Entering the Bitcoin space is as exciting as it is fraught with risk. The promise of an Internet of Money, permissionless transactions, and owning unconfiscatable wealth captures our imagination and draws us in. Our first instinct is to buy bitcoin without thinking about the many steps required to secure this online wealth.
While this is exceptionally relevant for those in the Bitcoin space, online security is a must for just about everyone.
Why care about online security
A journalist for WIRED found out about flaws in his account security the hard way. A takeover of his email account led to his social media accounts, digital devices, email, and other online accounts being totally hijacked and controlled by attackers. His laptop was remotely wiped, erasing the first year and a half of pictures of his newborn daughter. In this case, the hackers didn't even want bitcoin, just his short and unique Twitter handle.
If Hans Gruber, the villain from the 1988 action classic “Die Hard,” were attempting a heist today, he wouldn’t take a commando team to the top of the Nakamoto Tower to break into its safe. He’d more likely enlist a team of hackers to break into bitcoiners’ email addresses. Then he’d casually siphon off their assets from the safety and comfort of a European villa.
Our goal in this series is to look at the many aspects of online security, such as having strong and unique passwords, enabling 2-factor authentication, scrambling email address and secondary online phone numbers.
Bitcoin is special
Bitcoin is a bearer instrument. Much like cash in your wallet, whoever controls the private key of a bitcoin is indeed the owner.
Bitcoin can appreciate in value very quickly. As we’ve seen over the last few years, the price of one bitcoin can skyrocket orders of magnitude in a matter of months. It’s a great idea to prepare by securing online accounts early. Your current setup may be fine for securing $100 but that’s not quite the same as storing $10,000.
Finally, Bitcoin transactions are irreversible. Unlike many money transfer protocols (wire transfers, cheques, credit cards), once a transaction is on the blockchain with enough confirmations it cannot be reserved. There is no Bitcoin fraud department to call nor is there a consumer protection agency we can plead to in hopes to regain our money.
This is an extremely powerful feature because it reduces the cost of transactions. Merchants don’t have to cost-in the price of fraud (nor credit card processing fees).
It does, however, create more responsibility for the holder. We must secure our online accounts because any unauthorized access can mean a total wipeout of our wealth.
Let’s secure our online account
In this series, we’ll explore:
- Creating strong and unique passwords with a password manager
- Enabling 2-factor authentication everywhere
- Securing a primary email account
- Protecting against phone number hijacking
- Generating unique email addresses for each new online account
- Creating a secondary mobile number to route SMS-based 2-Factor Authentication
- Browsing the web securely on public Wi-Fi (coffee shops, airports, etc.)
We’ll begin with an exploration of passwords and password managers in the first article in the series.