Choosing a strong password for your wallet is just as important as keeping your keys protected. National Institute of Standards and Technology ( NIST ) recommends a password be at least eight characters long. They recommend machine generated passwords be at least six characters long. I would suggest looking into choosing a password manager. Similar to choosing a password for your wallet, you should use an eight character password for the password manager. Again I would write it down and put it in a safe or somewhere safe in your house. One “nuclear” option is get a metal tube and put the password to your password manager and the password of your Monero wallet in a metal tube and burry it in your backyard. Make sure you remember where you buried it. It is important to put it in a metal tube so that incase you forget where you buried it, you can use a metal detector to find it in a pinch.
I would also suggest to write down the password on piece of paper and keep that piece of paper in a safe or somewhere safe around your house. That way if the password manager database ever gets corrupted or deleted by accident you won’t lose any of your Monero or other coins. If you want to be extra careful put the paper in a metal tube.
Choosing a Unique Secure Password
One way to generate a secure unique password is use this site to generate a random seed. It is important to generate a random seed that you do not use to store your coins. An example seed is below.
dunes umbrella sushi together video prying doorway fifteen pulp tycoon evolved soprano zippers puffin island amnesty pumpkins odometer fatal sorry dwelt tsunami queen rest puffin
Using the seed that we generated, we could take the first letter of each word to generate a password. Using the seed above the password would be: dustvpdfpteszpiapofstqrp. If the password is to long, you could use the first eight characters.
Another way to make a wallet password with a seed is using the words to generate a passphrase like the example below: videotogetherzipperspuffin. We used four random words from the seed to generate a passphrase. To make it easier to read you could also add a special character between each words like the example below: video@together@zippers@puffin. Nist does not recommend using special characters because they claim that “the benefits of using specials characters rules is not nearly as significant as initially though”. This does not mean that you should not use special characters, just be safe about it and know the risks. Be creative instead of switching “s” to “$” for example. Hackers know that trick and will likely try to substitute letters for matching special characters in their word lists. . Also it is important to make sure that you do not reuse the password elsewhere. Hackers could attempt to use passwords in previous breached services or sites to try to hack into your wallet if they have access to your computer.
What Types of Passwords Not to Use
It is not a good idea to choose a password with your pet’s name in the password, but if you choose to use your pet’s name make it into a sentence. Like for example if I had a pet bunny named hopper, I could use the following sentence as a password: hopperhopsonsundayevenings. Nist recommends longer passwords rather then using special characters. The longer the password the longer it will take to crack it.
Also do not use your children’s names, birthdates or any information about yourself. To make it easier to remember the password, you could use a pronounceable such as: rTbOj4$2fRank. To remember the password above the following sentence could be used as a mnemonic device: Remember To buy Orange juice 4 $ 2 for frank. Capitalize random letters will make it harder for hackers to guess the password and steal your hard earned loot.
Some Sobering Truth
Do not do anything related to making a wallet while under the influence of anything, you risk the chance of losing the seed or thinking of a password that you WILL not remember when sober. Your coins will be lost FOREVER. This has happened to me while I was under the influence. Fortunately I did not lose a lot of money but it was a good amount that made me learn a lesson. Similar to why you should not drive while under the influence you are not thinking like your regular self, so a password that might make sense while your under the influence, will make no sense or you will not be able to remember it sober.
Safety Use YubiKey on Centralised Exchanges
Am example of Centralised Exchanges are Blockchain.com, Coinbase.com and Binance. You may have bought the cryptocurrencies but technically you do not own it. The old adage goes not your keys not your coins. Centralized Exchanges can get hacked or they could run away with your money. It is recommend to store your coins on your computer, this also means that your 100% in control of your coins so if something goes wrong only you are to blame. If you are so keen on keeping your coins on an centralized exchanges there are a couple of things you can do that will make it harder for hackers to gain access to your funds. One way to protect your account is not to use your phone number as a 2 factor or multiple factor authentication. Hackers will often social engineer people working at phone services and con them on swapping your sim card to a card they own. That means all your text messages will go to their phone instead of yours, they will get your authentication code and will be able to gain access to your account, this scam is called Sim Swapping. If you do not want to buy a YubiKey, Google has an app called Google Authentication. It is much better than using your SMS for 2 factor authentication, there is even an App for Iphones.
Fear not! There are other ways of protecting your account. There a thing called YubiKey, which you can set up to use on most exchanges. In order to finish the login process you will have to plug in the device to your computer and put your finger on it which will generate a code that it can validate you are authorized owner. This means even if an hacker has your login information, they will not be able to log in to your account without the YubiKey. You can also use the YubiKey on a bunch of other services like Gmail, Windows and Apple iCloud. Sadly there is not any Wallet apps that support YubiKeys. But both password managers, KeeWeb and KeePass have support for YubiKeys. Personally I like KeeWeb better, because of the GUI looks modern, but both of them work fine. Using a password manager will allow you to safety store secure passwords for your wallet without having to remember a long string and YubiKey will help protect your passwords even more.
Featured image source: https://st.depositphotos.com/1034895/2190/i/450/depositphotos_21906991-stock-photo-password.jpg