SIMPLE SECURITY TIPS YOU SHOULD KNOW

[DubemIfedigbo001]

As we navigate our daily activities, we often engage in some unsafe practices that may jeopardize the security of our financial, personal and confidential data. I've got some few practical steps to ensure we are security conscious at least

• It is not safe to store your passwords the browser : For those that use windows OS(or possibly some other OS), You should be aware that all passwords stored on the browser resides in the "Login data" file inside default folder of the browser user data directory. while the encryption key is stored in the "local state" file. under the browser user data directory. There is a good possibility that a trained malware can retrieve the contents of these two files and send them to an attacker who would just decrypt the passwords with a simple script and possibly compromise your accounts (these scripts require no much technical knowledge and is readily available online with the most common, the python script).
  
  Similarly physical access to your computers can still permit such mischief, an easier access is obtainable if the person in question knows your computer sign in password, then all they need to do is to access your password from the browser level with the only prompt required is any form of authentication (faceID or fingerprint or password). When they don't know your password, they can as well run the scripts on your computer directly or even copy these two files for the specific browsers and the rest is history. This is also applicable to mobile devices, I confirmed it myself.
  
  Finally, for those that create browser user profiles, be aware that all the data you save to the browser is not only saved to the browser, but also to the email accounts used in the syncing. whoever has access to that mail automatically have access to all the passwords you saved to the browser as at the time you synced that mail to the browser.
  

• Regularly check devices your emails are signed in When I had a cyber cafe, I had clients who were careless enough to log their mails into my work PC and never care to log it out after their works have been completed. I always call them to order on the risks associated with it, but here is a better way, you can log your email out of any device strange to you, by regularly checking the security section of your emails, you can log your email out of any device you wish and also from any third party software you no longer need.
   
  How to go about it: As soon as you tap to manage your email account, you'll see range of menus, click security and scroll down to the section where you can do it.
  
   

• Watch out for linked devices in your WhatsApp or any social media accounts : I use WhatsApp as a case study because it's the most common communication app we use here in Nigeria, It is important we always check this feature to be sure our accounts are only linked to devices we approve, else we might be sharing our private data with someone else who may have had access to the device and is stalking you. I gave out a PC some time ago and during my occasional checks, I only got to see that I did not remove my personal WhatsApp from it, meanwhile the new owner's last logged in was very recent meaning he has been accessing my account.
  
  How to go about it: As soon as you click the three dots on the far right of your WhatsApp app, select linked devices and unlink any strange device
  
  
  

• Always Deactivate remote access while on online meetings : It is obtainable for someone to access your PC from an online meeting platform, always remember to disable remote access while on online meetings from your account settings. Some meeting apps like zoom has it on by default.
  Here is an example of a victim of enabling remote access.
  
  

  Jake Gallen, the CEO of Emblem Vault, a cryptocurrency-related business, fell victim to the Elusive Comet campaign. He lost more than $100,000 in digital assets after agreeing to a Zoom interview with an individual posing as a media personality. During the interview, the attacker requested remote control access to Gallen's computer, which was subsequently granted. The malware, identified as "GOOPDATE," was installed, allowing the attacker to access Gallen's cryptocurrency wallets and drain the funds.
  

  
  https://www.secureworld.io/industry-news/zoom-remote-control-cryptocurrency-heists
  
  How to go about it: log into your zoom account from the web portal, go to your account section, then to meetings menu, scroll down to remote access and disable it
  
  

• Be sure to enable 2FA : Two factor authentication is a unique feature that helps protect accounts from direct access with only credentials. when activated, a prompt is always sent to the primary device or through text messages depending on what you requested. I have had an experience where my GitHub credentials were compromised, possibly from my official computer and the person could not get into the account without the code sent to my phone and he kept trying, I just changed my password and ended the drama.

• Practice separation of concerns : It is always a good practice to separate devices bearing your bank account, wallets or exchanges accounts from your regular device used for your day to day activities. This is because you can contact malwares during surfing the net and visiting websites you may not trust and these can compromise your device unknown to you. These exposures can make your devices susceptible to scams or hack.
  
  I would recommend hardware wallets or cold storage devices for your wallets, but if these are not feasible for you, you can get another device that you only engage in financial dealings.

• Be careful with public WIFIs and shared HOTSPOTs : When using public WIFIs, it is important you don't access sensitive documents or log into financial accounts over such networks. Data sent over unprotected networks can be hijacked since every information sent over a network is visible over the network.
  
  Additionally, when you use people's hotspots to access sensitive accounts or documents, be sure to trust the provider that he is honest enough not to steal your data over his network. It is important you access such sensitive data over networks you can trust. It is commendable that some financial apps now require a one-time token sent to the
  phone number or email linked to such accounts on first login into any device.

• Always store your seed phrases offline: This is no news that our seed phrases are safer when we don't store them online and it is always advisable to store them carefully offline. A range of suggestions can be from paper storage to metal encryption storage which I feel is the best and can be proof to natural occurrences like flood, fire and others

The list can go on and on and I believe everyone else has more tips to share in addition to mine, I would like to Learn from you too.

[Emjay24]

Well done OP, I am more interested in the email linking part, thanks to your tips, I went straight and found out some devices I don't even know have my emails logged into them. maybe I have logged into my friends devices on when my phone was not available in order to print out my CV or attend to other things and didn't know I should even have logged out afterwards.

I've logged everyone out now, remaining only my primary device. Thanks for sharing these.

[Obim34]

This thread focuses mostly on Hot wallets, since hot wallets are centralized partners, these tips also apply to coverage of general assets, not just Bitcoin or crypto wallets, including bank apps and any transactional providers.

For a general betterment of security, providing a link that encompasses many threads focused on liberating our security status.

Security and Privacy Encylopedia