NFT, Defi and cryptohack abound – How to double your wallet security

The explosiveness and high dollar value of non-fungible tokens (NFTs) seem to either distract investors from increasing their operational security to avoid exploitation, or hackers simply follow the money and use very complex strategies to exploit collectors’ wallets.

At least this was the case for me all the way back when I fell for a classic message sent to me over Discord that caused me to slowly but all too quickly lose my most valuable possessions.

Most scams on Discord happen in a very similar way where a hacker takes a list of members on the server and then sends direct messages to them in the hope that they will bite the bait.

“It happens to the best of us,” are not the words you want to hear in relation to a hack. Here are the three best things I learned from my experience on doubling security, starting with minimizing the use of a hot wallet and simply ignoring DM links

A quick crash course in hardware wallets

After my hack, I was immediately reminded, and I can not repeat it enough, never share your seeding sentence. No one should ask for it. I also learned that I could no longer give up security when it was convenient.

Yes, hot wallets are much more seamless and faster to trade, but they do not have the extra security of a pin and a password phrase that they do on a hardware or cold wallet.

Hot wallets like MetaMask and Coinbase are connected to the internet, making them more vulnerable and vulnerable to hacks.

Unlike hot wallets, cold wallets are applications or devices where the user’s private keys are offline and not connected to the internet. Because they operate offline, hardware wallets prevent unauthorized access, hacks, and typical system vulnerabilities, which are vulnerable when they are online.

In addition, hardware wallets allow users to set up a personal pin to unlock the hardware wallet and create a secret password phrase as a bonus layer for security. Now a hacker not only needs to know one’s recovery phrase and pin, but also a password phrase to confirm a transaction.

Password phrases are not as common as start phrases since most users may not use a hardware wallet or are familiar with the mysterious password phrase.

Access to a seed set will unlock a set of wallets that correspond to it, but a password phrase also has the power to do the same.

How do password phrases work?

Password phrases are in many ways an extension of one’s seed phrase since it mixes the randomness of the given seed phrase with the user’s personal input to calculate a completely different set of addresses.

Think of password phrases as an ability to unlock an entire set of hidden wallets on top of those already generated by the device. There is no such thing as a wrong password phrase and an infinite amount can be created. This way, users can go the extra mile and create lure wallets as a plausible denial to spread any potential hack from targeting to one main wallet.

Recovery seed / password phrase diagram. Source: Trezor

This feature is beneficial when separating one’s digital assets between accounts, but awful if forgotten. The only way for a user to access the hidden wallets repeatedly is by entering the exact password phrase, character by character.

Like your seed phrase, a password phrase should not come in contact with any mobile or web-based device. Instead, it should be stored on paper and stored in a safe place.

How to set up a password phrase on Trezor

Once a hardware wallet is installed, connected, and unlocked, users who want to enable the feature can do so in two ways. If the user is in the Trezor wallet, they will tap on the “Advanced Settings” tab, where they will find a check box to enable the password phrase feature.

Trezor wallet landing page. Source: Trezor

Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware has been updated and the stick installed.

Trezor wallet landing page. Source: Trezor

There are two different Trezor models, Trezor One and Trezor Model T, both of which allow users to activate password phrases in different ways.

Trezor Model One only offers users the ability to enter the passphrase in a browser that is not the most ideal in case the computer is infected. However, the Trezor Model T allows users to use the device’s touch screen to print the passphrase or enter it into the browser.

Trezor Model T / Trezor wallet interface. Source: Trezor

On both models, after entering the passphrase, it will appear on the device screen and wait for confirmation.

Back to security

There are risks to security, even if it sounds counterintuitive. What makes the password phrase as strong as a second authentication step to the seed phrase is exactly what makes it vulnerable. If they are forgotten or lost, the assets are virtually gone.

Sure, these extra layers of security take time and extra precautions and may seem a little exaggerated, but my experience was a difficult lesson in taking responsibility for making sure every asset was safe and secure.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trade involves risk, you should conduct your own research when making a decision.