Bitcoin Forum

Security breach is natural here in the world of Crypto and I just want to share my own simple ways on how to lessen the possibility of being hacked, specially in our emails.

 Below are the different methods I used to work to secure my own data:

1. Using Multiple Emails -
 I recommend using multiple emails, normally 2 to 3 emails to protect the MAIN account.  To protect our accounts from any possible Scam, Phishing sites etc.  which may compromised your personal information.

 Just simply identify which email is your main and which email will you make a dummy or for all types of site you don't sure if safe or not.


Explanation:

 Main :
 Use this email to register for any  reputable sites and apps that hold your funds, like E-wallets (Coins.ph, Coinbase, Abra etc.) and for reputable exchanges that hold your assets (Binance, Bitfinex, Polinex, HitBTC etc.  )

 It can also be used on various social media accounts such as:
 Facebook, Twitter, Reddit, LinkedIn, YouTube etc.

 But it's more secure if you have a separate email.  Email for social medias and email for all fund controll sites and apps.

 Note:
 Never use this email to register to any sites, especially if you are an Airdrop and Bounty Hunter.


DUMMY
 Use this email on any site, it is not as important as Main email.  Even if you're not sure about the sites / apps background or review it is safe as long as you do not link to your Main account.  Use your main to backup your dummy and if someone cracked your email pass  or you only forget the password you have the power to recover it but don't do it vice versa like making your dummy as recovery email for your main email..  Main must have control over dummy for recovery purposes.

 As I mentioned earlier, you can use 2, 3, or more emails, the important thing is that Dummy has no connection to access main.

2. Using Multiple Password:
 Like email, you can also use multiple passwords with different use to secure and manage accounts easily.

Example

 Main - December @ 123
 Dummy - November $ 456

 You can add One, two or more tbased on your  ideal quantity of password but I recommend using 2 passwords for convenient in terms of memorizing.

 If you notice they are almost identical to Format, because it is made for convenient purposes.
 Entering numbers, CAPITAL LETTERS and special characters can make your password stronger.  Instead of making a long password with pure small letters is easy to crack.

3. Mobile Number -
 Never let your main Email without any mobile numbers linked.  If  the dummy account is compromised, use the main email for recover it ( back up.  Here, the mobile number keeps you coming back.  Much better use this number as 2FA for your main.

 Note: if you have lost your mobile number, replace it immediately with another mobile number.

 This post is not the full key to secure your accounts so it is always "da best" to study closely any site or apps you go to or use.
 May this article be helpful to you, whether you are a beginner or a professional.


 Feel free to correct me if I have forgotten or misused terms.

---

I just only translated my own post on Pilipinas Section (Philippines)
https://bitcointalk.org/index.php?topic=5197229.msg52927416#msg52927416

This is a good read. I wonder why it is not commented well unlike those other post that are not that relevant. Well, I am doing this and it is proven in securing your email. We secure our emails so that our accounts on different platforms will not be compromised.

Good thing I did one of these back in the days where I was joining few airdrops. I received a fake MEW site claiming to make me view my wallet into their phishing MEW site.
Using password managers could also be great way, but it might vulnerable to spywares that's why I don't use them sometimes.

And if you are still active in airdrop campaigns it is best to create a separate email for this as it will be the key to making us vulnerable to hackers, scammers as they can easily send traps to us.

Similar to
Phising site (no 1)
Fake Bravebrowser bounty
Fake Myetherwallet website.

Malwares.
Spam mails.

The thread should be on "Beginners & Help", you can move it the thread at there.

However, the emails problem not being an attack but getting a spamming from phishing, malware and scam project or airdrop invitation.

You also can add the thread @masulum as a reference https://bitcointalk.org/index.php?topic=5198564.msg52979658#msg52979658 since the topic can be related to your topic.

Ya using a separate email for crypto stuff is smart, i been in this so long i had to combat alot of spam over the years as i used my main email off the bat
not smart haha. for last 2 years or so, seperate email!
it dosent matter if you think the crypto services your using are "safe", databases get breached and those emails get dumped/sold
happens OFTEN.  this forum itself has been dumped x2 since ive been a member only haha :P it happens

Thanks for the info, spam mails and other phishing schemes won't work on me because i don't click on links in email and moreover i have separate email for airdrops hunting etc

Yes indeed this is the best way, and some people who already know this might be negligent, thanks for the info, maybe I will also recommend to my friends to use this method so that they are not mistaken and wrong rare for the future.

2nd options on our keys is proven that secure most of our assets in any terms such as information and any other important things we have. I'm using this method since I enter Crypto.

2 Factor Authentication is a must in terms of holding funds

for me securing email is easy i just attach my phone number to my email and the most important thing is never use the same password to any website same with your email password

Not bad guide but in my opinion the best variant is to use protonmail without sms recovery. SMS is not secure anymore

Your opinion is exactly contradicting to each other. But I will go for using phone number, but I believe that using phone number is not also secured way. Because there's cases of messages manipulating malwares that keep on popping up. But leaving our accounts without phone number attached is like you're walking on a snow. Your security is naked, using phone number can also buy time for you too change password or transfer your funds to a anonymous but wallet

It's a wise idea to have multiple email address. There should be an email address dedicated for airdrops and another for bounty. This should be different from the main email address and should have different passwords for control purposes. If possible one could review the email subsequently and change to new email after a period of time.

