security Bitcoin 4

Computer Security

Physical Security

Physical security has always been a vital part of computer security. If a bad guy has unmonitored physical access to your computer, a large number of bad things can be done to your detriment. This become even more critical as we start to store a potentially large financial value on our devices.

Files containing cryptographic keys, Bitcoin wallets, and confidential data can easily be retrieved from hard drives with the proper knowledge – even when accounts and BIOS are protected by a password. The only protection against this, specifically, is if Full disk or container encryption is used to protect those sensitive bits. But if you don’t maintain proper physical security, key loggers can be installed to record passwords used to secure those containers, tiny video cameras can be installed above keyboards to record key strokes, and bootloaders can be “enhanced” with Malware to compromise your Operating System.

Software Updates

The first piece of keeping your computer secure is making sure it has the latest versions of your Operating System, patches, and software applications. Letting these things fall behind can open the door to malware thru vulnerabilities.

Don’t just take for granted that your Operating System is automatically applying system updates. Verify it for yourself and run the update process yourself from time to time.

If your Operating System does not update individual applications, make it a point to manually check the vendor’s website to see if there are any available updates – especially security related updates, which typically will be free of charge.

AntiVirus / Malware

Honestly, AV software is nearly useless against new/unknown types of attacks, especially targeted attacks. But they can be very useful against well known problems. Even on traditionally Virus-Free Operating Systems, you should consider getting some type of AntiVirus protection for your computers that play a role in helping you manage your finances.

Personal, Password Protected Accounts

Your computers should have a dedicated, password protected account for each user. Setting this up allows for a higher level of non-repudiation – It is much more easy to identify who is doing what from your computer. It can protect you (and other users) from false accusations and protect confidential information stored in the account profiles.

Unique, Strong Passwords

It is somewhat important to maintain strong passwords for your computers. They should be as random and long as possible.

One method that can be used to ease the pain is by using a Yubikey. The Yubikey is a small ThumbDrive” looking device that is really just a USB keyboard. When you press the button, it will input characters to your computer as if you were typing them in yourself.

The simplest way to use this product is by setting it with a static long, random string of characters and add or remove simple, easy to remember characters as a second factor of protection. This is often referred to as 2 factor authentication or “have something, know something”. For instance, if “ePhae9yi7uov” is stored on the Yubikey, and your additional component is your dog’s name “spookey”, your effective password might be “ePhae9yi7uovspookey” – something very hard to break, yet very simple to remember. As long as you maintainsmart security* over your Yubikey, you’ve just enabled yourself to have super easy, strong account protection. There are much stronger methods of using your Yubikey, but the method described is a way for the average user to easily gain a whole lot of password security.

“Smart Security” being – maintain physical possession of your Yubikey at all times and don’t use it unwisely (like at untrusted computers or over unsecured protocols such http).

Additionally, the same Yubikey could be used for other passwords by simply using a different “easy to remember” additive password. For instance, your TrueCrypt/encryption password might be “backspace, backspace” and your cat’s name “bubbles” which would make your encryption password “ePhae9yi7ububbles”.

External Password Stores

Several password storage systems exist that can help you manage a large number of unique passwords and their usage history. Our favorite is from Keepass.info because it is cross-platform (MacOS, Windows, Linux) and you are responsible for the database’s security and privacy. LastPass is another well known application that can be tied to your Yubikey for unlocking the database. However, by using Yubikey/LastPass in this fashion, you’re extending your rights to privacy to a 3rd party.