The explosiveness and high dollar value of non-fungible tokens (NFTs) either distract investors from enhancing their operational security to avoid exploitation, or hackers are simply following the money and making it too complex to exploit collectors’ wallets. using strategies.
At least, that was the case for me long ago, when I fell for a classic message sent to me on Discord that caused me to slowly but all but lose my most valuable asset.
Most scams on Discord occur in a similar manner where a hacker takes a roster of members on a server and then sends them direct messages in the hope that they will bite the bait.
Beware: There are several scams going on at discord tonight. question everything. Before clicking on the link, quadruple check who it is and whether it is legit. Then check Twitter 12 more times through trusted sources.— farokh (@farokh) October 27, 2021
“It happens to the best of us,” aren’t the words you want to hear in relation to the hack. The top three things I learned from my experience on how to double-up on security, starting with minimizing hot wallet usage and simply ignoring DM’d links.
A Quick Crash Course in Hardware Wallets
After my hack, I was immediately reminded and I can’t repeat it enough, to never share your seed phrase. No one should ask for this. I also learned that I can no longer leave security at the privilege of the facility.
Yes, hot wallets are more intuitive and faster to trade, but they don’t have the added security of PIN and passphrase like they do on hardware, or cold, wallets.
Hot wallets like MetaMask and Coinbase are plugged into the internet, which makes them more vulnerable and susceptible to hacks.
Unlike hot wallets, cold wallets are applications or devices whereby the user’s private key is stored offline and not connected to the Internet. Since they work offline, hardware wallets prevent unauthorized access, hacks and specific vulnerabilities by the system, something that is susceptible when online.
4/ Use a Hardware Wallet
A hardware based wallet stores the keys of your main device. Your device may contain malware, key loggers, screen capture devices, file inspectors, who may also spy on your keys.
I have a Ledger Nano Shttps://t.co/LoT5lbZc0L . I recommend— Richerd.eth (マ,マ) gm NFT.NYC (@richerd) 2 February 2022
Moreso, Hardware Wallet allows users to set a personal PIN to unlock their Hardware Wallet and generate a secret passphrase as a bonus layer of security. Now, a hacker not only needs to know one’s recovery phrase and PIN, but also the passphrase to confirm the transaction.
Pass-phrases are not talked about as seed phrases because most users may not be using a hardware wallet or may not be familiar with the mysterious passphrase.
Access to a seed phrase will unlock a set of wallets that match it, but a passphrase has the power to do the same.
How do pass-phrases work?
The passphrase is in many ways an extension of one’s seed phrase because it mixes the randomness of the given seed phrase with the user’s individual input to calculate a complete set of addresses.
Think of the passphrase as the ability to unlock an entire set of wallets hidden on top of wallets already generated by the device. There is no such thing as a wrong passphrase and an infinite amount can be made up. In this way, users can go the extra mile and create fake wallets as a plausible denial to spread any potential hacks targeting a main wallet.
This feature is beneficial when separating one’s digital assets between accounts but terrifying when forgotten. The only way for the user to repeatedly access the hidden wallet is to input the exact passphrase, character by character.
Similar to one’s seed phrase, the passphrase should not be exposed to any mobile or online device. Instead, it should be put on paper and kept somewhere safe.
How to Set a Passphrase on Trezor
Once the hardware wallet is installed, connected and unlocked, users who wish to enable this feature can do so in two ways. If the user is in their Trezor Wallet, they will hit the “Advanced Settings” tab, where they will find a box to check-off to enable the passphrase feature.
Similarly, users can enable the feature if they are in the Trezor suite, where they can also check that their firmware is up to date and that their PIN is installed.
There are two different Trezor models, the Trezor One and the Trezor Model T, both of which enable users to activate the passphrase in different ways.
The Trezor Model One simply offers users the option of typing in their passphrase on a web browser which isn’t the most ideal in case a computer is infected. However, the Treasure Model T gives users the option of using the device’s touch screen pad to type in a passphrase or in a web browser.
On both models, after entering the passphrase, it will appear on the device’s screen, awaiting confirmation.
the other side of security
There are risks to security, although this seems counterintuitive. What makes the passphrase so strong as the second step of authentication of the seed phrase makes it weak. If forgotten or lost, property is as good as gone.
Sure, these extra layers of security take time and extra precautions and can seem a bit overhead, but my experience was a hard lesson in making sure every asset is safe and secure.
The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, so you should do your own research when making a decision.