Pretty good advices, been doing the three mentioned by OP's as long as I could remember and other things as well.

I regularly changes my email password and the main email only for the most reputable exchanges or platform. And don't you just click any links you received on your email without reading the content and the sender first, who knows, hackers might try to change the password from one of your associated account with the email, and you didn't pay enough attention of such things.

Secure email using multiple emails is a good idea but sometimes I don't want to use it. Simply log in using the HP verification with OTP or if necessary use the Authenticator to be more secure and will not be able to get people into our email.

This indeed a good tips. Thank you for sharing us, most people here often got hacked or scammed due to using their personal email even for joining airdrop and once youre email flooded lots of emails then you accidentally fall for such scam link then youre done. For newbies should read this guideline its worth youre time.

I do consider that most of the people who are signing up uses their personal email address that already exposes them to risk and in addition, they also provide passwords that are mostly used for their personal account as well. With that regard, we cannot ensure that each platforms do really implement encryption of the users passwords to their database. So, for us to secure our emails, when signing up, make sure to provide purely different passwords and username information.

  I wrote this article to confirm that this is the right thing to do. I used to sign up for airdrops with my main email for airdrops and bounty. One evening I received an email from the Brave browser, saying that I only need to fill out the above form for my ETH wallet and will receive $ 100 immediately if I download the Brave browser and hang it. I followed suit and my computer suddenly froze and the viruses started stealing information. I had to reset it immediately and lost some pretty important data. You should be most wary of this issue.

I will take down HitBtc if I were you. Using your main e-mail address here could cause you everything.
Trust me, I know it. Someone is logging in with my account even though I am not using HitBtc anymore.
How do I know? It keeps on sending me e-mails that I logged in from a certain area and country. Which I didn't do.
Just a head up though.

Binance is okay with me. It will tell you what is going on with your account or if someone is trying to access it thru email for security purposes of course.
Thanks though for the tips using dummy accounts.

Yes that a better solution and dont forget to not register using your main email in any website . Because you know there are many phising attempt that hacker want to try just to have your email and password.

I recently lost my 0.007 BTC on HitBTC to be honest.
And and post it on Pilipinas Section (Philippines), I really do believe what you said and I already lost my trust on that crappy exchange.

Here is the link below :
[GABAY] Kahalagahan ng 2 Factor Authentication (https://bitcointalk.org/index.php?topic=5201183.msg53066832#msg53066832)

actually I have done as you said a long time ago, but my mistake was connecting emails with each other for recovery, so I think I still need to fix all of this, thank you for the advice you gave. btw, it's very useful because recently I got a fake email from blockchain.com

Good guide, I did everything when I registered the email. And also someone who is not known to send emails is better to ignore and don't trust, or can add email filters so that unknown emails enter the spam list.

in fact the whole point of it all is that you don't have to publish your main email and separate it for different uses, I made another email specifically for bounty work because my email was published in their spreadsheets so many spammers will attack with unclear promotions or send dangerous links , so I always separate the main email from the email for my work in crypto as a bounty hunter, if it's done well everything will be safe, I activate 2fa sms and gmail code, I don't give my main mobile number to anyone, so this is where I look after it

It is a great tips specially now that there are too much scam and fraud cases here in crypto world. All we know that our emails is very important because it is connected in our account security and our email receive the confirmation of the code so you can open your private account on other device so make your email always secured.

Also you can check if your email have been compromised using

(https://haveibeenpwned.com/).

I also used protonmail for my more secure private emails, good email service and it's for free.
Of course, one of the best practice is not to click any links that you received in your inbox, specially if you don't know the source or the originator of the mail.

Why isn't SMS safe anymore? in terms of what it is so that making SMS is no longer safe to use, please explain more fully here, so everyone can know about SMS that is no longer safe.

Maybe because of this news?
'Bait-and-switch scam': AT&T fined $60m over data throttling allegations (https://www.theguardian.com/business/2019/nov/05/att-telecoms-settlement-data-internet-phone)

I don't know why even if i have followed all of some of my emails are still getting published on internet or there is something wrong with my PC. I just curious about how the scammer can get our email or maybe they are buying it from the trusted party who have been selling our email.
The possibility for the collusion is always there even if you are using the trusted service.
And just build my own email platform for myself and that's enough for me.

Agree, use a different email for the bounty or to register with the exchanger. The most important thing is we have 2FA for our email because sometimes we store data in cloud storage that is connected to our email account

This kind of example already worked a lot with me.
Ever since they require special characters with passwords, I normally did it now.
Every password had special character then two numbers and capital and small letter in it.

The only problem is I forgot my other passwords since I already got used to it.
Some of them just have normal small keys and numbers. Digging them out had been a lot of work.

Great tips for added security. In summary, just have two email accounts, one to be your main, and the other for those unreputable sites you sign up into. Although you must always remember the password for your second account, and having to remeber two accounts on which one you used on a site could be quite difficult at start, but it takes time to get used to.

Use multiple emails really help us people who not want to reveal our main email to anyone. Because from what i see, sometimes when i submitted my email, some spam email don't know from where is coming, that is why sometime i use my second email to do airdrops or bounties so my main email not revealed easily.