5.1 Online Safety

 

While many tools are available to stay safe online, the best line of defense is being vigilant and implementing some basic security rules to protect your accounts. Using strong passwords, multi-factor authentication, and being aware of different popular internet scams will help you to protect your money, crypto and confidential data from danger. Nowadays, when our life is more and more connected with the internet and technology, it’s important to know how to protect yourself online.

For most people, the main account that needs the highest level of protection is your email, as this is where your most sensitive information is stored. It’s also where password reset emails will be sent, so it compromises any other accounts created with that email address. Furthermore, if a hacker takes control of your email, they could use it to extract sensitive information from your friends and family.

Implementing the following best practices will minimize the chance of your accounts being compromised.

 

1. Strong Password

While the need for strong passwords is widely known, few people make an effort to ensure their passwords are complex enough to protect against, for instance, brute-force attacks. Brute-force attacks use hacking software to attempt thousands of password combinations a second, and can easily crack a simple 8-character password in a matter of minutes.

Follow these password recommendations to stay safe:

• A strong password should be long (at least 15 characters) with a combination of lowercase, capital letters, numbers, and special characters.

• Never use the same password for multiple accounts, especially not your main email account! To avoid having to remember all of your unique passwords, you can use a password manager to store them securely. A password manager allows you to generate strong passwords, and provides the option to automatically enter them on various websites.

• A password shouldn’t be a single word, but preferably a combination of several words, or be created from random strings of characters/words that can easily be "made more difficult" by replacing specific letters with numbers or special characters (e.g. @ instead of "a", $ instead of "s").

• If you have passwords which you want to remember and not put in a password manager, use a simple method to create a password from a sentence (For example: “We all lived in a yellow submarine” modified to “We@lll1ved1n@yellowsubmar1ne”).

What to avoid when creating a password? Some important tips on what it shouldn't contain:

• login,

• personal information (neither yours nor anyone close to you),

• it should not refer to your interests, favourite places or other information indicating your surroundings,

• names of famous people, as well as characters known from pop culture,

• keyboard sequences (such as qwerty).

 

2. Two-Factor and Multi-factor Authentication

Even a highly complex password is not always enough to secure an account. We often hear news of hackers stealing millions of passwords from popular web platforms, so you should always use a second layer of security for sensitive accounts.

There are several different methods of Two-Factor Authentication:

• receive an SMS with a code to a verified phone number,

• use an app which generates random codes valid only for a limited time,

• hardware keys like YubiKeys.

Setting up 2FA is a simple and easy process which increases the security of your account. If you want to find out how to set up 2fa on our platform, you can find instructions here. 

 

3. Check if your account data hasn’t been leaked

To verify whether any of your email accounts have ever been subject to a data security breach, you can use the following website: https://haveibeenpwned.com  

 

4. Secure your mailbox

You can keep your mailbox more secure by following a few important steps:

• Check your email account for unauthorized devices that might try to access your account – if you find any, it's worth removing them.

• Check your email account settings – make sure that they are in line with your preferences and there are no suspicious or unfamiliar settings there.

 

5. Be Vigilant

The easiest way for a hacker to get your password is by tricking you into passing it over willingly. Hackers do this in a number of ways, but if you’re careful and keep a keen eye, you should be able to spot them. Here are some of the ways hackers may try to steal your info, which we will cover in more detail in later lessons.

• Phishing emails – hackers can send emails that look very genuine. They may appear to come from your bank, co-workers, family members, or your crypto exchange. Always check the email address carefully for irregularities, and check the email text for misspellings or anything else that looks odd.

• Fake websites – like the emails, these websites look nearly identical to the real thing, so it’s easy to get tricked if you’re in a hurry and not paying attention. Always check that the URL is correct, and the site is protected with SSL (usually a padlock image in the browser bar). 

It's important to stress that you have the ultimate responsibility for the security of your accounts. Please remember to be cautious and follow basic safety guidelines.