This majority of this guide is tailored for Windows users.
Guides for Linux and MAC coming soon!
Securing your wallet
If your wallet.dat file is stolen, and it's unencrypted & you have no backup of the file, it's the equivelant of cash being stolen; there's no way of getting it back unless you catch the theif. Thusly, you must take proper precautions to prevent the loss/theft of your gridcoin.
Wallet security recommendations:NOTE: PAPER WALLET INCOMPATIBLE WITH RESEARCH CLIENT/COINS!
- Create a paper wallet and store it in a waterproof, safe environment.
- Backup the wallet.dat file on encrypted USB sticks and store them in a safe.
- Alternatively, store an encrypted zip/rar/volume on any form of storage medium and keep it safe.
- Regularly check that your backups work - if you encrypt your wallet then forget the pass, you're in trouble..
- Read this wallet security guide (for bitcoin, but relevant to gridcoin to some degree).
Securing your browser
One of the most common attack vectors is through your web browser, so take precautionary measures to minimize risk of loss of funds/exposure to malware.
Non-extensive browser security recommendation:
- Stop using internet explorer, switch to Firefox, Chrome, or one of the many variants of the two.
- Do not use the same password for multiple sites.
- Use long passwords! the longer, the more difficult to crack.
- Use 2 factor authentication like a Yubikey, or GoogleAuth on any website that offers it; it's a second layer of defence against phishing.
- If you've been sent a shortened link, either use a link preview service or flat up don't click it!
- Disable any extensions that have been installed by 3rd party software - java/toolbars/etc, minus antivirus.
- Update all plugins (flash/java/etc)
- Use duckduckgo instead of google: DuckDuckGo
Firefox extension recommendation for extra security:
- Adblock edge: Eliminate adverts from the internet; adverts often are malicious! ABP has 'whitelisted' adverts.
- NoScript: Nerfs scripts on the internet; you have to manually allow sites to run scripts. Can help prevent malicious scripts running.
- Policeman: Alternative to noscript. Nerfs scripts on the internet.
- Https everywhere: An extension made by the EFF; Requests a https connection on all/most sites.
- requestpolicy: Protects against CSRF (Controls cross-site requests).
- Cookie Controller: Manage site cookie permissions (Browse & remove cookies).
- https-finder: Detects valid https pages as you browse.
- RefControl: Hides/Forges your referers
- Lastpass: A secure password manager. Combine with a Yubikey and you'll have incredibly secure authentication online! Highly reccomended!
Securing your communications
It's crucial that your private communications online are not intercepted by any malicious entity; privacy is a human right, take yours back!
- Do not use skype!
- Use a VPN to evade censorship, MITM attacks & totalitarian governments. Find the best vpn for you.
- Encrypt your private emails using PGP.
- Always attempt to use multi-party encryption if performing group chat/conferences. At the very least, password protect chat rooms.
- Use OTR for 1-1 secure communications (Pidgin + OTR), keep an eye out for multi-party OTR in the future.
- Don't share ANY of your personal information online. Use aliases.
- Use encrypted texting apps e.g. Chatsecure
- Keep usage of social media to a minimum; if you're not paying for the service, you're the product being sold.
- Do not use an email provider based in USA, instead use a secure alternative (link to list).
Securing your computer
Most of these tips are a given, but it's good to remember to remember that they are quite important to adhere to.
- Use Secunia PSI to keep software constantly up to date.
- Keep your operating system up to date (windows updates/ubuntu apt-get upgrade/fedora yum -y upgrade/etc) & dont run a cracked version of your operating system (Good way to infect your pc & be a victim of ID theft).
- Keep usage of cracked/pirated software/games to an absolute minimum; keygens and pirate software can be (usually are) a source of malware.
- If you must install insecure software, run it in a sandbox!
- Install an antivirus program (Bitdefender paid versions are good!). Scan all files that you download from the internet, especially from forums & P2P sites/apps.
- Keep offline backups of your important data.
- Install theft prevention software on mobile devices, examples are: Prey, Lojack, etc.
- Encrypt your devices' storage, especially if you've got a mobile wallet.
- Do not share any of your account credentials to anyone, don't write them down, and don't store them insecurely on your pc.
- If you want to securely store passwords on your pc (not browser), use KeePass.