Jump to content
karlos

Best practices for the security of your wallet

Recommended Posts

from xrptalk: We live in a cryptojungle. I'm afraid to say where there is money, there are hackers. We had several hacks recently, thus I would like to remind the best practices for the security of your wallet(s). To avoid malwares:

  • Use a antivirus up to date.
  • Keep your computer current with updates (Windows, your browser, your pdf reader, Java, Flash ...)
  • Do not click everywhere (Do not open every PDF, porn and poker web sites).
  • Do not click on every link in your mails.
Concerning your wallet:
  • Use a strong and unique password.
    • More than 16 characters
    • With alpha, digits, specials.
    • Don't choose something similar to a word

    [*]Verify your password is not in a dictionnary of leaked passwords

    [*]Do not use the same credentials on every Website.

    • Do not use the same password on the forum and on your wallet.
    • Do not use the same password on your bitcoin broker/gateways and on your wallet.
    • Remember almost every site on the crypto scene has been hacked. It will surely happen to this forum one day.
  • Store your wallet offline.
    • Use the Ripple thick client and an USB stick for example.
    • You can even print your secret key at home.

    [*]If you need to use an hot wallet, use 2FA:

    • At least you will be able to claim your hack to Ripple Labs and they may be able to verify your identity.

Share this post


Link to post
Share on other sites

@karlos @tomxcs  Can we maybe get a SIMPLE, best practice cold wallet (step by step) guide here? We've had a few (sometimes confusing) single threads on this. Given there are couple of new joiners lately, would be good to have that very critical part covered here in this thread.

Share this post


Link to post
Share on other sites

The problem is, there is not one correct answer. There are some wallets out there but no one has total confidence. I think is as a community could do something about it. At least a couple of guys that know out to do it, verify and get to a consent about one option. 

Share this post


Link to post
Share on other sites
On ‎6‎/‎03‎/‎2017 at 8:11 PM, Sapitoka said:

This for example: https://ripply.eu/coldwallet.html

https://ripply.eu/

 

I wouldn´t mind creating cold wallets with that. But for a non tech guy like me is impossible to trust in this. How can we verify this?

 

Yes that's the question I would like to ask too...   Say I save the html file on a clean usb and take it to a cold PC then run it there... 
I can think of at least two risks.

First is some form of malware able to somehow infect the USB and then the Cold PC and affect the generator somehow.  Sounds outlandish but the Iranian Centrifuge's thought they were safe too.....   :)  

The second is no malware required.... just a deliberate, or unfortunate, mathematical eddy where the generated addresses and keys have some characteristics that enable later decrypting of the secret.  Or perhaps the generated pairs loop in the mathematical eddy in some way such that instead of billions of possible keys there is only a subset of two thousand for example.

They both seem pretty outlandish options but I wonder if they are possible or not.  The second would be insidious...  just like those mathematical games that amaze the bystander that you can guess their secret starting number.   I'm guessing that these are not significant risks but if I hadn't seen those math tricks I wouldn't have predicted them either.  The Safari bug shook my confidence in paper wallets...   so now I am wondering what is the safest way to proceed.

I have read every tutorial and guide I could find but they all seem to be needing some trust....  also I am finding it hard to know what is outdated and what is current.  I wish Ripple would just make a wallet generator you could use offline...  I wouldn't mind trusting them since their reputation is worth a zillion to them at this crucial time.

 

Share this post


Link to post
Share on other sites

So maybe this question has been addressed elsewhere, and is more appropriate in a different thread anyway. however:

Is it possible that at some point in the future the account itself might be worth more than the XRP it holds?

So for instance there's the obvious *and hypothetical* situation where it becomes impossile to make new accounts..

Share this post


Link to post
Share on other sites

Thank you for this guide!
I think one of the most important topics in this crypto game is safety - in any regard.
As you already metioned "... where there is money, there are hackers.". That is one point because I was always very skeptical towards cryptocurrencies.
You can't be careful enough. I rather read hundred more articles and posts about the security of my wallet than acting careless.
All the best ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...