Return to CryptoMoms.com
Welcome, Guest!!

Looking for our CRISP for Kids program? Click here!

Author Topic: How to secure and store your passwords  (Read 1307 times)

wiser

  • Full Member
  • ***
  • Posts: 121
  • Will write for DNotes
    • View Profile
    • Creative Currencies
How to secure and store your passwords
« on: April 14, 2015, 08:03:55 PM »
One of the side effects of getting involved with cryptocurrency is that you will be logging in to many different websites--exchange platforms, online wallets, the DNotes vault, forums (at least one for each alt coin!), and mining pools, to give some of the main examples. Each of these sites comes with log in credentials. You are going to need a good way to keep track of all your sites' log in information so as to easily log in while still keeping all your accounts as secure as you can.

You need to have a unique password for every single site you access. This is important no matter what kind of site you access, such as your bank, email account or social media account. It is critical in the cryptoworld. Do not take the lazy way and use the same password over multiple sites. Ideally you would also have a unique username, but that isn't always practical. You absolutely must have a unique password for each site. Not only that, your passwords need to be tough to crack, which means they're not going to be easy for you to remember.

This means that you will have lots and lots of passwords made up of all kinds of random letters, numbers and special characters. You will need someplace other than your brain to store them safely and securely. You also want your method of storage to be convenient for you to use.

To get started, register an account with a service such as LastPass. There are other similar services out there and you can do your research and make your choice. This tutorial will be focused on LastPass because that is the service I use.

LastPass offers a basic free membership and a paid premium membership. The free membership is adequate for what you need. When you register you may be given a trial period of the premium membership, but know that I have never used the premium membership. Everything I say here is based on using the free membership.

Registering your LastPass account
You register your new account through the login screen.



Complete the form to register your account. You can use any email address you control. Next is the password field. Here is where you need to choose carefully. The idea behind LastPass is that your password to log into your account will be the last password you ever have to remember. You will have to either remember it or have it stored so you can access it when you need to log in to your account. LastPass does not have a password recovery option. If you lose your master password, you lose access to all the information.

Here are two approaches to creating a strong master password that you can also easily use:

Option 1 is to visit a site like Password Generator and generate a long random password which you will absolutely not remember. Once you have generated and registered that password you copy it into a spreadsheet or document file which you then store on a flash drive. Whenever you want to log in, you open the flash drive, copy the password and paste it in. You keep the flash drive separate from your computer so that even if someone gets control of your computer he or she won't be able to log into your LastPass account and access all your sensitive information. In addition to storing your password on a flash drive, print out a hard copy of it and keep the hard copy safe. That way, in the event your flash drive gets corrupted, you at least have the hard copy.

Option 2 is to create your own password by first starting with a phrase that means something to you and then writing the phrase down and replacing some of the letters with special characters and numbers. For example, the meaningful phrase "My daughter Sally loves the zoo" can be turned into a tough to crack password that looks something like this: "mY[@ug73r&@l1yl0v3s7h3Zo0" You will write this password down on several pieces of paper which you keep safe, and which you will refer to the first twenty times or so that you log in. Eventually you will commit that password to finger memory by sheer repetition. Ultimately it is quicker to input a password that you have memorized than it is to have to insert and open up a flash drive every time you log in, but that is your call to make.

Once you have created and entered your master password, you can also enter a phrase that will help trigger your brain in the event that you forget what your password is. If you used Option 1, your password reminder phrase could be a hint about where you keep your flash drive and hard copy. If you used Option 2, your password reminder phrase could be the original meaningful phrase itself. If you request it, LastPass will email you your password reminder, and that is the closest you will ever get to password recovery. Without actually entering your master password, make your password reminder as helpful to you as possible while still being cryptic to someone else. Then click on the [create your account] button.



You then need to confirm that you indeed have access to your master password by entering it again.



Once you have created your account, you can log in. Before entering any sensitive information, log in and then log out a few times using whatever system you have for accessing your master password, just to make sure you can do it consistently.

Creating your list of credentials
Once you know you can log in consistently, then it's time to start creating your list of log in credentials.

Adding a site is simple. Simply click on the [add site] button towards the top of the left hand margin and a dialog box pops up. Enter the actual log in url in the "URL" field rather than the site home page. Enter the name of the site in the "name" field. If you have created folders you can select the most relevant one from the drop down menu. Otherwise leave it blank. Enter the username and password you actually use to log into the site in the "username" and "password" fields. You can enter any additional helpful information, such as security questions and their answers, in the "notes" field; or you can leave it blank. Once you have entered all the information, click on the [add] button and your log in credentials are now stored.



As mentioned before, each site needs to have its own password, especially if it's a site related to cryptocoins. To generate a tough to crack unique password, simply visit Password Generator and follow the steps to generate the password. Then be sure to register the password on the actual website before you input it into LastPass. Please change any weak or non-unique passwords to strong unique ones on each of your sites.



