Jw64fH&SuoTPZj1y7LmsVDZnwW1X4B3u084*DxgY!y8vv94@9nA6%g8U1LyIuU6gThAO!R6gw0JjThj8yVNSF0csh$F&D!J
The Password-handler (LastPass) will take care of remembering it for you.
Use your Active Login for Money/Transfers
Use your Posting Login for posting & upvoting.
Put your Owner-Login away in cold storage, do not use it to log in with EVER, unless you are selling your steemit account.
Keep your master-password and owner-key in a safe & secure place in case you ever need them
Exchanges that I trust & why!
The #1 Secure Exchange is Bittrex - You can read the story of Bittrex on Richies blog, but long story short - The owners of Bittrex are hardcore security experts from the largest data-centers in the world. In the time of need, when "all" exchanges got hacked, they built this enormous fortress we know and love as Bittrex Exchange. They take security so serious that their internal jokes are impossible to understand due to all the encryption. Use them and ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS
The #2 Secure Exchange is Poloniex - They got hacked once, and lost a lot of their customers bitcoins, but they have mad respect from me and others (even the bittrex owners) for how they handled the hack by being upfront with their users, took a socialized loss divided on everyone and paid everybody back. They have never been hacked again after that, as they now take security very seriously due to their previous experience. ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS
The #3 Secure Exchange is BitShares decentralized exchange created by the guys who also made Steemit. Bitshares is ultra fast & decentralized. It is a step more technical to get into and understand then Bittrex & Poloniex, but if you can understand Steemit, I am sure you can also understand Bitshares and will love using them as well. But as always: ALWAYS ENABLE 2FA & A SECURE PASSWORD FROM LASTPASS
It does not matter how good lock you have if you leave the doors and windows open.
How to avoid to be scammed or lured into "secret" groups
The best way to avoid being scammed or lured into secret groups is by being member of a big open group who you can consult with if someone is contacting you privately to get you into some pump & dump group or to invest in a coin that you have no clue about.
I personally spend about 17 hours every day on Stakepool Teamspeak & Stakepool Radio Fintech Market Watch open for all and governed and guarded by a community of analysts, traders and investors in crypto who will look at anything with critical eyes and give you their honest opinions 24/7 all year.
I also spend a great deal of time on Steemit Slack to make sure I stay informed, actually - I spend time in every slack group of the coins I trade to stay informed, and talk about it live on Stakepool - sharing the information in realtime using voice is so much more effective then text-chatting, you got to agree with me on that.
Having a large group of serious people to consult with is a virtue, never respond to strangers with invitations to join big money - I have seen a lot of rich people become poor doing that.
Always keep your browsers, antivirus & OS updated
Now that you are making money on #steemit - you need to think twice about what sites you visit, what you download (or have already downloaded in the past) and make sure your operative system is updated and not outdated.
If you over the years have downloaded and tried out a lot of free crap, chances are that you already have a keylogger installed on your computer, so unless you know for sure that is not the case - make sure you know by downloading the most popular antivirus for your computer & os and do a deep scan of everything. You will be scared to death of what you might discover that has installed itself on your machine and is reporting all kinds of sensitive information to the people who really should not have it - and it is all your fault for not being careful in the first place, so maybe the best thing is to buy a brand new computer with a clean installation and start a new and better computer-life.
Thank you for reading all this important text - Please comment, upvote & share with all your friends
After having come out of the first Steemit hack alive... I'm looking for any and all info to secure my account, thanks for holding my hand as I take those steps.
Your welcome @wingz - This guide will definitely make you do things the right way.
read this again! <--- note to self
What?!! Why?! on!?! earth?!!? are you still using an insecure password?! FIX IT NOW. Right now!
Yes... while I'm waiting. I'm waiting... Do it. Go. Click. Yes, up there. On the right. No don't save it in your email, aaarrgggh!!!!! What? Too hard? Okay, email is a fair compromise if you have two factor authentication on. TURN IT ON NOW.
Remember, even your phone sim card can get cloned with just a copy of your ID... so don't keep anything on there that you're not afraid to lose.
If you can copy down your password onto paper, it will probably get cracked. I can crack BILLIONS of passwords per second, if I wanted to. Think about it! BILLIONS! I can save every single password ever dumped, on a few harddrives, and test them all in just minutes. I can test trillions of permutations of them in a day.
Randomness and entropy, and length are your only real friends here... you want to be really safe? Move the bulk of your funds across several paper wallets you created offline, using not just any code, but the code you got at source, and ideally that you reviewed yourself.
Want to be even safer? Back up your online wallet password by taking a photo with an offline camera with a display (not analogue... oh you trust the camera shop?) that you can hide and find in a box of a few hundred other identical cameras... or from a clean computer - brand new install on a brand new harddrive, copy and paste it into a text file created directly on a flash disc or two that is only used for this purpose... What? you want to keep them in a safe with just a few digit lock?! Have you seen how quickly safes are cracked by safe experts? Fine, there are only so many safe experts in the world, why would they target you.... right?!
....Are you starting to see why banks still make so much money?
Security only exists in layers. Save your password in an encrypted file with a password you know, on an encrypted drive, with another passphrase, on a phone with another password.... and even that will only slow down someone who's really after your funds.
Funny enough, the safest place to save your funds easily, is on a fairly new Android phone, factory defaulted, without any account synced and without any apps installed, not bought from a dodgy source such as second hand, grey import, etc. - with full phone encryption on and a screen lock pattern. And making a backup of your keys on a flash disc or sdcard that you can hide well.
Or you can just use a bank.... just don't piss off the politicians who run your country, too much, okay?
what if lastpass leaks like it did a couple of years ago?
In worst case if that happens, you need to immediately react to the news and change your passwords to something temporary before they get abused. Security is an ever changing landscape.
Great post! Upvoted :D
If you have not been hacked or lost your keys you have not been in Crypto. Still remember how I walked right into a Dash Coin trap and lost a few Dash coins. Take Security Serious !! Also move your coins off Exchanges, they are the weakest link
soooo true bartcant.
Security is so tough for everyday users. I hope we can find a way to get trezor for steem. :)
Great post @fyrstikken, although I'm not a fan of lastpass. I prefer KeepassX, an opensource, lightweight, and crossplatform password manager. Guess it might be a remnant from my linux days, but it does the job without any risk for security leaks.
KeepassX is an excellent password manager as well. Upvoted.
Greta Job fyr, its really important that we make sure we have people secure their accounts the right way and dont lose them to hackers in the future. I think they took a step in the right direction with how strong the password needs to be but there is still more like 2FA that should be done.
They are working on a blockchain based 2FA that should be released soon here on Steemit. I need to read what @ned or @dan publish next about that. They have been busy securing this place the last many days and I think they have done a great job so far, I am impressed.
Security is super important. Very detailed article. I enjoyed thoroughly.
Although, I'm not a fan of LastPass, so we switched over to Dashlane.
How do you feel about that as a solution?
I am not familiar with dashlane, but anything that creates random strong passwords that people can use is a better solution then using passwords like "butterfly" or "loveisintheair" :D
after read Your post I changed my passwords.... thats scaryy story
Good to hear @wojooo - that was the purpose of this article.
Glad you are safer now.
Thanks, keep it coming!
Great post @fyrstikken.
Im glad somone could spread this usefull stuff.
Be avare ppl, this could easy happend to you.
-N66
so true.