Bitcoin Forum

       Hello. I want to bring a little benefit. I read these tips in another local branch, and I consider them though trite, but fundamental. Perhaps the same beginners like me will find something useful in them.

       PASSWORDS - rules for passwords for mail, accounts ... useful everywhere
       

• Think of a complicated password for your account, mail ... (Latin letters in different case and numbers) for more than 20 characters, for example: hBpE2Pms756j3kfe9w2hm6nf (consider length restrictions and character restrictions for passwords for site and database engines).
  Or use the services to generate a complex password.
• The password should not be part of an old password (from start to finish, it must be new).
• The password should be meaningless, i.e. there should not be words and words in it with the substitution of characters (for example: bitc0inP @ rol)
• Do not use the date of your birthday and phone number or car in the password.
• Do not use the invented password / login in accounts on other resources (let each site have its own unique password).
• Sometimes change the password to a new one (do not be lazy;)).
• Do not share your passwords with others.
• Try not to make mistakes when entering passwords on sites, i.e. Do not confuse passwords (for example, instead of typing your password from the mail), they can be collected for further hacking. Be careful.
• For large and complex passwords, use the clipboard to enter, do not torment yourself;)

       MAIL - your mailboxes
       

• Use two-factor authentication at mail.
• Do not enter your primary mail address, wherever you are (registration on questionable resources, subscription to mailings), use another for this mail.
• Use a new mailing address for each project.
• Do not poke on all links in a row in the incoming letters, with the help of these links, the scammer can:
  -Calculate your real IP and make an attack.
  - Download a malicious program on your machine.
• Be very careful when starting attachments in letters, for a normal running document can be a macro that will download and run the virus or encryptor. Now such letters are well disguised as government agencies or your acquaintances. And investments, for accounts, payments, requisites, court documents, pictures, contracts, etc.
• In the settings of the mail client, you should disable the viewing of messages (message body) as an HTML page, and include a simple text. (Protection against cross-site scripting).
• Beware of phishing mail, this is when you receive letters from the name of the postal provider, from online stores, and from any sites, services, banks, this forum known to you and ask you to change the password or send them confidential information.
• Keep your mail clean. Delete emails with important / confidential data, previously saving them, somewhere. In case of hacking, nothing valuable will be stored there.

      STORAGE OF ACCOUNT DATA - your logins and passwords, secret keys, certificates ...
     

• If you store information in text files then:
  -Back them (reserve).
  -Keep in the password-protected archive (this will give a "certain" protection against theft).
  -If the computer is shared, use an external drive for your files.
• You can also use flash drives with encryption (do not confuse with password-protected flashes in Windows).
• There are programs for storing passwords, for example: KeePass Password Safe (there is a portable version that works without installation). Everything is stored in an encrypted form and with a password. Or a similar program KeePassX. They also have generators of strong passwords, which are suitable not only for their creation, but also for understanding what passwords should be.

     ACCOUNTS - bitcointalk, mail, and any other
     

• CAREFULLY, very carefully look at the address line of the site in the browser, before you enter your login and password. The site can only be a copy-fake for fishing your credentials. This is also a phishing, but already with the help of search engines. For example, they entered into Google (yes my Yandex will forgive me) the name of my site. He got your first line, you hit it and hit it. And how "hit" depends on you. A site can be a copy. You can find out this only by eagerly peering into the address bar and checking everything up to the letter, for a greater confidence you can check also the site certificate, in the same place on the line. So, if the address is different from the original, then it's a fake.
• In advance, save your links to your sites, so do not look for them again and again. Make bookmarks in the browser.
• This forum can also use phishing links (in messages, topics, signatures, in private messages), so be vigilant, doubt - do not poke :) Or check the special service, see further in the text.
• When you finish work with the forum, mail ... be sure to click on LOGOUT (exit) to remove your current Cookies, this will make their hijacking more difficult.
• Attention! In advance, tie your account to a bitcoin wallet, it will be easier to restore (more accurately without binding, it may not be possible to restore it).

      Original: https://bitcointalk.org/index.php?topic=2714740.0

I'll add: Before you click any link double check the status bar (browser bottom) for actual target.

example: https://www.google.com (https://duckduckgo.com)

How about adding 2fa authentication as another tip to secure their accounts and use antivirus that supports cryptocurrencies. If you have this both your account is secured and safe because I experienced before that my facebook account can be hacked if you don't have any antivirus protection your account can be compromised that is why I decided to use antivirus to prevent my computer become infected with viruses and keyloggers.

Just to add to the passwords part, it'd also be very beneficial(in a security perspective) to add symbols(%@!$%@*) to your password. It makes your password a lot harder to bruteforce that way.

Also, I suggest using a password manager (e.g. KeePass2, BitWarden, etc). Just so you have to only memorize one very complicated password.

---

[1] https://keepass.info/
[2] https://bitwarden.com/

Someday a friend of mine told me about a way to make a password seed.

He has some password, with all those symbols,capital letters, numbers,etc. But he can't use this password for every website.

So he uses this password, plus the name of the website as the password. Works like a seed.