Security breaches are on the rise. To date, hundreds of millions of dollars have been hacked from exchanges and user wallets, and a big cause for this is lazy security.
There is an increasing trend of using weak, insecure passwords to protect things of high value. This does not only apply to newbies in the crypto space, but even election officials and corporate entities are in the habit of using passwords that are easily guessed, or reused.
I took the time to read some stories involving hacking, and felt the need to go into a little more depth on the subject of web security, and wanted to urge readers to go the extra mile in this area.
This article is aimed to be a call to action for anyone who has not already taken the time to figure out what makes for strong web security. If you are in the cryptospace, then you are a prime target for hackers because financial gain is the #1 reason for theft, so it is strongly advised that you take the time to check if you are using all of the security measures that you could be.
Who’s getting hacked?
This Forbes article mentions that Mark Zuckerberg got hacked 3 times in one year and the reason: weak, recycled passwords.
Hacking Team is a corporation that “creates spyware and malware programs for law enforcement and intelligence agencies around the world.” This article goes into more detail, but suffice to say that the passwords they used looked like this:
“P4ssword”
“wolverine”
The point here is that even people who should know better (developers, programmers, hackers) are caught using lazy security with disastrous effects. Don’t be like them.
Some statistics…
In 2014, “3 out of 4 consumers use duplicate passwords,” and “about 40 percent of those surveyed say they had a “security incident, meaning that they had an account hacked, [or] password stolen…” [source]
This is a security risk because, as this article points out, if one company gets hacked, then the login credentials of its users are exposed and sold on the dark web, which means that you could have done everything fine, but because of the lazy security of the company that you’re with, your login gets revealed.
By using the same password for long periods of time, or reusing passwords, you increase your risk exposure to hacking.
Don’t be in this group. You should be changing your passwords regularly.
According to Verizon Enterprise, 87% of compromises took minutes or less, and 68% of attacks went unnoticed for months or longer. Additionally, 81% of all data breaches are due to hacked passwords. [read more here]
To protect against this, you will need strong web security. Let’s start with the password.
What makes for a strong password?
Your passwords need 2 characteristics:
1) something that is very difficult to guess, and
2) something you can easily remember.
Note that you could always mash your keyboard until you have a large amount of characters.
ex: KDF*^roiteog3ofvfIUTDKfp79823ofr2p3V(&E%IDT
Is very random and thus hard to guess, but it is difficult to remember. You want both.
So, do the following:
1. choose at least 6 words and put them together.
Ex: hustle crypto bring wow no salt never pleb
Notice that they do not make grammatical sense. It’s easy to remember, but they don’t make enough sense that someone could easily guess that. Without the spaces, we have 35 characters. Even a computer algorithm might have a tougher time guessing it just on its own.
But let’s not stop there.
2. add uppercase letters, special characters and numbers.
Ex: |-|ustl.ecrypto8BRINGwow~!!92noSALTneVerPleB
This has a total of 44 characters. This will be easier to remember, and very difficult to guess.
A few tips:
- You want something that is long in length. 12 characters aren’t enough. Set a standard of 25 characters as a minimum. I personally avoid exchanges that limit the amount of characters I can use because it’s a security risk. The longer the password, the harder it is to crack.
- Replacing letters with special characters is not enough. You need random variation.
- Do not use names, locations or dates that can be associated to you. “SaraStevenson1994” is too easy to guess.
- Change your passwords at least once a year, and don’t reuse the same passwords for different accounts. Remember Mark Zuckerberg. He got hacked 3 times in 1 year because he recycled his passwords.
Storing Passwords
Do not store your passwords on:
- your computer,
- in a cloud,
- in dropbox, or
- anywhere online
Instead, it is recommended to keep them all on paper and to store your password sheet in a filling cabinet that is fire- and water-proof, and locked with a key.
Passwords are not enough
Unfortunately, there are some hacking methods that can reveal your passwords AS you type them in, so even changing your login is not enough.
That’s why you need to enable 2fa on everything from your accounts to your e-mail.
Use a VPN
Transacting on unsecured Wi-Fi networks means you could be revealing personal information and browsing habits to anyone who may be eavesdropping. Using a VPN is essential if you are going to take your web security seriously. This is especially important when using free public Wi-Fi.
An annual membership from a company with a good reputation is a small investment in protecting what you have. They are not expensive, ranging from 40 to 100 dollars per year. Do a little research and find one that works best for you.
Use a Hardware Wallet to Secure Coins
Either Trezor or Ledger. Yes those are affiliate links, and yes I do get paid for your purchase of them, but there are good reasons behind me pushing them on you:
You could have a virus, or could have downloaded some malware that logs what keystrokes you punch in. If this happens, your passwords will appear in plain text on your hackers computer and you may never realize it. Remember the statistics above that states more than 60% of all data breaches go unnoticed for months.
With Trezor and Ledger, even if you have a compromised computer, your coins will still be safe. They have multiple layers of security that protect against various forms of threats.
So if you don’t have one yet, buy one right now. And then USE IT! DO NOT store your coins on the exchanges when not actively trading.
Dominic Rose
Latest posts by Dominic Rose (see all)
- How to Navigate ICOs and Avoid Scams - October 8, 2018
- The Next Biggest Evolution for Blockchain Technology - September 16, 2018
- Getting Started with Binance - September 5, 2018
