“Companies spend millions of dollars on firewalls, encryption, and secure access devices and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.”
Are you sure you're secure?
With the population of STEEM on the rise, it is important that we consider how secure we are on the internet.
Why is that? Well, we all make mistakes. We’re human, we haven’t integrated with the machine just yet. I’ve been using the internet myself for a long time and still, there are times that I don’t have full concentration and I mess up.
Last month, I miss-clicked a web link and someone infected my computer with a crypto-mining bot.
I have had 100 XBY sitting on Cryptopia (Exchange) for a couple months now.
When I first started Steemit, I didn’t research my keys and I used my master key to log in for the first few weeks.
These are just a few bad practices I've done on the internet. I've learned from my mistakes, and I'm more aware of them now because I've addressed them. Having a basic understanding of security online can help you, but if you are not vigilant and using common sense, you are doomed from the kickoff.
BuddyUP has got your back!
This weekend we started a new initiative over at BuddyUP which is focused on making a community post between our members. We come up with an idea, we pitch it and then we choose topics for each member involved to research and type up.
This is our first post based on security and protection on the internet and we have @lunaticpandora, @afolwalex, @wolv and myself on the case.
We’ll make sure you know about good practices to keep your computer squeaky clean, you have to decide if you'll follow them.
Our community post-payout is going to be divided between the people involved and will be given out on the day of payout. Like I stated in the Discord group, it’s my ass on the line if this isn’t followed through. I respect your help, what you have contributed is your content and I like my reputation, I won’t be ruining it.
Oops. That isn’t the right website…
You might have heard about the various scams that have been going on within Steemit over the past couple of weeks. This is to be expected. We are in a certain wild west here and you need to make sure you are using your heads when you're perusing around the platform and the Internet in general.
To kick off the bulk of our content, @afolwalex is going to be letting you know about avoiding dodgy websites and phishing scams.
Wake up
The Internet has spread out across the world and an awful lot can be done while using it. The problem we face with the internet is the fact that, it has made some of us lazy and careless.
You can get almost everything thing you need without moving an inch.
All you need is an internet connection, a body part to punch away some things on your keyboard, and away you go. This is fun if I must say, I wouldn’t dare call it lazy again.
“I wouldn’t say it was lazy @afolwalex, it just does a lot of the thinking for you, and when something is already doing a lot of the thinking for you… you don't end up thinking for yourself.”
However, people have used this act of laziness (and lack of common sense) to scam and deceive many people.
Have you been purchasing goods online and discovered you entered a wrong site, then the following day your bank accounts drained and you're sat twiddling your thumbs without a clue how it happened?
You had a big project in progress and you were directed to a website to get it completed for a token amount. You then entered your details for payment and your money wasn’t exchanged for a job well done?
These aren't fictional scenarios, somebody has experienced this. You have to be aware of the risks and understand how to avoid them.
Let’s talk about phishing.
Phishing is online fraud. It involves the use of cunning tactics and deceptive websites, emails or other methods to trick the user into disclosing their sensitive data. It’s a common play mostly used by scammers and if you aren’t careful, you could end up losing an awful lot to them.
You received an email about an attempted log into one of your accounts.
“an attempt to login to your password has been made from billybigbaws. Please update your account via insert link here”
Panicked and somewhat emotional, you went through to the link in a flash and entered your details to change your password. As you can see, it’s not that hard to play on somebody's emotions who aren’t clued up about their security. Not to forget, the scammer can spend the time making the website you’ve logged in to look very legitimate.
Imagine if this happened to your Steemit account?
Keep your eyes peeled and your wits sharp!
Below are a list of different things to watch out for when you are browsing different sites on the internet. Understanding about the different tell-tale signs of a bad website can help you avoid getting in harms way.
Check the URL
These guys can be very smart. When you visited the site, and you saw www.paypal.bublbus.serv.com instead of the regular www.paypal.com, you know to stay away from it.
Don’t be fooled by dodgy domains. Make sure you develop a habit to check your URLs before you click, navigate further or type in the address.
