After maybe a year or two of relative silence in my Blog, for 2023 I plan to be a bit more active with hopefully some nice, interesting, useful and entertaining topics and content. A week or so ago I started writing various blog posts, each one written such that it'll be the first one in the new year. Today, however, my latest brainfart topic/content/blog post made it straight to the top. Interestingly enough, though it matches my idea of an informative post for the LEO/HIVE community, this post also serves a different purpose.
With this post, I'll gonna try to onboard a new user. The one that started writing super interesting, informative posts for the crypto community. All about the safety of funds, how to set up secure wallets, adding multisig and all that.
If you don't like long-form posts, you may skip most of the paragraphs below and head over to the 'Links and References' section close to the bottom. You may also decide to not skip any of the below. It may spark something in you. If not, it may humour you. If not, it may just have taken some of your time 😉
I'm in the process of making my wallet and keys setup more secure. In the end, am the example (as so many of us are) thinking: "Sure, wallets get hacked, but this will not happen to me. And when it does, doesn't matter too much, not mucho fiat value in them anyways. Why shall I make my way of work in the crypto space more secure, with more steps to take when I want to change something to my portfolio?" We (read: I) likely need some hacker locking away or even stealing our funds before we wake ourselves up and do something about it to prevent this from happening again. But better safe than sorry, is what I try to convince myself of. Hence my deeper dive into this topic. A deep dive I like to share with you, since keeping such research to myself, is not benefiting you who are still reading this blog post. Cheer, Cheer! Since this blog post didn't give you mucho thus far. Owwww, I forgot about my attempt to remind you of the importance of securing your wallets and keys 😉 That in itself I can write about a whole lot. So much that 10 posts aren't enough 😂
Bare with Me...
...for just this little paragraph. In a few moments, I get to the solid content you may like to digest and act upon. But not in this paragraph, tiny as it is 😉
Though the fiat value of our crypto holdings is maybe tiny, you never know what the future holds for us. After a year of bears, maybe a continuation of such for the foreseeable future, what came down, may go up a lot sometime in the next year(s). Would be so sad if you lost your funds before that happens. So, again, better safe than sorry. I try to make this statement my credo: "Better safe than sorry."
Power is in Repetition...
...as I learned in my professional career. One of the sales rules. Though am not applying the rules as they are meant. The theory is: Start with your most important message. Repeat this somewhere in the middle and close off with the same message. My take on this blog post: Repeat as mucho as possible. Let's see if I remember to close this post with said message. Who knows? I maybe do remember, or maybe I just completely forget about this in about two hours or so when writing my last few words. EDIT: Confirmed, I forgot about it! Kinda 😂 So remember these words: "Better safe than sorry." I don't seem to repeat them at the end of this post below 🤷♂️
Damit Edje: Get to Business! 😡
Ok, here I am. Q4 last year this guy 'Mat Milbury' started his blog over at Substack. The theme of his blog: "Unhackable Money". Since I was made aware of this, I subscribed to his mailing list. However, I just marked all his emails with 'to do' thus far. It needed till last Wednesday, for me to take some of my time to read his messages. Well, to be honest, it need me to listen to a Twitter Spaces recording in which Mat was hosting a 'secure your keys and wallets' session, for me to delve into his emails, too download the Substack smartphone app and respond to some of his blog posts with all sort of questions.
While digging through Mat's emails and posts, it hit me! We want this guy to post on LEO/HIVE! Such informative posts. This is super content for LEO/HIVE, not only for use but also to attract others to our blogging services. I'll use this exact post towards Mat to get his attention and subsequently try to get him to become active over here. Hopefully exclusive, ie Mat moving away from Substack, but I think we can already be happy if LEO becomes his second main channel ;)
Mat: "Have a close look into LEO/HIVE and see what we try to do here. HIVE (and with that also LEO) is maybe the most versatile social community in the crypto space (and beyond), and likely the most decentralised one. I can safely speak for the entire community in that we will be pleased if you start using LEO/HIVE as a channel informing us on whatever topic you like to inform the world about. Am more than happy to help you get started ;)"
Did you know Mat is recently hired as the CEO for Tenset (10set)? A platform that launched as an IDO service, by now it extended its business with mucho more services, including development for dApp concepts and ideas, security consulting and whatnot. In my book, Tenset is maybe the first and most serious ETF2.0 project around. Still in its early forms, am looking forward to what the future will bring to this entire setup.
