Cryptocurrency | Web 3 Information Security Call for Papers: Haven't done the first step to protect your wallet? !

Web3 information security sharing: First of all, if you don’t have money, you don’t need an encrypted wallet, right? So dispersing as much money as possible is the way to keep your wallet healthy (laughs). Of course, we can't love it so much, it's really important to keep your encrypted wallet safe. When it comes to the details of information security, it is not my specialty, but there are some ideas that I would like to write.

Are there really so many exchanges that are healthy? wool comes from sheep

Whether you use a centralized exchange CEX or a decentralized exchange DEX, you have to lock your money with them to some extent, so I really don't think many people think that "DEX is safer than CEX" is true . When using DEX, at most, the funds will not be obtained by the other party, but your coins are still locked in the other party's chain (such as Osmosis or Crescent blockchain) or in the field. If the other party wants to close the chain, your money will also be tied/no Understand.

As for CEX, it often sees how many Us are traded, and then sends as many Us and the like, and then "dog rushes", but have you ever thought that "your personal information is that product" ? It is no longer said that the exchange may be a "Zao Lao Exchange" to withdraw money and run away. Your personal information may have been sold on Deep Web, and you can find the links to the circle of friends of the 18th generation of your ancestors. You are still stupid. Counting those dozen U. Therefore, unless it is necessary, I will not randomly register a new exchange . I will really check its track record or check if there is any accident before registering.

Of course, it is necessary to go to Coingecko to check whether the exchange supported by a certain currency is connected. However, the change of the situation is unpredictable. If the exchange is going to leave, it is like the sky is going to rain and the mother wants to marry and can not stay. Therefore, when you are unfamiliar or have registered for a long time, but you suddenly want to use the exchange, you really need to Look for news first.

No matter what, it's all your fault

Looking at the cases of Dobby and others recently, many times they are defeated by themselves, no matter how many hardware packages they have, but accidentally pressing the "Approve" or "Confirm" is GG. So don't touch the transaction if you are not sober, at most just get the reward. As the saying goes, it's not that you don't have money in your pocket, FOMO is useless, if you can grab it, maybe you will buy it and the price will drop.

It is important to take a deep breath before making a trade.

Recently, I have also seen some people suggest that another method is to put your assets in a multisig wallet. No one said that a multisig wallet must be used by several people. If you put your assets in a multisig wallet, even that Several wallets are hard wallets , and it takes a lot of steps to make a transaction. How to "not sober" should be awake if you get it right, which greatly reduces the possibility of being caught. I think this approach is worth looking into.

Everything starts with e-mail, do a good job of avoiding boundaries

Many times we are used to "one email goes all over the world", social media is that email, registered exchanges are that email. But have you ever thought that if your e-mail is blocked or something (for example, this father-son-inflammation according to the doctor's consultation, Google is sentenced to block the account of child sexual abuse ), you will have GG again. Those crazy AIs can't communicate and negotiate, so sayonara.

I highly recommend keeping all emails of money as separate as possible, separate emails for different wallets and even different banks and exchanges, so as to avoid exploding your wallet and bank account once for thieves when hacked. But I also know it's difficult, but at least separate private and $$ email accounts.

As for whether to use your own domain to open email? I don't have an answer to this. For example, using Google to do a good job of 2FA should be better than using your own domain hosting without sufficient protection, and if you forget to renew your own domain, you will need GG. But I'm also not convinced that Google or other email providers will fully protect my privacy under the authority. I don't have an answer to use or not to use my own domain to manage $$'s email account.

The first step in protecting your wallet: start by protecting your LikeCoin account

I posted an article on Liker Social saying that because of Matters' earlier maintenance + my own holiday, last month my praised citizen money could not be effectively sent out. Then someone replied to me that he didn't receive the Appreciated Citizen Report and found out that his Liker Land didn't have a confirmed email address .

It's really a bit unsafe. Not only is the relationship between not receiving the monthly report, if the social account such as Facebook is locked by the crazy AI without confirming the email address, you will not be able to log in, and you may need to do a lot of things to log in. So if you're using a community login and haven't confirmed your email address, do it quickly. Of course, it is best to export your own mnemonic . Even if the Liker Land app/web fails, you can use Keplr or Cosmostation to manage your wallet and get the ultimate freedom, because it's still the old sentence: Not Your Keys, Not Your Coins, the responsibility to protect your wallet, ultimately falls on you.