Look out for Trust Seal
These are certified seals made by popular websites. It means the website in question is trusted by them or they are being ran/supported by them. You will typically find Trust Seals on home pages. When you are navigating on a website having seals of PayPal, Norton, Google etc. it’s possible the site can be trusted. This doesn’t mean you should drop your guard.
Bad use of language
As funny as this sounds, it is 100% true. Every company wants to keep their reputation intact. They will try to give the right tenses, there won't be any typos and poorly structured English will be avoided. If a website uses poorly constructed languages, that’s a warning sign that it is a scam.
Check their digital footprint
You shouldn’t be the first person accessing the website. Check for reviews. People who have had bad experiences with the site might leave a review somewhere on Google. If you feel as though something is unsafe, do your research.
Don’t ever pay by bank transfers
When a website provides account details to pay into, alarm bells should start ringing. If you buy something that turns out to be fake with a credit or debit card, you have the right to get your money back. If you are paying via a bank transfer, there’s little you can do to get your money back.
Entering your bank details onto a website is always very risky. At times, you will need to set up direct debits for certain services. This is usually to reputable businesses who are required to check your identity or credit check you for their services. Be careful, it is your savings and income we are talking about here. Your livelihood.
The little green padlock
Buying goods online is very easy these days and it doesn't take long to get your card information into a website. Whenever you need to enter your details, look out for the little green padlock beside the https:// and click onto it to check out who it’s verified by.
By following these points and keeping your wits about you, you will be one step closer to protecting your information online. Once you understand the basics, it’s down to common sense.
What makes a good password?
I’m going to go into a little bit of detail about these three points to explain how you can set yourself good, memorable passwords and avoid getting rumbled.
As always, common sense comes before anything. You can have the strongest, coolest, most high tech safe in the world but if you write the combination down on the fridge, it’ll be empty before long.
Singularity
Having the same password for everything is ridiculous. I’m being serious. It's borderline retarded.
Try your best to diversify your passwords so that you never fall into this trap. Hopefully, the next tip will help you create passwords which are different and easy to remember.
Length
That’s right… It’s all about the length. Well, when it comes to passwords.
Do you know what the most widely used password is? password. Do you know what the second most widely used password is? Its 8 characters and it starts with 1 and ends with d.
Do you know the minimum amount of characters a good password has? 15.
If someone wants to crack your password, it takes longer the more characters you have.
You don’t necessarily need to have a password that is all different characters and set up like;
No, you can set up your password so it’s an easily remembered sentence with different lowercase and uppercase letters dotted throughout.
Who in their right mind is going to guess something like that?
Storage
Backing up your passwords can be a very dodgy move. You’ve seen the movies right? Those spies can do some really clever stuff.
In reality, you probably won’t have any government-issued agents coming to your house to jack your HDD (Hmm, I see a debate ARISEing), but you may have some close people around you who may know what your information is worth.
For this reason, I don’t think to store passwords directly onto USBs or onto paper is a good idea. But… if you use passwords like the one I’ve stated above, you may be able to come up with some brilliant tips that will jog your memory back to the password.
If you haven’t read my post about the little memory tactics we can use to recall a lot of data, I’ll leave this here for you to head over too.
It always comes back round to common sense with this topic of conversation. You’re responsible for your own safety on the web.
I’ve got the key, I’ve got the secret.
Like I said towards the top of the post, at the beginning of my Steemit journey, I spent the first few weeks typing in my master key to get logged in.
I know. Very silly indeed but in my defense, there wasn’t much advice when I first logged into the platform. I’m sure you can all remember the big blank feed, the scanning through trending, the uphill struggle of trying to find something of interest. Not many people will get an article handed to them straight away explaining the right way to handle your keys.
To start with, you need to head on over to your Wallet. Then once you are in there, click over to the permissions tab.
Here is your treasure trove of keys. Now, you have to make the decision how you are going to store them. Below is the order of security, starting with least secure.
Copy and paste all of your public and keys into a text file and keep it on your desktop.
Save your public and private keys into a text file and store the file on a USB or SD card.
Write down your public and private keys and type them in each and every time it asks.