You the Reader
Not sure if you already scrolled through all the links provided down at the bottom? Those who did may have already seen mucho of the content that I like to inform you about. It's all about the methods of securing your keys and funds in your wallets. As mentioned before, I won't repeat all the details Mat provides in his blogs (I give you links), but I stick to some key principles:
- Funds shall be in wallets to which you have the keys: CEX wallets are to be avoided.
- No single wallet is safe, not even MetaMask, Trust Wallet or whatever; think of pressing some wrong link in your email, in Telegram channels, in WhatsApp or even Signal messages, and your pc/laptop/smartphone can be compromised with keyloggers, clipboard sniffers and whatnot.
- Though hardware wallets are a relatively safe option, by itself it isn't safe enough; hardware wallets including pin-to-access can be stolen.
- Multisig setup is key: as you may be accustomed to setting up multi-factor authentication (MFA) with CEX and even with services such as Google, Microsoft and whatnot, the same is required for our wallets to which we own our keys. We shall add different devices and signatures into our work process before we are allowed to move funds.
What about Authenticator Apps? Aren't they sufficient?
No! Google/Microsoft Authenticator, Authy, 2FAS and all those time-limited code apps are not fulfilling the basic needs for securing our wallets. I already had a feeling this is the case actually, therefore I always used a different device for these authenticator apps. The idea to have wallets, keys and the authenticator apps on a single device, tells me it is super easy for someone stealing said device, to get access to my wallets and funds. Sure, I use a password vault but I often find myself storing the passwords in my browser for those services I use an authenticator app for. And no, I never ever use SMS for MFA. SMS is as insecure as a bank vault with its vault doors wide open. Ok ok, am exaggerating a bit here. But honestly, SMS is unencrypted. And SMS spoofing is relatively easy and used a LOT by hackers! Added to that, Metamask isn't even supporting authenticator apps.
"Why not?", was my question for some time already. Last few days, I finally, got the energy and time to get myself knowledged up a little. Fortunately, if I may say so. Super interesting topic and will make my crypto world a safer place than it is today.
Mat mentioned a few times in the referenced Twitter Spaces as well as in his blog: "Don't panic after hearing and reading all this, just be careful in what you do". I must admit, I am getting a little worried. Honestly, not too worried though, but enough that I often think about the topic and know that I need to up my game. I need to make some decisions, test a few methods, and select the best fit for my needs. To make sure I don't go the easy route, I tell myself constantly: "You can't decide on the most convenient method. Edje, you have to make sacrifices. Security comes with a cost, the cost of more effort to put in when I want to touch my funds."
I tell you a little secret... When you talk out loud to yourself, you convince yourself more easily. Am so happy that I don't find it funny when I talk out loud to myself. Maybe those in my vicinity find it odd, but I don't mind telling them I simply talk out loud to myself. Last few days I talked a lot out loud with the sole recipient, me myself and I. Re-programming my brain in full action!
Links and References
A few of Mat's blog posts in chronological order:
- Various ways to back up your Seed Phrases - post
- Basic Principles to handle Blockchains - post
- Your internet device, can't be trusted - post
- Multisig wallets: How to set one up post
- Hardware wallets, Hardware tokens and Security - post
- Self Custody is Key - post
- Distributed Seed Phrase backup amongst Trustees - post
Posts number 4 I found very interesting and useful! As I very much liked post number 7. Two different setups. Somehow I think they overlap, but they are or can be complementary. Need to think about this more in detail though. At the same time, all these blog posts raised also some further questions for me. Hopefully, Mat (or someone else) will respond, either over at Substack or here at LEO/HIVE.
You can find Mat at:
Did you know?
Recently I learned how important seed phrases are. I never ever knew that addresses we can generate in our wallets are all deterministically derived from seed phrases. When someone knows our seed phrase, he or she also knows and has access to our addresses created with that seed phrase. I never ever knew this. But I must say, this got me thinking about how I'm managing my keys and security.
all images by edje unless stated otherwise
Posted Using LeoFinance Beta