Notes From An Expert

Credit goes to Jason Ansley, Wolf Den Member and form IT professional and cracker. This information was borrowed from the Wolf Den's Whitepaper.

The Rule of 7: General Rules For IT Security

Once a hacker has to go through 7 layers of roadblocks, the risk-reward for time invested significantly diminishes for the hacker.

Doesn’t mean it’s not hackable…just about everything is hackable given enough time/effort. The question is: "But is it worth it?"

The easiest hack is social engineering… which is most of what you are seeing in crypto with DMs and offers of help but you’ve got to go connect your wallet to a site they give you… easy… 1 road block…getting you to trust them in a private conversation.

This is why we encourage people to change their Telegram & Discord settings to protect themselves as much as they can from social scams. See the Telegram & Discord channel for an overview of privacy & security settings to protect yourself.

As for keyboard loggers, those are a bit harder to install but can be done. Using a secure auto fill tool such as LastPass password manager, adds an extra barrier here.

Make sure you have 2FA activated everywhere that you can. Yu can and use it via an Authenticator app such as the one by LastPass Authenticator, Authy, or Google Authenticator.

Email and SMS 2FA is false peace of mind. Authenticator Apps that generate new codes every 30 seconds or so are the way to go.

Longer passwords are better than shorter complex ones. Aim to have your alphanumeric passwords be at least 24 characters long.

Complex and long is best.

In the context of a cold wallet, I do use a hardware wallet for my big long term holds. You can see our Wallets channel for more information on hardware or "cold" wallets.

So, back to minimum 7 roadblocks. Here's an articulated summary.

The 7 Roadblocks of Better Security

Own ALL of your private keys
Complex >24 character passwords for wallets/exchanges/dapps
Disconnect wallet (per medium article by doc kev) & revoke token approvals
Lock MetaMask (per medium article)
Copy/paste MM password from a password safe such as LastPass (I like this one as it was developed by a top security guy at the University of Kentucky about 20 years ago and has stood the test of time…LP also has a “no see” policy…the database is hashed and encrypted so no LP employee can view passwords)
Cold storage wallet as 2FA for every transaction in MM
BITDEFENDER Total Security software for proactive device monitoring

At this point, a hacker would have to be deep in your system for a very long time to have even the slimmest chance of accessing your funds in your wallet(s).

Source Credit: Dicka from WolfDenLabs

PreviousThe "Gold Mine"NextYour Crypto Device(s)

Last updated 2 years ago

The Rule of 7: General Rules For IT Security

Once a hacker has to go through 7 layers of roadblocks, the risk-reward for time invested significantly diminishes for the hacker.

Doesn’t mean it’s not hackable…just about everything is hackable given enough time/effort. The question is: "But is it worth it?"

As for keyboard loggers, those are a bit harder to install but can be done. Using a secure auto fill tool such as LastPass password manager, adds an extra barrier here.

Make sure you have 2FA activated everywhere that you can. Yu can and use it via an Authenticator app such as the one by LastPass Authenticator, Authy, or Google Authenticator.

Email and SMS 2FA is false peace of mind. Authenticator Apps that generate new codes every 30 seconds or so are the way to go.

Longer passwords are better than shorter complex ones. Aim to have your alphanumeric passwords be at least 24 characters long.

Complex and long is best.

In the context of a cold wallet, I do use a hardware wallet for my big long term holds. You can see our Wallets channel for more information on hardware or "cold" wallets.

So, back to minimum 7 roadblocks. Here's an articulated summary.

The 7 Roadblocks of Better Security

Own ALL of your private keys

Complex >24 character passwords for wallets/exchanges/dapps

Disconnect wallet (per medium article by doc kev) & revoke token approvals

Lock MetaMask (per medium article)

Copy/paste MM password from a password safe such as LastPass (I like this one as it was developed by a top security guy at the University of Kentucky about 20 years ago and has stood the test of time…LP also has a “no see” policy…the database is hashed and encrypted so no LP employee can view passwords)

Cold storage wallet as 2FA for every transaction in MM

BITDEFENDER Total Security software for proactive device monitoring

At this point, a hacker would have to be deep in your system for a very long time to have even the slimmest chance of accessing your funds in your wallet(s).

Source Credit: Dicka from WolfDenLabs