Crypto security: Passwords and Authentication (Livestream -aantonop)

[OcTradism]

I cared about security and privacy and have never lost interests to learn more about it. I only watch a very interesting livestream and will share with you shortly.

Before going to that livestream, please make sure to check and read some helpful topics in Good topics on security and privacy

The livestream:
- Crypto security: Passwords and Authentication (Livestream -aantonop)
- Link to watch: https://www.youtube.com/watch?v=m8jlnZuV1i4
- Author: Andreas Antonopoulos

The livestream is very long, it lasts 2 hours and make sure you watch all of the video and watch it a few times when your mind is fresh.

Introduction part. For the rest, spend your time to watch and go ahead.

Security is a tricky topic.

In order to maintain security of your crypto currency, you have to maintain security of all of your accounts. For many people, it is the first time they have to carefully think about the security of their online identities and online devices.

When you lose your privacy, when your information get hacked, you do not feel it right away.

[Charles-Tim]

Privacy, security and safety are all important not only offline but also importantly online, many people do not even know there is an existence of online privacy while making use of their device online in a way their privacy can be compromised, and also in a way that can lead to malware installation on their device(s). There are many security practices that must be deployed which can lead to online protections. OcTradism compiled lists of many topics in which he also included the link above, this can go a long way to helping people to providing tactics and ways to online privacy, security and safety.

About the video
I watched part of it, it was interesting and can help newbies to certain extent. But,

1. The guy said seed phrase are 24 words, but normally seed phrase can be 12, 15, 18 or 24 words, instead it should have said seed phrase are make up of 12 to 24 words. I like one thing about this forum, ranked members  like to make sure they post in a way that makes their posts very correct, or be corrected.

2. Also, the guy first mentioned the use of a book to save passwords and others like seed phrase and passphrase, this is right and should be the way to follow. But, he later mention that the easiest way is to make use of password managers, I strongly disagree to this. Password managers synchronized online and you will provide it with a email and a password so that even if your phone is lost you will be able to recover back all the passwords. It is truly easy but can lead to attacks, assuming an attacker just get access to your device, or your login details, that will be all to all your accounts as he can see all your passwords. Backup of such sensitive things online is total wrong.

Backups is best to be offline, using a pen and paper for it will be fine, or writing it on metallic sheet, or using other good means you know can be able to recover back the passwords in a way it will not be vulnerable to damages and attackers, and triplicating the passwords and having it in three different locations will be better.

[hatshepsut93]

Password managers synchronized online and you will provide it with a email and a password so that even if your phone is lost you will be able to recover back all the passwords. It is truly easy but can lead to attacks, assuming an attacker just get access to your device, or your login details, that will be all to all your accounts as he can see all your passwords. Backup of such sensitive things online is total wrong.

This can't be true for all password managers, many of them allow you to opt out of cloud backups, or choose your own self-hosted server. And cloud storage itself doesn't mean that your passwords can be easily stolen, the database file is always encrypted, so if your password is strong, even a cloud storage hack won't do much on its own. Password managers are considered a best practice among all security experts, so a long as you do everything properly, they will be more secure and safe than whatever a non-expert person can come up on their own.

[bob123]

But, he later mention that the easiest way is to make use of password managers, I strongly disagree to this. Password managers synchronized online and you will provide it with a email and a password [...]

I have never met a person using a password manager which stores a backup online.
Usually people either don't use a password manager, or they use a proper one.

I'd also discourage people from using password managers which store the encrypted file online. But using a standard password manager where the database is only kept locally (and has to be backed up locally) is absolutely fine.

Obviously, a compromised system may lead to the compromise of all passwords.