One of the most frequent issues brought to the attention of the PLATINCOIN support service is a loss of passwords and private keys to wallets, as well as passwords to emails.

Cryptocurrency holders often fall victim to hackers — they break into email inboxes and crypto wallets to gain access to coins. According to a report from January 2020, attackers have stolen a total of $11 billion in cryptocurrencies since 2011. The peak of security breaches occurred in 2019, when hackers succeeded in stealing more than $101 million worth of cryptocurrencies.

Unfortunately, PLATINCOIN users have also fallen victim to attacks in the past. The reason for the breach often came down to a trivial email password, like a birthday or a simple combination of numbers.

In this article, we’ll take a look at some popular reasons for break-ins to PLATINCOIN users’ wallets, we’ll teach you to create truly secure passwords, and we’ll share life hacks for secure storage of passwords and private keys.

Which user mistakes offer easy access to cryptocurrencies for attackers? 

The blockchain technology underlying cryptocurrencies guarantees security for user funds — transactions on the blockchain cannot be counterfeited or reversed. However, the transparency of the blockchain can often become a "double-edged sword" — on the one hand, all transactions are displayed in the blockchain, on the other hand, any attacker can become interested in a wallet with a large number of coins stored on the account.

Another problem is the low level of regulation in the field of cryptocurrencies, and in the case of stolen funds, users have nowhere to turn for help. That’s why it’s important for cryptocurrency holders to follow simple security rules when storing their funds, which we will discuss in this article. But first, let's figure out the most common reasons why users lose their funds:

  • Users store cryptocurrencies on the exchange or in the web version of the wallet. Exchange wallets are often targeted by scammers because they often hold large amounts of cryptocurrencies. At the same time, not every site offers special funds to compensate users for stolen funds — most often, users have no way of recovering coins lost to hacker attacks.
  • Cryptocurrency holders ignore additional options to protect their funds. For example, many services offer users the option of enabling two-factor authentication. It prevents hackers from gaining access to your account even if they know your username and password. If you turn down this opportunity, it will be much easier for criminals to steal money.
  • Users store logins and passwords on a computer with an Internet connection. If a computer has an Internet connection, it can be hacked in the same way as a cryptocurrency exchange. In addition, if your computer breaks down, you can lose access to the keys, and hence to the cryptocurrency.

PLATINCOIN users’ experiences

All the thefts of coins and hacking of personal accounts on PLATINCOIN occur through users' email addresses. The PLATINCOIN support service has collected data on all requests to determine hacking statistics, identifying three key user errors that lead to loss of funds:

  • using the same passwords for emails and personal accounts;
  • storing access data for personal accounts or to the PLC Wallet in e-mails;
  • storing login data in Google Docs documents without passwords.

In order to avoid these errors in the future, we’ve put together a set of instructions that will help you create a secure password. 

Creating a secure password 

  1. Use special services for generating complex passwords

Attackers break into emails by using automatic algorithms that are relatively simple compared to the capacity of the human brain. We advise you to take advantage of services to automatically generate passwords, like the service provided by Lifehacker. Passwords generated in this service are transmitted through a protected protocol, and they are not stored anywhere on the service.

2. Don’t use significant names and dates in your password

According to cybersecurity experts, attackers can easily guess such passwords. We have put together several non-obvious life hacks that will help you create a truly complex password:

  • Take the first stanza of your favorite poem, nursery rhyme, or proverb as a foundation. Make sure it’s not very well known. Write the first letters of the poem, with case sensitive and insert punctuation marks between the letters, which are between them in the text. The next step is to replace letters with similar numbers, for example, “i” with “1”, and “o” with “0”, and then type the string on the Latin keyboard layout.
    “Shall I compare thee to a summer’s day?”

“S1ct2asd?’

  • Use obscure professional terms that are unlikely to be known to a wide audience and try to make them more complicated:
    “palatalization of the dorsal;
    pa1ata1izationoft4ed0rsAl”
  • Use dates that aren’t immediately obvious. Attackers can easily figure out your birthday and the birthdays of your family members, so try to use an obscure date instead. For example, this can be the first day you met your beloved pet. 
  • Take advantage of the graphic key principle which is often used in smartphones. Mentally draw an image on your keyboard and use the resulting combination of keys as your password.

