The explosiveness of non-fungible tokens (NFTs) and the high value of the dollar distracts investors from increasing their operational security to avoid exploitation, or hackers are simply pursuing money and exploiting depositors’ wallets. Are using very complex strategies.
At the very least, this was my case when I was deceived by a classic message sent by Discard that deprived me of my most valuable possessions.
Most scams on Discard are similar, where a hacker takes a list of members on the server and sends them direct messages in the hope that they will take advantage of it.
Caution: There are several scams on Discord tonight. Question about anything. Before clicking on the links, double check who it is and if it is legitimate. Then check 12 more times on Twitter from trusted sources.
– Farooq (farokh) October 27, 2021
“Happens to everyone” are not the words you want to hear about hacking. These are the top three things I’ve learned from my experience of doubling security, starting with minimizing the use of hot wallets and ignoring DM links.
Crash course on hardware wallet
I was immediately reminded after my hack and I can’t repeat it enough, never share it with you. Badge phrase No one should ask for it. I also learned that I can no longer give up security for the sake of convenience.
Yes, warm wallets are much easier and faster to trade, but they do not have the added security of hardware or cold wallets such as PINs and passwords.
Hot wallets like MetaMask and Coinbase are connected to the Internet, making them vulnerable and vulnerable to hacking.
Unlike hot wallets, cold wallets are apps or devices where the user’s private keys are offline and not connected to the Internet. By working offline, hardware wallets prevent unauthorized access, hacks and certain system vulnerabilities, which are sensitive when online.
4 / Use hardware wallet.
A hardware-based wallet stores your basic device keys. Your device may contain malware, key loggers, screen capture devices, file inspectors, all of which revolve around your keys.
I recommend Ledger Nano S https://t.co/LoT5lbZc0L.
– richerd.eth (マ, マ) gm NFT.NYC (@richerd) February 2, 2022
Additionally, hardware wallets allow users to set a personal PIN to unlock their hardware wallet and create a secret password as a security bonus layer. Now a hacker needs to know not only the recovery phrase and PIN but also a Pass the sentence. (Password) to confirm the transaction.
Password recovery is not spoken like a phrase because most users do not use a hardware wallet or are unfamiliar with mysterious passwords.
Accessing the recovery phrase will open up a set of wallets that match it, but the password also has the power to do so.
How do passwords work?
Passwords are an extension of the recovery phrase in many ways, as they combine the randomness of the recovery phrase provided with the user’s personal input to calculate a completely different set of addresses.
Think of passwords as the ability to unlock an entire set of hidden wallets, in addition to those already created by the device. There is no such thing as a bad password and unlimited money can be made. That way, users can go further and create decoy wallets as a denial to spread any possible hack to kill a key wallet.
This feature is useful when separating digital assets between accounts, but is terrible if forgotten. The only way for a user to repeatedly access a hidden wallet is to enter the exact password, word for word.
Like the recovery phrase, the pass phrase should not interact with any mobile or online devices. Instead, it should be kept on paper and in a safe place.
How to set a password on Trezor.
Once the hardware wallet is installed, connected and unlocked, users who want to enable the feature can do so in two ways. If the user is in their Trezor wallet, they will click on the “Advanced settings” tab, where they will find a box to check to enable the password feature.
Similarly, users can enable this feature if they are in the Trezor package, where they can also see if the firmware is up to date and PIN configured.
Trezor has two different models, the Trezor One and the Trezor Model T, which allow users to activate passwords in different ways.
The Trezor Model One only allows users to type their passwords into a web browser, which is not ideal if the computer is infected. However, the Trezor Model T allows users to use the device’s touch screen pad to enter a password or type in a web browser.
In both models, after entering the password, it will appear on the screen of the device, awaiting confirmation.
The other side of security
There are security risks, though it may seem obvious. What makes a passphrase so strong is that it weakens it as a second confirmation step for the initial passphrase. Assets are lost if forgotten or lost.
Of course, these extra layers of security take extra time and precaution and may seem a bit over the top, but my experience has been a difficult lesson in taking responsibility for ensuring that every asset is safe and secure.
The views and opinions expressed herein are those of the author only and do not necessarily reflect the views of Cointelegraph.com. Every investment and business venture involves risk, so you should do your own research when making a decision.