The importance of crypto password security: your most valuable lesson

The most important lesson you can learn when beginning your cryptocurrency adventure is that password security is king.  Let me emphasize that. Password security is your number one priority.

The average password is short, obvious and easy to crack. Most people believe they have a strong password, but in reality their choice of password statistically falls short of what is recommended.

Entropy is the technical way to measure password strength. Entropy is a measurement (in bits) of how hard it is to crack a password.  This is calculated through a combination of the character set used (upper case, lower case, special characters) with the password length.

A password with 1 bit of entropy would be able to be guessed right on the first attempt half the time. For each successive bit, the password becomes harder to crack. When creating a password, it is recommended to adhere to the following as a minimum:

• Include an upper and lower case character, a number and a special character.
• Don’t use words that could be linked to you (e.g your name or a part of your username).
• Ensure you use a password with a minimum of 8 characters, however I would recommend closer to 20+

The above list is a great start, but there are other considerations. Best practice around password security is now focussed on using a password manager. A password manager (such as Keepass) allows you to create strong individual passwords for every site and service you use online. It works like a digital safe. So you have one database file that you access using an uber-strong password you have memorised. This password should adhere to the above list and not be recorded anywhere on a device.

Once you open your database, you can then use the password manager to create highly secure (high-entropy) passwords very quickly for use with any service you sign up with. This is best practice as a lot of users repeat the same password for each site they sign up for. This opens you up for risk if someone finds out that particular password and accesses all of your accounts. Using the password manager method ensures all your passwords are hard to crack and varied.

Other related considerations are computer security and multi-factor authentication. To ensure you are not opening yourself to malware, viruses and keyloggers, use an up to date and reputable anti-virus software. Wherever a service allows you to use two-factor authentication (via your phone, another email or using a service such as google authenticator) then enable it. Two factor authentication requires the malicious user to have access to both your password and your other device (such as your mobile) in order for them to mount an attack.

Lastly, we must also be aware of malicious users who employ social engineering to access passwords. For example, requesting your username or password through an email or site that isn’t legitimate. Always ensure you are on the correct URL of your chosen web page.  Then ensure any official email is from a legitimate source. Another form of social engineering is gaining your trust through an ‘investment’ opportunity and then asking for log in details to access your account for set up. Again this is a big red flag.

A great place to check your password strength is here: https://howsecureismypassword.net/

Remember password security is purely your responsibility, get it right from the start and you won’t have any issues.