|
jacobmayes94 (OP)
|
 |
April 30, 2016, 01:40:04 PM |
|
With a trezor your relatively safe if you check the address on it when you send coins, the coinbase isn't a typical online wallet but a multi sig vault where they have a key, you have a key encrypted with a passphrase that they hold and you print. And a third printed key that allows recovery if passphrase forgotten.
I let people use my machine under supervision, the USB stick was unlucky but due to security measures I take with my funds and i keep my data partition unmounted unless I use it, moving to Linux again soon. I am intending to get a cheap laptop for bitcoin use to be fair, 2FA is just a separate security layer thats silly not to activate :-)
It is a must I think when dealing with money!
Jacob
Edit: even with Linux is good to take precautions. I will admit since using kaapersky for years this is one of the first thing to slip through kaspersky net that I know of for me.
|
|
|
|
|
|
senyorito123
|
|
April 30, 2016, 01:48:03 PM |
|
Glad to hear that, all your coins are safe because 2fa. I'm nut using 2FA though, but because of this topic, i will try using 2FA now, is it hard using 2FA ? Because i never use it.
Not hard at all, you just need a smartphone and the Google Authenticator app. Also I have read in different posts in different part of this forum, you need to have a clean machine when enabling it as there are still risk with enabling 2fa in an infected machine, but don't know much about those risks, no one has explained them in detail yet, just make sure you have a clean machine, so run a scan with your internet security first before enabling 2FA I think its all the same because many people can bypass the 2fa, 2fa is useless if your gmail account is being hack and for me i dont enable my 2fa because it is hassle when you open your wallet to many tabs to open and so fare i dont experience victimize by hacking and it is your responsibility tp take care of youe wallet and it depends on how you handle it to avoit being victimize by that scheme is to avoid shortened link |
|
|
|
|
jacobmayes94 (OP)
|
|
April 30, 2016, 01:58:28 PM |
|
A trezor is a good bet too, not that expensive and your private keys are safe, use it properly and its a good buy. I do highly recommend it.
No harm came to my coins from use of 2FA on exchanges, being vigilant with private keys in the case of the coinbase multisig wallet, and the trezor. Have more than 1 BTC or so, a trezor or something like a multisig vault for simplicity is a good idea.
And most important, don't keep your entire BTC wealth at a single wallet!
Jacob
|
|
|
|
|
|
katrimans
|
|
April 30, 2016, 02:37:49 PM |
|
Enabling 2FA is must if you want to keep your account secure. On enabling 2FA, your wallet cannot be hacked and you are safee
|
|
|
|
|
|
rinhunter
|
|
April 30, 2016, 03:50:56 PM |
|
yeah, right..
enable 2FA feature before late. Especially if you have a large amount in the wallet, really big mistake if it doesn't enable the 2FA feature.
|
|
|
|
|
Junko
Legendary
 Offline
Activity: 1512
Merit: 1000
|
|
April 30, 2016, 03:59:36 PM |
|
Agree on all points.
I have on occasion let a friend or family member use my laptop for something small/urgent, but I have always been present and watching all the while.
And 2FA is definitely a must. It will help you sleep at night.
|
|
|
|
|
|
streazight
|
|
April 30, 2016, 04:02:10 PM |
|
Enable 2FA is better for good security
|
|
|
|
|
Hazir
Legendary
Offline
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
|
|
April 30, 2016, 04:03:42 PM |
|
....My mate used my machine....and got a virus on it.
Wait you had Kaspersky antivirus and other malware protection software installed and your friend still managed to infect you with a virus? it is quite a feat if you ask me. I miss times when computer viruses only slowed your machine down, now they can rob your money. Insane times. |
|
|
|
|
BellaBitBit
|
|
April 30, 2016, 04:11:36 PM |
|
Thanks for sharing, this shows how important 2FA is whenever possible. It can be a pain but it is so worth the few extra seconds to save 1000s of dollars in btc/crypto.
|
I love Bitcoin
|
|
|
Farma
Legendary
Offline
Activity: 2716
Merit: 1002
Leading Crypto Sports Betting & Casino Platform
|
|
April 30, 2016, 04:15:07 PM |
|
enable 2FA sometimes very inconvenient, so we could not log on quickly and it was very disturbing, but on the other hand, it provides a promising safety, I am happy to hear that reason
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
April 30, 2016, 04:19:26 PM |
|
How do you know it wasn't you that put the virus on the computer?