I highly recommend saving them to a USB or SD for ease, BUT, this is still not 100% safe.
For instance, you could be infected with malware that allows somebody to access your drive and steal your keys.
As well as this, you could end up corrupting your USB or SD.
If you remove the device without ejecting it, you drop it, you upload something that could mess with it, the list goes on...
Do what any smart, responsible person would do. Back that baby up! Make yourself a second or a third copy of your file and get it on another drive.
What about my master key?
This is important. Write this down somewhere safe. Write it down again and put it somewhere else safe. Do you have a family member that you trust with your life? Give them a copy. The main point I’m trying to make is, this is your responsibility to protect.
Now you can see how stupid I was to be typing this in all the time.
Correct key storage
Keys are important. We are slowly approaching a tokenized world where the protection and security of our keys will determine how we live in the years to come. We get public keys and private keys for our wallets and it is our responsibility to protect them.
In the crypto world, we have two different types of wallets. Hot wallets and cold wallets.
For a wallet to be hot, it has to be stored on a computer that is online. For example, if you downloaded Exodus wallet, stored it on the computer you use for your general internet activities, and put your crypto in it. You would be storing your assets in a hot wallet.
For a wallet to be cold, it has to be stored somewhere that is offline. If you downloaded Exodus wallet, loaded it onto a USB, opened it onto an offline computer and transferred your coins to the public key for the particular wallet section on the Exodus wallet, your assets would be stored on a cold wallet.
I don’t think I need to explain the degree of safety that you acquire when you store your keys offline. If you’ve read this far, you know the script by now.
Paper wallets
“Huh? What? What on earth is a paper wallet?” Some of you guys might be saying. In my opinion, paper wallets are the only way to store your assets if you are looking for the highest level of security. I even feel like hardware wallets have their downfalls over the course of time.
For this section, @lunaticpandora is going to share a little tutorial to help.
Having your Bitcoins, or any other cryptocurrency, in a paper wallet is one of the safest methods for protecting your assets.
Paper wallets are a great way to protect your cryptocurrency assets in the long-term if you don't have the money to spend on a Trezor or similar devices. The assumption when using paper wallets is that you want to keep your coins safe offline, but you plan to eventually move them into a live wallet at some point in the future.
The best way to create a paper wallet is doing it on an offline, recently formatted computer, to lower the risk of getting hacked or some keylogger getting its hands on your private keys.
If you want to try and create your own offline paper bitcoin wallet, follow these steps:
- Find a boot disk with any Linux/Ubuntu OS or get an old laptop that will never be connected to the internet again.
- Go to bitaddress.org and save the webpage for offline use, then transfer it to the laptop or to your copy of an offline linux using a recently formatted, clean usb drive.
- Generate a wallet using the site offline
- Save your Public and Private Keys.
- Print as many copies as you want.
- Store the copies in secure places, like a safe inside a ziplock bag to protect it from water damage.
- And you're done, now you have your own bitcoin paper wallet for long term holding, just send money to it using your public key and only use the private key when you want to take the funds out definitely.
Other paper wallets for various other currencies can be made but you will need to do your due diligence and find the key generators. If you are smart enough to store your assets this way, you are smart enough to research.
Back it up, back it up.
We’ve spoken about keys and passwords and how to correctly store them. Your decision about how you store your passwords will decide the fate of how crippling the next point is to you.
Your computer has just been compromised and they're demanding money. You are broke.
If you were smart enough to backup your keys and passwords on a SD or USB, you might be happy with wiping your drive and dealing with the loss of your data.
If you backed up all your data to a hard drive, made backups using USB and SD for your keys and you are wearing your ‘NOT TODAY PUNK’ sombrero, you can go ahead and wipe your computer and deal with the downtime.
A word from @wolv
As an artist, I tend to take pictures of my drawing's process. This is to either show my way of working or to ask advice from other artists about the process at certain stages of the drawing.
I always use the same phone for this as this keeps it easy to keep track of where everything is, creating a portfolio of sorts.
Convenient as this is... It comes with one huge downside, that I learned the hard way.
