A COMPLETE CRYPTOCURRENCY SECURITY GUIDE
By Koroush AK
This guide is for those who wish to minimise the chances of a cyber attack and make them as redundant as possible should they happen. If your system is already tight read through and double check everything is in place! I was recently the victim of my second cyber attack and like my first one, thanks to the precautions I had in place, my funds and data remained safe.
The worst part of an attack is the fear and anxiety in the moment of a tiny flaw our defences leading to the loss of data and funds. I’ve written this article because I don’t want anyone else to go through that. I implore you to not leave a security task on your “to do” list and tend to it immediately.
A cold 2FA device is essential. SMS and call alerts are an unacceptable form of authentication for those with skin in the game. Instead one requires a cheap tablet or phone that is always kept in flight mode and never connected to the internet or a hardware device like YubiKey that has built in 2FA. If you do nothing else from reading this entire article just buy a $10 phone to use for 2FA. This alone will double your security.
I advice you have 2 separate computers. Your high security device will be used only for handling cryptocurrencies, banking, trading and other sensitive activities. Do not get windows as an operating system it is too vulnerable. I recommend MacOS, Linux or ChromeOS. You can buy a cheap chromebook for less than $150 and it will suffice for all your needs.
For all other activities you can use a your low security device. In section 7 I will explore the necessary precautions to partake in riskier activities such as browsing less reputable sites and downloading files from unknown sources. I will expand on the dos and don’ts with our different PCs throughout the article.
2. Defence Software
Download on all applicable devices, nothing more to say.
Antivirus (Kaspersky, Bitfender, Norton)
Antimalware (Bitfender, MalwareBytes)
Firewall (ZoneAlarm, Comodo)
Always use a VPN (tunnelbear, NordVPN). Please don’t skip this step thinking it’s “not a big deal”. Your high security device is never to deviate from essential websites and never to click on any unknown links. By bookmarking your essential pages and never typing in your web addresses you reduce temptation and possibility to click on a link you shouldn’t. All it takes is one mistake to compromise your security. Use your low security PC for known sites and sensible browsing.
4. Data Storage
Arguably the most crucial section of the article, this is where we disproportionately limit the damage a successful hack can do to us. We will require paper to store data on, this should be kept in a fireproof and waterproof safe or with a back up in a secure vault. Download a password manager(LastPass, Dashlane, RoboForm) and make sure to not sync passwords between your high security device and your low security device.
Level 1 Data
Level 1 data is data that on its own grants the hacker access to funds or sensitive data. We will make these as inaccessible as possible to hackers. Level 1 data are things like passwords for master emails that can bypass all other security with the right information, your password manager passwords, private keys or recovery phrases.
Level 1 passwords are to be written down in your notebooks. These passwords will be a minimum of 15 keys long and as complex as possible. When entering these passwords you will alternate between using your actual keyboard and an onscreen keyboard, this means the hacker requires to both have you keylogged and be able to see your screen to steal your password. This may seem excessive but by taking every measure to protect our level 1 data we make ourselves more impervious to hackers.
These passwords are only to be entered on your high security device except logging on to your password manager on the low security device. Do not print your Level 1 passwords or store them anywhere on your laptop even for a second, it is very easy to forget that you stored these passwords with the intention of transferring them to paper at a later date.
Stop what you’re doing right now, check your system. If you have any level 1 data, on your computer move it now and ideally change it! These are the passwords you worry about if you get breached.
Level 2 passwords/data
Any data which on it’s own can not grant the hacker access to any of your funds or important accounts is considered level 2. For example if a hacker were to gain access to a level 2 password they would still be unable to do anything with it. Level 2 passwords are to be randomly generated by your password manager and should never be typed always copy and pasted from your manager without revealing the password in case you are being watched or key logged.
Old emails with lackluster passwords are a common point of entry for hackers, especially if you only use 1 email and it’s visible via social media.
These are to be made using ProtonMail. These are for your exchanges, bank accounts, investment platforms and any other platform that contains funds. Connect no more than 3 accounts to any 1 master mail, ideally 1 or 2 per email.
You can use other emails at your convenience for less sensitive accounts.
Every email should have 2FA.
6. Crypto-currency Storage
For if you have a long term investment portfolio which you do not plan on touching any time soon you have NO reason not to put your crypto into cold storage. If you can afford a hardware wallet they are generally very convenient and secure. If you can not afford a hardware wallet make a paper wallet! They are very easy to make and everyone has access to pen and paper.
Stop what you’re doing, if you have long term crypto holdings you do not plan on trading in the next year spend the $100 on the hardware wallet or the 10–30 minutes making your paper wallet.
If you trade infrequently use a desktop wallet (Exodus, Jaxx). These are only as safe as the system they are on. Put them on your high security device and wherever possible use 2FA.
When our funds are on exchanges we take on countless risks, as traders we must manage this like any other. Only use reputable exchanges and where ever possible minimise capital kept there. Hopefully needless to say by this point is this all to be done on your high security device.
Every exchange must be backed by a master email, cold device 2FA and a level 2 password. You can use a level 1 password for extra security but this is extremely inconvenient to type every time for a marginal increase in security. Set a global lock that requires a minimum wait time before settings are changed. If you have no plans to withdraw the funds in the near future set a large wait time on withdrawals too.
8. Virtual Machine
This is our ultimate security for “riskier ventures” be it dodgy links, websites and downloads. Install VirtualBox and create a virtual machine. Install your desired OS on the virtual machine. Now you can run your sandbox OS in a window in your regular OS. The virtual machine acts as a sandbox, if something goes wrong in the sandbox, it won’t affect the host OS. Even if you get it riddled with malware, you can simply recreate the virtual machine and reinstall the OS. This is far less complicated than it sounds there’re plenty of guides online. Only to be done on your low risk device.
The two most important things are to keep your level 1 data inaccessible and your 2FA on a cold device. This is the foundation of your protection and should be maintained with the utmost discipline. If your data is ever breached, you can easily rebuild your defences from this core.
You are free to add extra layers to any step to up your security even more, but if you cover everything I have mentioned in this article you’re going to give hackers a really difficult time and even if they succeed, they won’t be able to do anything!
Article written by @KoroushAK
This article was originally published on Medium.