The majority of this guide is tailored for Windows users.
Guides for Linux and Mac coming soon!
Securing your wallet
If your wallet.dat file is stolen, and it's unencrypted & you have no backup of the file, it's the equivalent of cash being stolen; there's no way of getting it back unless you catch the thief. Thusly, you must take proper precautions to prevent the loss/theft of your Gridcoin.
Wallet security recommendations:NOTE: PAPER WALLET INCOMPATIBLE WITH RESEARCH CLIENT/COINS!
- Create a paper wallet and store it in a waterproof, safe environment.
- Backup the wallet.dat and gridcoinresearch.conf files on encrypted USB sticks and store them somewhere safe.
- Alternatively, store an encrypted zip/rar/tar on any form of storage medium and keep it safe.
- Regularly check that your backups work - if you encrypt your wallet then forget the pass, you're in trouble..
- Read this wallet security guide (for Bitcoin, but relevant to Gridcoin to some degree).
Securing your browser
One of the most common attack vectors is through your web browser, so take precautionary measures to minimize risk of loss of funds/exposure to malware.
Non-exhaustive browser security recommendation:
- Stop using internet explorer, switch to Firefox, Chrome, or one of the many variants of the two.
- Do not use the same password for multiple sites. NEVER re-use a password!
- Use long passwords! the longer, the more difficult to crack.
- Consider a password manager such as KeePassX to create and store long/unique passwords.
- Use 2 factor authentication like a Yubikey, or GoogleAuth on any website that offers it; it's a second layer of defence against phishing.
- If you've been sent a shortened link, either use a link preview service or do not click it!
- Disable any extensions that have been installed by 3rd party software - java/toolbars/etc, minus antivirus.
- Keep plugins up-to-date (flash/java/etc).
- Use StartPage instead of Google.
Browser extension recommendations for extra security:
- uBlock Origin: Eliminate adverts from the internet; adverts often are malicious! Both "AdBlock" extensions, Plus and Edge, are now considered out-of-date.
- NoScript: Nerfs scripts on the internet; you have to manually allow sites to run scripts. Can help prevent malicious scripts running.
- Policeman: Alternative to NoScript. Nerfs scripts on the internet.
- HTTPS Everywhere: An extension made by the EFF; Enforces an https (SSL) connection on sites whenever possible.
- requestpolicy: Protects against CSRF (Controls cross-site requests).
- Cookie Controller: Manage site cookie permissions (browse & remove cookies).
- https-finder: Detects valid https pages as you browse.
- RefControl: Hides/forges your referers.
- Lastpass: Another secure password manager. Combine with a Yubikey and you'll have incredibly secure authentication online! Highly recommended!
- Random Agent Spoofer: Adding all these extensions makes your browser stick out like a sore thumb! Spoof your fingerprints!
Securing your communications
It's crucial that your private communications online are not intercepted by any malicious entity; privacy is a human right, take yours back!
- Do not use skype!
- Use a VPN to evade censorship, MITM attacks & totalitarian governments. Find the best vpn for you.
- Encrypt your private emails using PGP.
- Always attempt to use multi-party encryption if performing group chat/conferences. At the very least, password protect chat rooms.
- Use OTR for 1-1 secure communications (Pidgin + OTR), keep an eye out for multi-party OTR in the future.
- Don't share ANY of your personal information online. Use aliases.
- Use encrypted texting apps e.g. Chatsecure
- Keep usage of social media to a minimum; if you're not paying for the service, you're the product being sold.
- Do not use an email provider based in USA, instead use a secure alternative (link to list).
Securing your computer
Most of these tips are a given, but it's good to remember that they are quite important to adhere to at all times.
- Use Secunia PSI to keep software constantly up to date.
- Keep your operating system up to date (Windows updates/Ubuntu apt-get upgrade/Fedora yum -y upgrade/etc) & dont run a cracked version of your operating system (Good way to infect your PC & be a victim of ID theft).
- Keep usage of cracked/pirated software/games to an absolute minimum; keygens and pirate software can be (usually are) a source of malware.
- If you must install insecure software, run it in a sandbox!
- Install an antivirus program (Bitdefender paid versions are good!). Scan all files that you download from the internet, especially from forums & P2P sites/apps.
- Keep offline backups of your important data.
- Install theft prevention software on mobile devices, examples are: Prey, Lojack, etc.
- Encrypt your devices' storage, especially if you've got a mobile wallet.
- Do not share any of your account credentials to anyone, don't write them down, and don't store them insecurely on your PC.