Once you’ve come up with complex passwords for your most important accounts, make sure to save them by writing them down or printing them out. You can’t just rely on your memory: make sure to store your password in several other locations as well. In our next piece, we’ll tell you the best places to store your passwords. 

Proper password storage

If you store your password on a medium connected to the Internet, hackers can take advantage of this and steal your data. The alternative in this case is to choose a storage location without Internet access, for example, a sheet of paper with printed passwords.

There are also ways to securely store passwords online using special storage applications. They work like a safe: to access the vault with all passwords, the user needs to enter the master password. It is worth choosing and storing it especially carefully, because it gives access to all passwords in the storage location.

Top 5 apps for password storage 

It’s important to select a secure storage for your passwords that is guaranteed to keep your data safe from attackers.

Here are some examples:

  1. LastPass
    For iOS, Android, Windows, Linux, and versions for some browsers are also available.
    Price: there’s a free version, a trial version, and a paid version.

    All versions of the app can store an infinite number of passwords, with two-factor authentication and auto-complete functionality. In the paid version, you can synchronize passwords on different devices and share classified folders with loved ones. In the application, you can generate an unpredictable password and then save it.
  2. Dashlane
    For iOS, Android, Windows and Linux.
    Price: there’s a free and paid version.

    This password manager is the main competitor to LastPass. They are similar in functionality. Dashlane has a password manager, autocomplete and e-wallet functionality available across all versions. The free version has a limit on synchronization with other devices. Unlimited synchronization is available in the paid version.
  3. Zoho Vault

    For iOS, Android and Windows.
    Price: there’s a free and paid version.

    The free version is for personal use, the paid version is for team use. In all versions of the application, you can save an infinite number of passwords and notes, it also stores the password access history and the history of user activity, with the option of two-factor identification.
  4. Sticky Password
    For iOS, Android and Windows.
    Price: there’s a free and paid version.

    The application has a high level of security, since it was developed by the same team as AVG Antivirus. Sticky Password provides fingerprint login and cross-device sync.

  5. KeePass
    For iOS, Android, Windows, Linux, with browser versions available.
    Price: there’s a free and paid version.

    This is a free, feature-rich open source password manager. Users can make changes to make the application more secure and usable. Official, as well as unofficial versions of the application, are posted on the website of the developers.

It’s important for cryptocurrency owners to correctly store not only their passwords, but also their private keys.

What are private keys and how should you store them?

A private key is a special combination of characters presented as a complex cryptogram. Such a cryptogram is almost impossible to guess or pick.

It’s similar to the signature of the owner of a cryptocurrency wallet. Whoever knows the private key gets unlimited access to the coins on the wallet, so it’s important to ensure that no one except the wallet owner knows this information.

The private key is actually a number between 1 and 10 to the 77th power. It will take at least several million of the Earth's lifetimes to guess this number, even if we’re able to check a trillion numbers per second . This provides a very high degree of protection, but researchers do not exclude the chance that new technologies for hacking crypto wallets will emerge as quantum computers become more common.

Keys are stored with different recording methods. These recording methods are called "Wallet Import Format". For example, the same key can be written in three different forms:

Hex: 1E99674A4CA27608A45A1813ABB0E9E52CFA330AC563EDBB32C8AAC6A964AECA.

WIF: 5J3nBbAG58CuQ346RNLpPUA

WIF-сжатый: KxFC1jnghCoACiATWZ3oXa748VN6ac3TYzGkd7YbsqGLY

You should be especially careful when approaching the security of your cryptocurrency wallet data: if attackers manage to access your username, password, or private key, they can gain access to your funds. The best way to store your information is on paper or on electronic media that doesn’t have Internet access. However, with these methods, you might lose access to your wallet if the medium is lost or damaged. If you choose to store your passwords online, make sure to use a special application that will protect your data from fraud. You should especially ensure the security of your private key, because it provides unlimited access to the funds stored in your wallet. If you suspect that third parties have access to your private key, immediately transfer your money to another address.