Seriously, we need to all secure our shit. Phishing attacks are on the rise, but there are several steps we can all take to make our accounts more secure. So let’s lock it down!

Password Management

If you’re still making up your own passwords, STOP. Seriously, there are so many better ways to create passwords for all your accounts.

Use a password manager. 1Password or Bitwarden. Nothing else. Forget LastPass, that shit sucks. I like 1Password myself, the paid features are worth it.

For the master password on your password manager, make up a secure password using mnemonics to string words and numbers together. This makes it easier to remember and is just as strong as randomly putting different letters and numbers together and memorizing that. NEVER write this down.

Yeah I know people will say that having a single password to your password manager is vulnerable, but if you make it strong enough and never use it for anything else, it’s the least of all the evils. Being secure on the internet is really all about making it annoying for attackers to get past your defenses.

2FA

If you have SMS/Text/Phone 2FA enabled on your accounts when you have other options, stop it! SIM swaps are too frequent, especially in crypto where money flows easily.

Authenticator apps are a better step for security. Just make sure you use something that doesn’t sync in the cloud. That’s not secure enough. Authy is solid if you turn off phone number duplication.

The BEST option, imo, is using a hardware security key. I use these Yubikeys, specifically with NFC capability. This gets your 2FA to be cryptographically secure, and in the case an application only support authenticator apps, Yubico offers an authenticator app to use with your Yubikeys.

Yubikey Setup

1. Order at least two Yubikeys. One will be your backup key, and one your primary. They will be exact copies of each other. That way, if you lose one, you aren’t locked out of your accounts.

2. Download the Yubikey Manager application for desktop and the Yubico Authenticator application for phone & desktop.

3. Complete the following steps after getting your yubikeys.

4. Open the Yubikey Manager.

5. Plugin your primary Yubikey.

6. Go to Application → FIDO2.

7. Set a 8 digit PIN code for your Yubikey. Some applications will require this to be set for extra security. Once set, unplug the Yubikey.

8. Plugin your backup Yubikey.

9. Repeat the PIN process for your backup Yubikey. Use the same PIN code.

10. Now you are ready to use your Yubikeys!

Yubikey Setup

Whenever you want to use your Yubikeys with an application, go to the app’s security settings. The first step should ALWAYS be to turn off SMS 2FA.

If security keys are directly supported, you’ll want to follow the process to add both of your security keys (primary + backup).

If only an authenticator app is supported, make sure you add the OTP to both Yubikeys. Typically this process is done in a few steps.

1. Open the Yubico Authenticator application and insert/scan your yubikey.

2. Scan the QR code from the application security setup.

3. Save it to the Yubikey.

4. Remove the Yubikey if inserted.

5. Insert/scan your backup Yubikey.

6. Scan the QR code from the application security setup.

7. Save it to the Yubikey.

8. Now enter the one time passcode to the application to complete the authenticator setup.

9. Complete!

If you add your Yubikeys as security keys or using the Yubico Authenticator application, you’ll be more secure than just SMS 2FA!

Secure your shit!