To reopen the [add site] dialog box, simply click the [edit] button for the site you want to log into. To see your password, click on the eye icon above and to the right of the "password" field. Once you can see your password, copy it. Then click on the [open] button just above the URL field. Input your username and paste the password to log in to the site. Since you are copying and pasting the password make it as long and tough to crack as the website will allow.



Creating folders in Last Pass
Folders are not required, but can be a great help in organizing the websites you log into, especially when there is a large number of them. I personally organize my crypto sites into cloud mining, earning, exchanges, forums, mining pools, payment processors, retailers, securities (assets), and wallets. My non crypto sites are organized into folders such as banks, utilities, social media, etc. You can create and use any folders you want. To open or close a folder, click on the arrow in front of it.



Additional security with two-factor authentication
Having a unique tough to crack password for each site you access is an important step in securing your data and assets contained within the site. Two-factor authentication is an additional step you can take. To use two-factor authentication you will need to install either Google Authenticator or Authy (and most likely both) on your smartphone or tablet. Then you follow each website's steps to activate two-factor authentication for your account. Once activated, you will have to not only enter your username and password to log into your account; you will also need to enter a six or seven digit number that is sent to your smartphone. This means that in the unlikely event that someone did manage to crack your unique tough to crack password, they still wouldn't be able to get into your account unless they also stole your smartphone.

Is two-factor authentication necessary? Having to reach for your smartphone every time you want to log into your site inconveniences you to a certain extent. You have to decide if it's worth it. Personally I enable two-factor authentication on all crypto sites where I keep a lot of assets for an extended period of time. Such sites include exchanges and online wallets. If I'm not going to be keeping a lot of value in the site then I won't enable two-factor authentication. An example of this kind of site is a mining pool where I have it set up to automatically transfer coins to my wallet on a regular basis. Only you can decide the right balance between maximum security with minimal inconvenience that works for you. Incidentally, you can protect your LastPass account with two-factor authentication, and doing so makes more sense the more sensitive information you add to it.

Beyond two-factor authentication; when LastPass isn't enough
Most websites you will access have password recovery options. This means that if you were to lose your password, it's an annoying, but fairly simple process to reset it without having to know your original password. You simply click on the [lost password] or [recover password] button of your site and follow your site's directions for resetting it. As long as your site has a password recovery option you don't really need to store your log in credentials anywhere other than your LastPass account.

In the crypto world, there are some types of wallets which have no built-in password recovery option. This includes wallet private keys, any QT wallet that you encrypt or any second generation cryptocoins which use any variation of a brain wallet, including NXT, FIMK, and XEM. If the password you are storing is unrecoverable then you do not want to rely on LastPass alone. There is always the slight chance that all of LastPass's servers and backup servers could fry at the same time and permanently lose your data. In addition to the entries in your LastPass account, you need to store any nonrecoverable passwords on one or two flash drives as well as a hard copy. You then want to keep the flash drives and hard copies safe. You can even encrypt the flash drives for an additional layer of security. The main point here is that you never want to store your unrecoverable passwords in only one place.

Applications like LastPass can help you keep your passwords robust and unique by providing a single place to store them which is easily accessible to you when you need to log into your sites. Take full advantage of them.


Found this tutorial helpful? Tip my DNotes vault: DoQA9sja4vzPwV2MtuNweCh1miw5qHF2xc
« Last Edit: May 22, 2015, 04:37:21 AM by wiser »
Want to know what's going on in my little corner of the Cryptosphere? Check out my blog: Creative Currencies  Latest post: I can do it better with Bitcoin... or at least smaller

CryptoMoms

  • Administrator
  • Full Member
  • *****
  • Posts: 225
  • Crypto Moms Admin
    • View Profile
    • Crypto Moms
Re: How to secure and store your passwords
« Reply #1 on: April 17, 2015, 06:53:13 PM »
Very nice tool, and great job on the guide. Thank you wiser!


* Share Topic

Share via twitter

* Similar Topics

xx
How do you store your bitcoin?

Started by Kathy

8 Replies
1294 Views
Last post May 13, 2014, 03:43:52 AM
by Veronica
lamp
Z-Miner.net [Mining Hardware Store]

Started by Z-Miner

0 Replies
439 Views
Last post January 23, 2015, 08:14:20 PM
by Z-Miner
xx
BitStone - (BST) - $ STORE $ - USE YOUR BST TO PURCHASE DIAMONDS/GEMS/GOLD/ETC

Started by vindyne8

1 Replies
736 Views
Last post December 02, 2015, 07:59:44 AM
by vindyne8
xx
[ANN] Pharma [XPH] | Scrypt | Masternodes | Real team | Online store

Started by vindyne8

1 Replies
616 Views
Last post June 15, 2015, 07:36:59 PM
by vindyne8