I am making this thread for ones to protect themselves from being compromised. You may add this to your sig to spread the knowledge for ones to protect themselves from being compromised.
============================================================================================
Note: A) Lastpass is freeware, but for some stuff you can pay, but the general use of lastpass is freeware. LastPass Password Manager is closed source, though many of the extensions can be run in a non-binary mode where the source is available, but LastPass maintains all rights.
Note: B) Keepass is freeware. KeePass is an open source password manager.
Note: C) Password Safe is freeware & opensource. (Courtesy of traderjoe)
A) https://lastpass.com/
B) http://keepass.info/
C) http://passwordsafe.sourceforge.net/
============================================================================================
Create an account with lastpass, use a strong master password. Don't ever forget your master password, as you are the only one that has it.
You may download Lastpass as an Application or as a browser addon for, Firefox, Chrome, IE, etc.
Lastpass application. Download, install, input email that you used to register with lastpass and the master password you created. Get familiar with the program.
Lastpass addons. Install the Lastpass addon that is appropriate for your browser. Once done, you see a Lastpass icon somewhere in one of your toolbars of your browser, input the email you used to register with Lastpass, into the Email section of the login area then following by your master password that you created.
============================================================================================
Keepass, is all saved encrypted with one master password on your pc. No cloud servers or nothing. If you use keepass, backup your file in a truecrypt container file on a cloud server like dropbox or as wuala encrypts data on your pc before it gets sent to wuala servers.
Here is a How-to for Keepass. http://keepass.info/help/base/firststeps.html
============================================================================================
(Courtesy of traderjoe) About Password Safe & Yubikey(s)
Something kind of cool about Password Safe is: you can lock it with OTP using Yubikey(s), instructions on the yubikey website. The web page says its two factor authentication but I haven't had a chance to test that it can be configured to actually require both the Yubikey OTP and a static password.
============================================================================================I recommend to use a strong Master Password and never use the same password for 2 or more accounts. Never give out your master password. Never use words from a dictionary.
Lastpass encrypts all your data on your pc or mobile device before lastpast sends off it off to their servers and you only hold the key "master password" to all your saved passwords, notes and etc. I find this addon - application the best imo.
(Courtesy of RandmomQ)
Do not use a Password Generator that is hosted Online unless it uses SSL this may be OK for a normal user.
Do not repeat chars IE "AAA" "BBB" "111"
Use a Special Char if allowed "!@#$%%$^^*&()"
Never use the same password twice
Change password regularly
Additional Notes:With the latest LastPass as of the moment 3.1.0, and you have a system strong computer system you may up the PW iterations. Raise in increments of 100 or 1000. Anything high might be bad for mobile devices or slow computers. I set mine at 200000
Not recommended if you do not know what you're doing..
https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/============================================================================================(Courtesy of RandomQ)
lastpass also supports google auth so you even if you master password is stolen via keylogger, they most likely won't get all your passwords because google auth codes are only good for ~30 secs.
Lastpass Introduced Support for Google Authenticator for Mobile Devices============================================================================================Note: KeyScrambler is not freeware.
Note: Anti-Keylogger is trial-freeware and pay for.
KeyScramblerAnti-KeyloggerCourtesy of (John (johnthedong))
Use an Anti-Keylogger like Keyscrambler.
============================================================================================Explanation of PGP EncryptionCourtesy of CypherPunk
PGP is strong encryption software. Think military grade encryption. It allows you to encrypt emails and files in such a way that they are theorhetically unbreakable. It uses the concept of a private and a public key. You give your public key to everyone so they can encrypt stuff to you but whatever is encrypted to you can only be decrypted by your private key (which you protect with a passphrase and your freaking life!)
There is an open source version of PGP canned GnuPG (or GPG for short). It functions the same as PGP and can even read PGP generated files (and vice versa).
Advice: if you are serious about security, do not use ANY program that relates to security and is not open source. You simply can't know what it's doing and it may compromise your security.
HTH,
CypherPunk
pgp tutorial for newbies gpg4winBy
GoldenWings91Proper way to Create & verify GPG Signature using Kleopatra on Windows========================================================================================================================================================================================Android SecurityTIP #1 Don't store bitcoins on a rooted cellphone.
