eoswriter.io is proudly sponsored by EOS Nation
This tutorial helps secure all of your online accounts to prevent sim-swapping, email hacking and allowing bad actors from accessing your online accounts, including wallets and exchanges where you may store your cryptocurrency holdings.
We believe that this is a very important subject that needs to be addressed and brought to light. As a result, we are going to publish their original post in its entirety and add some of the more popular commentary from the post as well:
Step by Step Guide to Personal Internet Security
Updated June 10, 2019
Fred Krueger and Ben Sigman
In the last few months, a very large number of cases of sim-swapping and identity theft cases have been happening to people we know. If you are in crypto, you have a very high likelihood of being targeted. If you are in a senior position at a tech company you have a high likelihood of being targeted. If you know either one of us, you have a very high likelihood of being targeted. We’re going to explain exactly, step by step, what you can do to minimize your exposure.
But first: let’s analyze what you have to lose. There are multiple attack vectors, all of which are very, very bad:
1. If you have crypto on an exchange, and all you have is phone 2FA, then its relatively easy for a hacker with control of your phone to transfer all your crypto into their account
2. If a hacker gets control of your files on dropbox or google drive, either personally or at your company, you could be subject to blackmail
3. If a hacker gets control of your Messenger, Skype, or other social media account, they can extract money from your friends, and/or blackmail you.
4. Even if it does nothing to the hacker, the fact of getting hacked can cause reputational damage and loss of confidence for you, your friends and family, and work colleagues.
As you can see, there are multiple ways in which this is extremely bad.
Step 1: Move all your passwords to 1Password
The average tech worker today uses 20+ online services on a daily basis for social networking, productivity, entertainment, domain name registration, banking, crypto exchanges and travel. A high percentage of us use the same relatively simple password for all of these services. The inertia of changing passwords for all 20+ services keeps the password the same for very long times.
Password Managers, including our favorite 1Password replace this with a master database, where each service is given a unique long 20 char+ password, with one central key being used to decode the database, and one “master password” used to access the list online.
The first step in your security audit is to replace your entire list of passwords with the 1Password application and a password that is truly unique just to 1Password. For each application, choose a separate “hard” 20 char+ password.
Step 2: Get a PAID Google Voice Account
The second step to preventing sim card fraud damage is to stop your dependency on your primary cell phone phone number. At the end of the day, it may not be possible to stop your number from being ported, but its possible to minimize the consequence. The way to do that is to sign up for a separate Google Voice number that is in no way connected to your key phone account.
To do this, go to gSuite, and create a paid domain / email account, and add a Google Voice account to that “1 person company”. This has three great consequences: it gives you an email that you will only use for password recovery, it gives you a phone number that is not swapable, and it gives your 24/7 support in case your Google Voice email gets hacked.
Step 3: Make sure all your web services use the Google Voice number and the new special purpose email
Once you have created your completely personal email / google voice retrieval credentials you need to make sure that all your web services use these. In particular:
Social and Chat:
– Facebook, Twitter, Linkedin, Quora, Skype, WhatsApp, Slack, Discord
– Google, Adobe, Trello, Dropbox, GitHub,
– Orbitz, Expedia, Priceline, Hotels, Tripit
– Fandango, Netflix, Spotify
Banking + Financial
– Bank of America, Wells Fargo, Schwab, eTrade
Note that the main thing is that NONE of these services should have account recovery that points to your main phone number. You need to work on the basis that you will be sim swapped. Assume somebody has access to your primary phone account. Now minimize collateral damage.
Here are some of the most popular commentaries:
Disclaimer. EOSwriter does not endorse any content or product on this page. While we aim at providing you with all the important information we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.