Awesome-Mirrors/Crypto-OpSec-SelfGuard-RoadMap
1
0
Fork 0
mirror of https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap.git synced 2025-01-24 14:31:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Updated - issues #1 #2
This commit is contained in:
Crypto Officer | officercia.eth 2022-12-21 07:42:00 +03:00 committed by GitHub
parent 0b9e6dae0a
commit e54fd98297
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -49,6 +49,10 @@ Use a secure email provider like Protonmail or Tutanota. Also use trused VPN lik
Use different emails and different strong passwords. Store them in one place like a password manager. Never reuse passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks/payments, crypto accounts). Use passwords that are at least 8 characters in length, but a minimum of 12 is generally recommended for memorization. Along with that, if using memorization, ensure that a minimum complexity requirement is met: which means having an uppercase character, a lowercase character, a digit, and a non-alphabetic character. Using a string of unrelated words while still meeting the dictionary requirement makes it easy to have an extremely secure password while still being able to remember it. If fully relying on a password manager, a password of 20+ characters in length that is randomly generated can be used. If you see suspicious password activity or failed log-ins on any of your accounts, change all of your passwords, starting with sensitive and authorization accounts, such as your primary email and bank/crypto accounts. [KeePass](https://keepass.info) or [KeePassDX](https://www.keepassdx.com) or [KeePassXC](https://keepassxc.org) or BitWarden are good options. I also found [this tutorial](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093) for [integrity check](https://keepass.info/integrity.html) (and other checks) very helpful, be sure to check it out as well: [link](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093).
**On the opposite:**
> For 2FA one can use KeePass + Yubikey as well. KeePass allows setting up TOTP to any entry in your .kdbx file. Yubikey could be used in company with KeePass to add a bit of entropy on each re-encryption when adding an entry in your db file: [Ref No.1](https://developers.yubico.com/Developer_Program/Guides/Touch_triggered_OTP.html); [Ref No.2](https://www.reddit.com/r/KeePass/comments/opx34q/keepassxc_and_yubikeys_setting_up_the); [Ref No.3](https://github.com/keepassxreboot/keepassxc/discussions/6344).
[Read More](https://blog.keys.casa/7-ways-to-level-up-your-bitcoin-opsec/)
[NIST 800-63b Password Guidelines and Best Practices](https://specopssoft.com/blog/nist-800-63b/)
@ -68,6 +72,10 @@ Instead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android. Google Auth
Hardware-based 2FA options are regarded as more secure than phone-based OTP options since the keys are stored on the YubiKey device itself, not on your phone, or in the cloud, or on your computer.
**On the opposite:**
> Aegis Authenticator is open source (licensed under GPL v3) and the source code [can be found here](http://github.com/beemdevelopment/Aegis). The issue with Authy is that it depends on a phone number which can be changed through an email request, allowing anyone access to HOTP/TOTP after an approximate 4-day wait period. To avoid that, disable multi-device!
[Read More](https://www.threatstack.com/blog/five-opsec-best-practices-to-live-by)
---