Cryptocurrency Passwords: Crypto Security Guide Part 1
We will take you through the free and easy steps you can take right now to better protect yourself and your crypto.
Having reviewed countless examples of people losing money and the solutions that hackers themselves say make a big difference, we have put together the following recommendations for your Cryptocurrency Passwords.
Crypto / Online Security Overview
We have all read the horror stories of people having their social media account hacked (CNN.com) or having their identity stolen (Fortunly.com). As the world moves towards a digital future it seems inevitable but there are some things we can do to make it much harder for it to be us that gets hacked.
The criminals are playing a numbers game. There are enough poorly protected people that they will simply not bother with those that make the little extra effort to protect themselves.
Before we start:
We can’t stress enough how important it is NOT to store any important information about crypto on your computer or your phone or in the cloud or anywhere else that a hacker can get to it. If it is digital they can hack it!
Forget about saving passwords in your browser, or in your passwords folder, by emailing them to yourself, in a spreadsheet or in a notepad app on your phone. Even as a photo!!
If you want to protect your crypto from hackers you need to be recording all this information
BY HAND, OFFLINE, SOMEWHERE SAFE !
Creating Cryptocurrency Passwords
It’s up to you to take the necessary steps to protect your money and investments, whether it’s the cash in your wallet, your bank account or your crypto.
Now, we are realistic.
We have not followed all of these rules, for all of the passwords we have.
For our HomeDepot, Uber, Library card, etc login’s we, just like everyone else, just didn’t want the hassle and have yet to update them.
However, Crypto is all digital, and it is all money. It is therefore targeted by Cyber Criminals, so for these few accounts, we made sure we were more suitably protected.
There are highly professional thieves, advanced AI software, and well-funded organizations out there working 24/7 to steal money and assets from other people.
You need to be building a solid fortress around your crypto right from the start …. and the front door is your Password.
If your password isn’t strong the thieves are going to just walk right in…..
How does a password get hacked ?
Cybercriminals have a choice of different ways to try to hack your password. The easiest and quickest way is to buy your passwords off the dark web.
There is a roaring trade in buying and selling people’s login details that have previously been hacked or leaked from big well known companies.
If you have been using versions of the same or similar password for more than 12 months, there is a chance it’s already been compromised and is for sale somewhere!
Crypto Brute force attack
A Brute force attack uses computer software to try as many password combinations using symbols, letters, and numbers as possible until it guesses your password correctly.
This software can make more than 1 billion guesses a second!
The key to protecting yourself against this type of attack is all about password length. You need to be thinking a minimum of 16 characters in your password to protect against a brute force attack.
Crypto Dictionary attack
A dictionary attack again uses exceptionally fast hacking software that uses a dictionary to guess words that may be used in a password.
If you want to use words in your password the best way to outsmart a dictionary attack is by linking unconnected words altogether in a passphrase eg TigerPlatonicRatioNounSheperd
Crypto Phishing Attack
A phishing attack tries to trick you into sharing your password on a fake website, in an email, online chat, or over the phone.
They are exceptionally clever and convincing and focus on times/situations where your guard might be lowered or try to make you act quickly without checking.
All the scammers need to do is wait for you to unwittingly type in your password and once you do they have it.
Never share your password over the phone.
Check emails very carefully to make sure they are legitimate. Be particularly suspicious of any email that might suggest one of your accounts has been compromised or unexpectedly locked….they prey on your panic or worry.
No legitimate organization will use a gmail.com account to contact you…..not even Google!
After the @ sign you should be looking for the: companyname.com
Also, check for poor English, misspelled website addresses, company logos that look wrong, or the lack of blurb you may usually ignore at the bottom of official emails.
The easiest way to check if an email is legitimate is to compare it with 2-3 previous emails you have received from the same company.
Common password mistakes
In our experience, you need to create a lot of different, secure passwords when you are investing in cryptocurrency and these passwords need to be extremely strong.
If your password is at all personal or predictable by password cracking software, it is as good as useless!
- Don’t use common phrases, famous movie lines, lyrics, names, dates or anything resembling an actual word or sentence.
- Don’t simply spell words or sentences backward, because the software will already know to check for that.
- Don’t even replace letters with numbers that look similar, like the number zero for an o, or the number 3 for an e.
- Don’t ever use the same password on more than one account.
- Don’t store passwords for cryptocurrency accounts on a password manager. Even cloud-based or encrypted password managers are vulnerable to remote attacks as they act like a “honey-pot” for hackers.
Crypto password generator
Some people may have already tried websites and apps to help them generate complicated passwords – don’t do this with crypto.
If you create a password using a software program there is a digital copy of it that can be discovered.
Honestly, I have done all of the above things to create passwords, more times than I am happy to admit! There are still passwords for my non-crypto stuff that I need to go back and change because I realize now how predictable and insecure they are.
At first, it seemed a real pain to use secure passwords as they were not easy to remember, fiddly to type in correctly and the login process just took way longer.
But now I am reassured by the process being more difficult ….. Because that means I have passwords that are a lot more secure and difficult to hack.
I would like to share some tips with you on how to create strong and secure passwords as you will need one for every crypto account you create.
How to Build a Secure Password
- Use a different password for each account.
- Long passwords are stronger, so make your password at least 16 characters long but more if possible. Every character you can add makes it considerably harder to hack.
- Random Passwords: you need a good mix of uppercase and lowercase letters, numbers, and symbols. Try to avoid using characters that are directly next to each other on your keyboard
- Passphrase Passwords: choose unusual, bizarre, or random words, this can include names from the yellow pages, encyclopedia, or fiction book, or words you know in a different language and string them all together like this for example:
- While the words should be uncommon, try to come up with a phrase that gives you a mental image. This will help you remember it!
- Sentence Passwords: Make up a random sentence and then create a rule to keep, remove or substitute letters from each word and lastly remove all the spaces. For example, keeping only the first two letters of every word from this sentence:
Why do Apples taste better when they are chilled
gives you :
Try to make sure the sentence you choose is as personal and unguessable as possible.
How to Store Crypto Passwords
Some people choose to use notebooks to record all their sensitive crypto information with one for daily use and 2 other notebooks, acting as back-up copies, stored somewhere safe.
Our experience in crypto led us to develop our own crypto recording sheets, that we fill in by hand, make back-up copies of, and store in folders.
We found it was easier this way to update the records as they changed. (also a folder is a lot harder to lose than a notebook!)
I have laminated the recording sheets we use everyday and recommend doing this if you have access to a laminator.
Coming up with good passwords takes time, so I try to come up with 3-5 passwords at a time that I write down as my spare passwords.
When I need a new password I can simply grab one from my spares list rather than trying to quickly come up with one on the spot!
If any accounts require a security question, your answer needs to follow all of the rules above.
You need to create a long, fake answer that has nothing to do with the question.
Pets names, school names, mothers maiden name, first car…..all of this stuff can be discovered online and through your social media accounts or other people’s accounts who are your friends or family.
Store fake answers to security questions in your crypto file or paper notebook with everything else.
Nothing is unbreakable.
If a hacker group specifically wants to hack you, then just as the ‘most secure (Forbes.com)‘ places on earth have found, they will probably find a way.
What we are actually doing, however, is making it so difficult that when they randomly try it is not worth the extra time and extra effort to crack our password so they move on to the next person!
Having a secure password is just the first step. You then need to make sure your email is also secure, after all, that is a common verification method and also all too easily hacked!