If you have £3000 on your laptop and consider that valuable, don't lend it out just in case.
good to hear that the ttempt to breach security was foile by 2FA in this case.
|
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
April 30, 2016, 05:05:06 PM |
|
Dude, you reveal too much information about your private finances in public. You could have told this story, without revealing your Bitcoin totals and where and how it is stored. Just keep the majority of your coins in cold storage and you would be fine. Place some unsafe Bitcoin addresses with a small amount on your computer as honey traps and when they are triggered, you know your computer is compromised. Once they are triggered, just do a re-install or re-load the virtual machine. Good luck mate...  |
|
|
|
|
praprata
|
|
April 30, 2016, 05:11:55 PM |
|
Dude, you reveal too much information about your private finances in public. You could have told this story, without revealing your Bitcoin totals and where and how it is stored. Just keep the majority of your coins in cold storage and you would be fine. Place some unsafe Bitcoin addresses with a small amount on your computer as honey traps and when they are triggered, you know your computer is compromised. Once they are triggered, just do a re-install or re-load the virtual machine. Good luck mate... Well i don't think it is very risky, although your story could be also good without revealing all the numbers. In essence you are right. If there is 2FA enable it. |
,╓▄▄▄▄▄▄▄▄▄╓
╓▄█████████████████▄╖
╓▄█████▀▀'▒,,,,,╠'▀▀█████▄,
,▓███▀╜,▄▄███████████▄▄,╙▀████╖
▄███▀ ▄█████▀▀"``╙"▀▀█████▄ ▀███▄
▓███╜╓████▀ ,▄▄█████▄▄, ▀████,╙███▌
▓███`╔███▀ ╓▓███▀▀▀▀▀████╖ ▀███@"███▌
]███▌┌███▌ ▐███ ███▄ ▐███ ▐███,
▐███ ▐███ .███ ███ ███▌ ███▌
▐███ ▐███ '███ ███ ███▌ ███▌
]███@╙███@ ▀██▌ ,▄██▌ ▐███ ▐███`
▓███ ▐███▄ ╙██▀╩ 9███╜ ╔███▀,███▌
████,╙███▌ ▓███╜,████
▀███▄ ▀╜ ▀▀ ▄███▌
╙████▄, ╓▄████╜
╙█████▄▄╓, ,╓▄▄█████▀
▀▀█████████████████▀▀
'▀▀▀▀▀▀▀▀▀▀▀'
| CloakCoin | Trustless Anonymous Cryptocurrency | PoSA3
Forum | Bitcointalk | Twitter | Slack | Facebook | VK | Reddit | CloakTV | Instagram | IRC-Chat | Faucet
|
|
|
|
|
jacobmayes94 (OP)
|
|
April 30, 2016, 05:46:57 PM
Last edit: April 30, 2016, 06:06:47 PM by jacobmayes94 |
|
The trezor and coinbase keys are not stored at my house so I am quite okay, only my 'hot' QT wallet holds funds that I wish to access quickly. I could access my coinbase funds and with a wait of 48H move them to my bitcoin debit card if i was in need of urgent funds abroad or at home.
I was surprised as kaspersky is a very very good security application which when properly set up has stopped much. Actually it detected the virus with the latest update which makes me think this was some kind of zero-day exploit which even kaspersky would be limited at checking. I have set up the kaspersky safe money which i figured out how it works, it can help protect ageinst keylogging using a type of hypervisor set up. I have used kaspersky since 2009 and this is the first attack i have had of it's kind on a machine with it installed.
2FA has a key limitation though that it does not protect against attacks at the wallet providers back-end, OR something like mt.gox. So keeping funds in different wallets, and keeping things in different physical undisclosed locations (such as my trezor and it's seed) and having only a small working amount accessible at any one time can limit damage.
Keep 20 or so BTC in a single wallet id be worried unless its a trezor or similar. Just how i wouldn't keep 50k or more in a single account.(i wish i had that!)
And if you want a vanity address like my hot wallet, do not generate it online, but do it yourself... if you do not own or have some control of the private keys, its not yours. Thats why i liked the coinbase multisig vault to help diversify my BTC assets as they grow and trezors.
