Best Web3 Security Practices You Should Remember
Web3 has a host of exciting improvements over Web2 but one area of focus that should not be overlooked is security.
Safety and security take on whole new meanings in Web3, the Violet Verse is here to tell you what’s up.
Given recent security incidents such as the Solana wallet hack, users in Web3 need to remain diligent to maximize their security practices.
Let’s dive into a few common questions surrounding Web3 user security.
What are some browser security tips?
Use a browser with built-in ad blocking features like Brave Browser. This will reduce the chances of seeing malicious advertisements that could mislead you into browsing to fake websites or downloading malware.
Double check that your connection uses ‘https’, often indicated by a padlock 🔒 in the address bar. Brave does this by default and for other browsers, there are extensions like HTTPS Everywhere.
Also, take advantage of browser privacy features such as preventing cross-site tracking and browser fingerprinting. This will reduce the chances of your data being used across sites, which can, in worst cases, be leveraged for an attack.
Any password storage recommendations?
Password management is critical to maintaining complex and unique credentials to the various sites, apps and wallets you may use. It is strongly recommended to use some form of encrypted database to store your credentials.
A good password manager should also provide strong, randomized passwords for new entries, this way you never use the same password more than once across your accounts. There are reputable cloud-based solutions like LastPass and Dashlane, and for those who prefer offline solutions, open-source titan KeePass has long been the standard for security experts.
There was a Solana wallet hack, is there anything the wallet user could have done to protect their digital assets?
The recent Solana hack on August 2, 2022 has resulted in thousands of compromised Solana wallets for more than $5 million in USD. This could have been prevented through the use of cold wallets, a more secure, albeit slightly less convenient method of storing crypto assets. In tech, the term cold is generally synonymous with offline.
By transferring funds into a cold wallet like Ledger or Trezor, users are completely insulated against these types of attacks. This is because the keys used to transfer the funds exist only on the cold wallet. Cold wallets can store the keys offline, whereas custodial, or “hot”, wallets like Solana wallet require a constant internet connection. Hot wallets are far more convenient and easy to use compared to cold wallets, because the hot wallet provider takes custody of the seed phrase (which is like a password) for the wallet. However, it is strongly recommended that users with substantial portfolios use hot wallets for their blockchain assets.
READ: Token-Gated : Blockchain, Innovation, and Our Future
Brave Wallet is native to Brave browser and offers strong protection while also being compatible with hardware wallets.
What best security practices are you seeing in Web2 that can be applied to Web3?
Some of the easiest strategies that can be taken from Web2 into Web3 are basic credential hygiene and security awareness principles to help you spot scams, such as fake Twitter support.
Almost all wallets now require 12 word seed phrases (or more) which offer strong protection against brute-force hacks. One of the biggest areas of vulnerability is the failure for individuals to detect scams.
It is important to remember that it is highly unusual for ‘Coinbase Support‘ or ‘Metamask Support‘ to DM you on Twitter to help you with your wallet issue. It is also never a good idea to share your seed phrase; sharing your seed phrase with someone is almost a guaranteed way to have your assets stolen. You wouldn’t give someone your bank password, so why would you give someone your seed phrase? It’s basically the same thing here.
With these tips you can continue to explore web3 and manage your web3 assets with confidence. Follow Violet Verse on Twitter for more security related updates!
**Disclaimer: Nothing on the Verse should be taken as financial advice. Please do your own research. $VV utility reflects engagement on the protocol, accessing token-gated content and community events.