Everything is stored on one device... The device crashes, everything is gone.
I was lucky enough to go through this misfortune losing all my art photos, dick pics, process pictures and videos (luckily for me, this also erases all pictures of my ex, there is always a sunny side!).
After this kick in the balls, I learned to always backup my data! For less sensitive materials use auto backup to a cloud service, for your dick pics use an external hard drive.
Wave bye bye to adverts
This segment is very important and something that I didn't even have installed myself until @lunaticpandora recommended it. He is going to be talking about the risks if you don't have an AdBlocker and will give some links for you guys to get one installed.
To add another layer of security to your internet browser, your cryptocurrency transactions and more importantly, to prevent accidentally installing mining bots, keyloggers or viruses in your computer.
The Ad blocker I personally recommend using is uBlock Origins. It’s free, it’s open source and it’s loved and praised by dozens of technology sites. It is continually updated and has dozens of options for customization, IF you want to customize it. For the regular user, just installing it and forgetting about it should be enough. Ads will basically disappear from your browsing experience from websites to Youtube videos.
If you want to get Ublock Origins to improve your browsing experience and safety, just click the link for your browser below!
YOU are responsible for your online safety.
We are in a world where everything seems to be digital or getting digitized. If you are new to the world of cryptocurrency and tokens, you are still one of the early adopters of the technologies.
The shift in the world is coming and we will soon see a lot more people entering the space, good and bad.
It is nobody else's fault but your own if you don’t protect yourself against the threats in this digital world.
Writing and editing this post has been so much fun and the efforts put in from the writers of the community post are hugely appreciated.
I hope that the information in the article has helped you out in some way, we all need to be more aware of how we can protect ourselves moving forward. I decided not to include any anti-virus advice as this could be a very conflicting issue depending on what you use it for. If anyone would like to drop advice and recommendations into the comments, that is welcomed.
This is all great stuff that I have preached abot for 25 yrs as a consultant. Thanks for spreading it!
I'm glad you agree with it buddy! Great input from the guys and it has helped to make a well-rounded informative post.
Hopefully, it will help the community!
@calumam, thanks for the feature.
And thanks for buddyUP.
I'm looking forward to more projects on the server.
By the way. Great post you have here, compiling it together isn't an easy task at all.
Glad to have you help out mate! I hope some of the edits have helped with your English. Looking forward to your involvement with the next one.
Great job fella!
Some really great advice here.
I find it very ironic that, as we move more and more into a digital world, the greatest safety measure is to keep a key/password stored somewhere on paper. :)
Totally agree! I think it's smart practice to keep your valuable info somewhere safe. If you can trust the banks, a bank deposit box is a good place.
Thanks for dropping by mate!
This reminds me of Trace Mayer! He said he wears his protection like a tinfoil sombrero! 😂 I'm trying to get like that! Protect your coins at all costs! Definitely improving mine. Thanks for all the tips! Definitely gonna bookmark this and go through it!
I've never heard of Trace Mayer, I'll need to check him out. Sounds like a pretty cool dude with that comment ha! I went through a serious tinfoil hat stage.
Like I said below, we are our own banks now. Noone is going to take the wrap. It'll not sink in with some people until something goes wrong!
great advice on keeping those so very important passwords. I did all of those for both my steemit and cryptowallets.
Good practises mate! Moving forward we all need to be smart about our security. We don't have a big bank with insurance when something goes wrong. We are our own bank.
Congratulations! This post has been chosen as one of the daily Whistle Stops for The STEEM Engine!
You can see your post's place along the track here: The Daily Whistle Stops, Issue # 66 (3/7/18)
The STEEM Engine is an initiative dedicated to promoting meaningful engagement across Steemit. Find out more about us and join us today!
Nice collaboration on this information, I commend all of you for putting this information together for folks like me who are computer ignorant for the most part. I need to take a good look at some of things mentioned here.
Thanks.
Glad you found some use for it @sultnpapper. That was the aim of the game :)
I heard that farm was only open on April 1st? Steemit for the other 364 days a year?