My friends machine happened to be clean on checking, the only place we could have got it from is our college network, which my lecturer actually has warned us to be very careful with as its not that secure...
He has his memory stick encrypted with a container and unencrypted space and has a traveller version of truecrypt on it which turned out to be the affected executable, it wasn't an 'autorun' virus as such and that is disabled on windows 10 by default for USB drives.
We have tracked down the problem and he was stunned so whatever it was had somehow infected that executable which kaspersky flagged up on an update, he has used my machine plenty of times with the same stick without issue in the past.
Moral of the story is, diverisfy your bitcoin/crypto assets, enable 2FA, and for more than 2 or so BTC, invest in a trezor and keep it's seed safe.
While they got past my first layer of security (complex passwords of random numbers and letters and symbols) due to side channel attacking (keylogging)
They were stopped by the second layer (2FA) and all other measures, the moment i got the SMS from paypal saying i was trying to log in it raised the alarm and got me to change all passwords on a safe machine quickly.
It saved me hassle like no end, I set up 2FA on my other accounts because my mother is deceased and thus irreplaceable messages and content exists on there, although all text messages were backed up.
even my email has 2FA set, its set on everything possible to set it on
on paypal you can bypass the 2FA if you were phished and gave away your account security questions.
my PC does also have full disk encryption as do my telephones, I do take as many measures as I can with security, i have taken this a step further after this by making my main PC user account a 'limited' account without administrator privileges.
The virtual machine is a good idea, although for my bitcoin QT hot wallet im not too fussed as no more than £80 will ever sit in that wallet before i move it, unless I solo mine a block which will end up safely moved and diversified.
I posted this as i have ready many, many horror stories on this forum of people loosing large amounts of coins due to lack of 2FA or from live wallets such as bitcoin QT or lost from online wallets, or stolen from vanity addresses... Such simple measures can really help, a print out of a private key stored somewhere safe such as a safe deposit box could save your ass against forgotten wallet passphrases even...
|
|
|
|
|
|
bittrojan
|
|
April 30, 2016, 06:54:58 PM |
|
no matter how much we have bitcoin,and no matter which wallet used by us,i think applying 2FA is important thing for secure our bitcoin,one that should make sure by us,dont lost your devices.
|
ICO investor. Miner. Bagholder Extraordinaire!
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
April 30, 2016, 07:10:17 PM |
|
I simply do not allow anyone but me to use my computer. I do not have facebook and such and I use several email addresses. My btc are in cold storage and so far I had nothing to worry about.
We're the first security layer of our own stuff. And, actually, I hate 2FA. I used it only once for bitstamp and I then stopped using bitstamp.
This. Don't share computers, run anti-spy ware often, and be very careful of social media, it's used to harvest personal info to give hackers access to your life (especially old school banks which still ask questions like "what was your first school"). |
|
|
|
bitbite111
Member
Offline
Activity: 70
Merit: 10
|
|
April 30, 2016, 11:47:28 PM |
|
I used my common password at Yobit.net and now i'm paranoid as hell that they are going to use it to hack my other accounts. I changed the password since, but am wondering if they still have access to the previous password.  |
|
|
|
|
Yakamoto
Legendary
Offline
Activity: 1218
Merit: 1007
|
|
April 30, 2016, 11:58:44 PM |
|
If you are storing your Bitcoin anywhere with 2FA, you should have it enabled. No exceptions.
2FA makes it infinitely harder for anyone to access your account, and requires both your phone and the access point to be available, not just the access point. I have coinbase and a personal wallet, and I use 2FA for both.
|
|
|
|
|
Monnt
Legendary
Offline
Activity: 938
Merit: 1002
|
|
May 01, 2016, 12:00:33 AM |
|
This is why you don't let anyone touch your clean drive. If you are storing bitcoin without an air gap, you really should either use 2fa or only use that device for bitcoin.
|
|
|
|
|
|
h3rlihy
|
|
May 01, 2016, 12:23:05 AM |
|
2FA should just be default on any sort of account that is used to access financial assets. It can be a pain in the ass, sure, but I'd much prefer it to be more prevalent.
|
|
|
|
|
|
