2FA: your best protector against cyber-criminals

In the the world of cryptocurrency, each transaction is permanently recorded in a public ledger called the blockchain. This public ledger contains information about every transaction ever made and can be inspected by anyone. It is almost impossible to alter its content unless you possess the majority of the processing power. This indeed sounds safe and trustworthy. No wonder you might ask how on Earth you can fall victim to fraud.

Dangers of the world we live in

Even though the blockchain is a secure piece of technology, the ways of accessing everything connected to it, such as cryptocurrency accounts, online wallets, exchanges, etc. can be compromised by hackers. In 2017 the crypto community was taken aback by an outrageous case of Bitcoin theft. An Austrian man lost around $117,000 worth of bitcoins immediately after logging into his online Bitcoin account via a public wi-fi network in a restaurant. The incident was reported to the police straight away, but unfortunately, the funds were gone forever because of the irreversible and anonymous nature of Bitcoin transactions. Although relying on public wi-fi can be tempting, try not to use it for operations with cryptocurrencies or even checking your balance.

We have to admit, we live in a world, where data breaches are the new normal. More data was stolen in the first half of 2017 than for all of 2016. And in December 2017, a database of 1.4 billion stolen usernames and passwords — the biggest of its kind ever found — was discovered on a hidden site, all set up for hackers to use.

Clone connections are created by cybercriminals in order to steal personal information and login credentials. Generally, public wi-fi networks ask you to agree with terms and conditions before you can access them, otherwise the connection will be denied, while phishy connections allow you to browse straight away. Devices connected to an unencrypted signal are vulnerable and information that passes between them can be intercepted, thus becoming available for the attackers. Also avoid using someone else’s or public devices to manage your cryptocurrency accounts, even if you mark the device as “not yours”. Browsing incognito is not a fail-safe solution because it does not hide your web-traffic, IP address or personal and login details. However, if you do use public devices from time to time, make sure you do not log into your accounts.

Simple ways to stay safe

It seems like everywhere you go another threat is around the corner, and that your device is susceptible to an attack, but there are some easily taken steps that will make your accounts, funds, and data substantially safer, and you don’t even have to be “tech-savvy.” Not surprisingly, one way of how fraudsters can access a victim’s account is by getting their hands on a password or an email. The precautions are simple: use strong passwords and never let the browser save your login information. The main rule to create strong passwords is to include not only letters but also digits, upper case letters, and symbols. Also try to avoid using obvious and simple passwords.

Another way these days is the two-factor authentication — one of the most useful tools for protecting your email and account.

Two-factor authentication provides an extra layer of security for your account, making it harder for undesirables to gain unauthorized access. With 2FA, knowing the username/email and password alone is not enough to get in — you also need a second “factor”, which can be one of the following things:

  • something you know (e.g., an answer to the secret question, like “your first pet’s name”);
  • something you have (e.g., a special code issued via SMS, or by an application);
  • something you are (e.g., your fingerprint, face or voice recognition, retina scan) that a hacker doesn’t (or isn’t).

We focus here on the second kind — a code which constantly changes or expires after use. It can be delivered to you by text message or a secure application on your device/computer, making it virtually impossible for the hacker to get hold of.

The market is flooded with apps you can use to manage your 2FA logins from a single place. We won’t list them all, but here are a few of the most popular:

Google Authenticator: As described, this is one of the best-known and easiest to use.

Microsoft Authenticator: A free 2FA app which will link to your online accounts via QR code scan.

Authy: A good alternative to Google. It works across multiple devices, so if one gets lost, stolen, or if you’re the kind of person who frequently upgrades their devices — it’s less of a hassle all around.

We here at Cryptopay implore you to take the security of your account seriously and turn 2FA-protection on.

Cryptocurrency has been gaining popularity at such a remarkable rate that regulations, legislation, and authorities, particularly that of law enforcement have struggled to keep up and as such are helpless in most cases of theft. Meaning that the security of your funds by and large depends solely on you. Undoubtedly, no one can be fully protected from a fraudulent act and we cannot guarantee that you will never encounter any unwanted activity, but to be forewarned is to be forearmed and the more you know about possible threats, the more efficiently you will be able to protect yourself.

If you’re unsure about how your current security practices stand up against the most common types of hacks, check out this very helpful article with 7 basic tips that you should apply to every online services account that you create.

There also might be a chance that your email was shown in some database leaks that have happened in the past few years. Visit haveibeenpwned.com and if you find your email there, you should seriously consider setting new and unique passwords on every important online account you have.