If you believe that good security posturing adds too many layers of complexity, just read the story of the guy (me), who lost all his crypto currency by not practising what he preaches. Don’t you make the same mistake.
A Valuable lesson.
Having listened to the hype surrounding Bitcoin, I was finally convinced to enter the Crypto currency gold rush by a colleague (Stephen).
Stephen advised me how to both purchase and store the currency. So, I set up an account with a digital currency gateway and parted with the best part of £1500 for some Litecoin and Bitcoin cash. I then stored my currency in the Exodus wallet portal.
Should now probably mention that at the time of my investment (2017), Cryptocurrency’s value was on an amazing upward trajectory. In a very short timeframe (less than 2 weeks), my investment had more than doubled.
The original installation of my secure Crypto wallet was installed on my company laptop, having enabled some of the additional security features such as MFA as a precaution – all was good!
Okay, during all this, I had decided to move to a new job which meant handing back the company laptop. Remembering to uninstall and transfer my crypto-wallet, I saved the transfer credentials onto an encrypted memory USB key – so far so good!
How on earth was I so blindsided?
Now it was a couple of weeks before I was to start my new job and be issued with a new company laptop, it was at this time Crypto’s value was still climbing. So remembering that I had an older laptop gathering dust in the cupboard, I set about installing my wallet to see how much the investment was now worth. After reconciling the wallet credentials from the USB stick and setting up the application and skipping MFA/2FA (as it also meant setting up my phone), I could indeed see the balance had increased! I would in the morning cash-in my original stake (£1500) and leave the balance/gain (circa £1700) as a long-term investment. I went to sleep that night feeling good.
The very next morning having opened the laptop and logged into the wallet, to my shock the total value of the coins was displayed as $0.42.
Up until this point, I had not encountered fraud before. Like many, I know there are plenty of risks associated with cryptocurrency, it’s a gamble, but the one thing you never expect is that you’ll be the victim of a scam!!
Once it happened, the feeling of disbelief was overwhelming! Incredibly anxious minutes went by as I attempted to log in and out of my wallet multiple times, hoping to see the balance returned to its previous value. As the reality finally sunk-in, I was left angry at myself (how could I have been so stupid?).
I’ll never be able to recover any of this money but realise the one thing I can do with this feeling of rage/sadness is ensure it doesn’t happen again and more importantly practise what I preach.
Enable 2FA – Just do it!!!
Two-factor authentication (2FA) is one method of security which is a best practise method of securing access. 2FA is a subgroup of multi-factor authentication (MFA), a solution that requires the use of two different factors to unlock a combination. For example, if 2FA is applied to a cryptocurrency exchange account you would need to log in with your username and password, but you will also need to enter a 2FA authentication PIN. The authenticator is usually on a secondary device such as your mobile phone.
Normally, when you sign up for an exchange or wallet, you should add 2FA to the account straight away for extra security. Most Wallets and Exchange gateways nowadays also enforce the use of 2FA. However, what’s not usually taught is the fact that nearly every account owned, from social media services to email, should ideally be locked with 2FA/MFA, even if you don’t own cryptocurrencies.
In a business scenario, the vendor RSA with their Secure ID suite goes beyond traditional identity and access management, using identity insights, threat intelligence and business context to provide secure access to all of your business’s users, across all of your business’s applications, from on-premise infrastructure to the cloud. It brings together multi-factor authentication, risk-based access management, identity governance and user lifecycle management in one powerful suite of solutions.
RSA SecurID Access
Protects critical resources with risk-based multi-factor authentication. RSA SecurID Access addresses a variety of user needs with a broad range of authentication methods including push notification, biometrics, OTP, SMS and tokens. Speak to us today if you’re interested in RSA, or to discuss the best options for your business.
Written by: Darrel Ellis, Client Director at Armadillo.