Falling prey to a fraudulent link can be devastating to one’s personal investment portfolio. Here are three ways a hard wallet can protect you.
The explosiveness and high dollar value of non-fungible tokens (NFTs) seem to distract investors from increasing their operational security to prevent exploits, or hackers are simply following the money and using very complex strategies to exploit investors’ portfolios. collectors.
At least, this was the case for me a long time ago, after I fell for a classic Discord message that slowly but quickly caused me to lose my most valuable assets.
Most Discord scams happen in much the same way, where a hacker grabs a list of members on the server and then sends them direct messages hoping they’ll take the bait.
BEWARE: Several scams happening on Discord tonight. QUESTION EVERYTHING. Before clicking on links, quadruple check who it’s from and if it’s legitimate. Then check 12 more times on Twitter via trusted sources.
— Farokh (@farokh) October 27, 2021
“Happens to the best of us” are not the words you want to hear when it comes to a hack. Here are the three most important things I learned from my experience about doubling down on security, starting with minimizing the use of a hot wallet and simply ignoring private links.
A quick crash course on hardware wallets
After my hack, I was immediately reminded, and I can’t reiterate it enough, to never share your seed phrase. No one should ask for it. I also learned that I could no longer give up security for the privilege of comfort.
Yes, hot wallets are much smoother and faster to trade, but they don’t have the added security of a pin and passphrase like a hardware or cold wallet.
Hot wallets like MetaMask and Coinbase are connected to the Internet, which makes them more vulnerable and susceptible to hacking.
Contrary to hot wallets, cold wallets are applications or devices where the user’s private keys are offline and do not connect to the Internet. By working offline, hardware wallets prevent unauthorized access, hacking and typical system vulnerabilities, something they are susceptible to when online.
4/ USE A HARDWARE WALLET
A hardware based wallet stores the keys off of your main device. Your device that could have malware, key loggers, screen capture devices, file inspectors, that could also be snooping for your keys.
I recommend Ledger Nano Shttps://t.co/LoT5lbZc0L
— richerd.eth (マ,マ) gm NFT.NYC (@richerd) February 2, 2022
Additionally, hardware wallets allow users to set a personal pin to unlock their hardware wallet and create a secret passphrase as an extra layer of security. Now, a hacker needs to know not only one’s recovery phrase and pin, but also a passphrase to confirm a transaction.
Passphrases are not talked about so much as seed phrases, since most users do not use a physical wallet and are not familiar with the mysterious passphrase.
Access to a seed phrase will unlock a set of wallets that correspond to it, but a passphrase also has the power to do the same thing.
How do passphrases work?
Passphrases are, in many ways, an extension of the seed phrase, as they mix the randomness of the given seed phrase with the user’s personal input to calculate an entirely different set of addresses.
Think of passphrases as an ability to unlock a whole set of hidden wallets in addition to the ones already generated by the device. There is no wrong passphrase and an infinite number can be created. In this way, users can go further and create decoy wallets as plausible deniability to prevent any potential hack from targeting a main wallet.
This feature is beneficial in separating one’s digital assets between accounts, but it’s terrible if forgotten. The only way for a user to repeatedly access hidden wallets is by entering the exact passphrase, character by character.
Like the seed phrase, the passphrase must not come into contact with any online or mobile device. Instead, it should be kept on paper and stored somewhere safe.
How to configure a passphrase in Trezor
Once the hardware wallet is installed, connected and unlocked, users who want to activate the feature can do so in two ways. If the user is in their Trezor wallet, they will click on the “Advanced Settings” tab, where they will find a box to check to enable the passphrase feature.
Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware is up to date and their pin installed.
There are two different models of Trezor, the Trezor One and the Trezor Model T, both of which allow users to activate passphrases just differently.
Trezor Model One only offers users the option to enter their passphrase in a web browser, which is not ideal in case the computer is infected. However, the Trezor Model T allows users the option of using the device’s touchscreen keyboard to type the passphrase or typing it within the web browser.
In both models, once the passphrase has been entered, it will appear on the device screen, awaiting confirmation.
The other side of security
Security has its risks, although it sounds contradictory. What makes the passphrase so strong as a second passphrase authentication is exactly what makes it vulnerable. If forgotten or lost, the assets are gone.
Sure, these extra layers of security require extra time and precautions and may seem a bit over the top, but my experience was a hard lesson in taking responsibility for ensuring the safety of every asset.
The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should do your own research when making a decision.