Rooting your device increases the security exposure to malicious applications and potential application flaws, thus any malware can steal your wallet/keys stored in a protected directory.
Malware on a rooted phone can also access other applications like google authenticator and read/write phone logs,sms etc which are needed for verification process in many websites/apps.
TIP #2 – Don’t install apps from untrusted third party apps stores.
TIP #3 – Use an anti-virus app for an extra layer of protection.
APK scanners:
http://apkscan.nviso.be/http://mobilesandbox.org/http://virustotal.com/http://scan.netqin.com/en/https://anubis.iseclab.org/============================================================================================These are technique everyone should exercise.
============================================================================================
Here are a few examples why one should use these techniques.https://bitcointalk.org/index.php?topic=92471.msg1020087#msg1020087https://bitcointalk.org/index.php?topic=91701.msg1009976#msg1009976============================================================================================Block unencrypted content on encrypted sites with Firefox or a browser equivalent to Firefox. With the latest Firefox ESR or latest release of firefox, you may block mixed content at about:config. I don't know about earlier versions of FF.
security.mixed_content.block_display_content : true
security.mixed_content.block_active_content : true
Also two addons add two buttons to easily disable or enable these settings.
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-active-content/https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-display-content/Block unencrypted content on encrypted sites with adblockplus.Steps to produce:Step 1: -- Click on AblockPlus icon, Click filter preferences.
Step 2: -- Click Custom Filters Tab.
Step 3: -- Click add filter group., name it Blocking HTTP Content on HTTPS Enabled Sites
Step 4: -- Click Add Filter.
Step 5: -- Add for example, for bitcointalk.org, add
|http://*$domain=bitcointalk.org
Step 6: -- For other sites that use https, like google.com, add
|http://*$domain=google.com
Note: Just replace the domain name with the one you prefer. E.G. |http://*$domain=
example.comTo force HTTP to HTTPS.Step 1: Install Noscript addon.
Step 2: Click Noscript icon, click options, click advance tab, under advance tab is https tab, click https tab, under https tab is a behavior tab, click it.
Step 3: Drop the menu down to
Forbid active web content unless it becomes from a secure (HTTPS) connections
to Never.
Step 4: Add the domain name you prefer to
Force the following sites to use secure (HTTPS) connections
Window.
Note: Example: google.com youtube.com
www.youtube.com============================================================================================Block bad stuff with Hosts file by MVPSAlso, I would and no doubt this has saved me from a lot of bad stuff, recommend MVPS hosts file.
You can use this on linux, rooted phones and Windows, and probably other stuff that use hosts file.
http://winhelp2002.mvps.org/hosts.htmmvps now supplies the hosts file with 0.0.0.0's. Below no longer needed. Scratched out.
If you get notepad++, you can ctrl-f 127.0.0.1, click replace all with 0.0.0.0 .Example.
127.0.0.1 fr.a2dfp.net > 0.0.0.0 fr.a2dfp.net
By doing this, you save a lot of space.
And you leave
alone.
By
Tomatocage[EDU] How to spot a scammer (Read this before doing any transactions!)============================================================================================By
escrow.msClickable link - Keep your system updated and stay secure. Tips to avoid viruses trojans============================================================================================Avoid Link-ScammersAvoid Link-Scammers============================================================================================An option too up your google account security.The security question for google, allows you to change it to a custom question.
I took with my lastpass addon and generated a character password with Show advance options ticked, everything ticked to make your password the strongest. Copy generated password, paste as security question.
Go back to generate a new password and generate a new password with highest strength possible, copy and paste for the answer.
Save/update google settings.
Open a secure note for lastpass and keep these two generated password stored under its title question/answer, which is protected by your masterpassword for lastpass.
It's just a blockade against a security question attack on your google account or any other account that has this security question feature.
============================================================================================As always, comments and suggestions are always welcomed to better these techniques as I will do my best to fill them.If you have enough character count in your signature please represent this in your signature.
[url=https://bitcointalk.org/index.php?topic=159424.msg1685280#msg1685280][size=8pt]Stay Safe.[/size][/url]
