Jump to content
Guest EffinXRP

Creating a Cold Wallet Computer (under construction)

Recommended Posts

4 hours ago, joy said:

is anyone uses YUBIKEY and can give a review how easy is it to setup? 

 

 

Hey there, I am EffinXRP. Yubikey comes with downloadable software that you can use to set it up. It is best that you read the yubico website to understand the software so that you can add a fixed password to the key

Share this post


Link to post
Share on other sites
4 hours ago, joy said:

is anyone uses YUBIKEY and can give a review how easy is it to setup? 

 

 

I do recommend however that you buy at least two yubikeys. One shall be a backup key in the event that you loose the other.

Share this post


Link to post
Share on other sites
3 hours ago, Xilobyte said:

I do recommend however that you buy at least two yubikeys. One shall be a backup key in the event that you loose the other.

Thanks .

I will check it .

And if you have the time a tutorial will be appreciated. 

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, joy said:

Thanks .

I will check it .

And if you have the time a tutorial will be appreciated. 

@joy A tutorial on the Yubikey? That would be recreating what Yubico has already put out. I would best serve you by redirecting you to the Yubico website. It is not the same as writing a tut on the above. Besides, few people here are of a military intelligence background, Chief IT Specialists/Engineers or even hackers or penetration specialists. They do not understand how a criminal will use them to get into their wallet nor do they understand their own security. Not because it is complicated, more because of laziness.

I am proud of you for going after the Yubikey as a step in securing yourself. In my tuts I explain that this type of security has three parts necessary to use or even open your wallet. Wallet.dat file + PINCODE + Yubikey or any other password token device which is physical and can be locked away. This leaves the possibilities of getting into your wallet at Brute Force attacks or User error. BF attacks are unlikely. User Error is 99% likely :( . 

What I find is that most of my customers think they are secure with there weak little passwords. They think that they are secure because the have a super long password that they can remember at their convenience. They do not understand that the more human a password is, the easier it is for a computer or social engineer to acquire it. They also do not know that hackers have tools which seek out the target in the entire internet world. This software takes your name and downloads every single piece of data on you in the entire internet. All of your social profiles. All of your comments, tweets and anything else it finds. The data can get quite massive. It even spiders any usernames or nicknames that it finds in its path. From there it is able to generate a word list which can be used to guess your password and any combination therein. It is not a fast process, but it is extremely thorough. So every one of your facebook posts, your tweets or anything is a window into you that can be used against you. We must take ourselves out of our own security as much as possible.

What the Yubikey does for me is it allows me to set a 32 character randomly generated password on that key device that I will never remember and do not care to. That is so great. Now I only need the PINCODE portion in my head, and that is it. I recommend 4-8 char for the PINCODE. More will really not be needed depending on the length of the code on the key, which also has a limit. It might be 32char. Not sure.

I do have one last final recommendation on this subject for you. Along with your secret key, when you print that out, also copy and paste the code from the Yubikey with that secret key. Do not add the pincode. Keep that one to yourself. So in the event that you loose both keys, then the long password on that key is at least backed up on paper. DO NOT write it down on the paper. You must use the key to type the code out to be sure. Then once you are set up, try opening your wallet with only typing the codes into the computer to be sure that all is correct. If your wallet opens, then you are good to go. Then lock that paper away somewhere safe.

 

It is not a rampant problem this moment but as our currency becomes more and more digital, bad guys will start developing more hard core methods for stealing your money. You will see.

Edited by Xilobyte

Share this post


Link to post
Share on other sites

×