Before You Begin
Lesson 2: Passwords & Encryption
Transcript of video lesson
Link to Lesson
Welcome back to Digital Currency Ownership Before You Begin, an original Coin Academy Course designed to equip you with the knowledge and the techniques that you need to safely own digital currency. This is the second lesson in this course entitled Passwords & Encryption and this is a fairly long lesson because we actually go through step by step, the process for setting up two factor authentication and for encrypting the hard drives on your desktop machine. Some of you may have already done some or all of these items, if so you should feel free to skip forward in this video or even on to the next lesson if it’s appropriate.
But let’s start out with the basics. What’s a good password? Well, longer is better! That’s a good, solid general rule. A lot of people feel that 10 characters or better is what’s necessary to have a secure password but there’s more to it than just length. You need to avoid anything that’s in the dictionary and you need to avoid key personal milestones or public information about you or your loved ones. Now, it doesn’t have to be arcane, I know a lot of people want to have something that looks extremely difficult and is impossible to guess, and doesn’t make any sense, but the reality of the matter is their using machines to guess these things anyways so it doesn’t matter that much. The real key is to make it long as possible, and of course it needs to be memorable.
The passphrase or the password “Iluvmy4x4don’tu2?” is much better than that other pass phrase there at the end of the line. Why? Simply because it’s longer. Now you’ll notice it does use some alternate spellings and it mixes in some other characters but the bottom line is the whole thing is readable and it does make sense. That means you can remember it and you’re much more likely to get it correct and not have problems and be constantly frustrated by it. The password on the right is short it does have arcane characters in it but I assure you that the one on the left is much harder to crack than the one on the right.
Passphrases, these are sometimes called “Brain wallets,” we’re seeing these appear more and more these days, they are required now by some services. Basically a passphrase is a long combination of words that acts as your authentication. These words actually have spaces between them so it is actually just a list of words. Sometimes these are very long, even more than 20 words, in some cases. And when time comes for you to authenticate they’re going to ask you for some of those words. For example, what’s the fifth word, the nineteenth word, the twenty-first word and you need to respond correctly to those to get them right. Obviously keeping up with passphrases is even more complicated than keeping up with passwords and that’s what brings us to our next topic, How do we manage all this?
Password vaults are life savers. What’s a password vault? It’s a software tool you install in your computer that keeps up with your passwords for you. Some of them are free, most of them are low cost all of them are worth it. Basically they give you a way that you can store all these data on your machine, it’s encrypted, you have to use a password to get into it so there’s the one that you have to remember and it really just makes your life much, much easier. I’ve used one for years and I couldn’t function without one, I have too many passwords and usernames, all these different services all over the web and the password vault keeps me sane. It also has very good tools for sorting, searching, categorizing things, so it makes the utility value is very high, in short. If you don’t want to go that route there are alternatives, you could create a spreadsheet or a document but if you do, make sure that you encrypt it and of course back it up. Don’t use the same password for multiple services. This is very simple, you are trying to put little walls in between those services so if somebody does crack your password, they’ve only cracked it for one service. They don’t have access to all your different services across the web.
Also, please do change your passwords periodically, it’s far too easy to be lulled into insecurity. Everyone struggles to do this, you know it has to be done. Now, let’s transition into a discussion of Two Factor Authentication. This is often called 2FA. Basically the concept is this, when you go to a website and you enter a username and password, that’s single factor authentication.
Two factor authentication adds another layer. This is highly recommended because we’re dealing with financial services: Two factor authentication dramatically increases your security. It adds a second, independent layer of protection for a website or for an application. Typically this is done via an SMS or a token generator, in other words your phone or a third or another device becomes part of your authentication process. This is commonly used by banks, you may have a token generator that was issued to you by your bank, so when you log in to your online banking services you have to have the token generator, you push your button, you read the numbers on the screen, you typed it on the screen and then you’re in. That’s two factor authentication.
Some sites now provide it: Facebook, Twitter, LinkedIn, Coinbase, they all provide two factor authentication as an option for their authentication. But additionally, you can add a third party service that will give you two factor authentication, even if the original website or app doesn’t offer it. Two of the best ones by far are Google Authenticator and Authy. Now, Google Authenticator is a nice service, it’s free, it’s easy to use, but some people for example people on Windows they may want to use Authy. There are some situations where Authy provide you with additional service that Google Authenticator does not.
But what I’m going to do now is I’m going to take you through the implementation process for Google Authenticator. This is a fairly long process, there are 19 steps and all, it goes pretty quickly mind you but there’s a lot to it and I want to take you through every bit of it so you’ll know what to do. If you already have 2FA set up, feel free to skip this. If you don’t have 2FA set up please do implement this. You will thank us for it.
Alright first thing you need to do, get out your phone or your tablet, I’m going to assume we are working on a phone here and you need to set up the Google Authentication Application on your phone, then you’re going to go your computer and you’re going to set up a service called Google 2-Step Verification on the computer. So there’s two parts of this, part of it is done on your phone, part of it is done on your desktop machine. On your phone go to either the Google Playstore if you’re on Android or to the iTunes store if you’re on OSX. There you can search for Google Authenticator and you can see that in the image here. And once found it, select the app from the list.
When it appears on the screen take a good look, make sure it is the correct app that it is from Google Incorporated then click the install button. Now it’s going to ask you for permission to access your Identity or for your Keychain in some cases, go ahead and accept, you need to do that and then it will download and install, once the installation is complete it will prompt you to begin the set up process for two step verification.
This is where we have to start working with our browser. So click begin set up and now go to your computer, open your browser go to Google, login to your Google account, I’m assuming you have a Google account and if you don’t obviously you have to get one first. Then click on you name on the top right corner of the screen and select account.
Now you’re going to see a number of screens here that have blue bars on them where we have blocked out personal information so don’t let that throw you, you won’t see the blue bars. After you click on account, the account page on Google will load for you, find the security tab, click on the security tab and it’s circled with the orange circle.
Now you’re in to the security tab, find the 2-step verification section click on set up, if I’m moving too quickly don’t worry about it you can pause or you can always roll back this video and read it again.
Now the 2-step verification introduction page will load on your screen click start set up. Alright, here you need to enter the telephone number of the phone that you wish to use for the 2-step authentication process.
So enter the phone number, it is covered up by a blue box here. Select whether you want to receive an SMS or a voice call with the verification code and then click the send code button. At this point you will receive either an SMS or voice call depending on what you selected and it will have a 6 digit code. You need to take that 6 digit code and type it into the box on the screen on your computer, click verify.
This screen ask you whether the computer you’re on now is the computer you want to mark as a trusted computer. Use this if this is the primary computer you’re going to use for your financial transactions, if it’s not or it’s a shared computer, or you’ve use somebody else’s account to log in, don’t select this option.
Once you’ve made your choice click next. This is your confirmation screen. This says that you now have two factor or 2-step verification set-up for Google, click confirm. And now we want to go further, we want to tie the 2-step verification service we’ve just created to the mobile app that we’ve installed earlier on our phone. Now you can do the 2-step verification without the mobile app, I should’ve said that to you earlier I guess.
The reason why we say install the app, it’s because if you’ve installed the app, you can use the 2-step verification even if you’re internet service is interrupted or you’re having problems with your phone service. If you do not do this, you’re committed to relying on SMS service or something like this to get that verification code and it’s conceivable there’d be situation where that wouldn’t be practical. The app also makes it easier because it actually keeps track of all the different services that you’ve tied into the 2-step verification service. So the app is a really good idea, it gives you that extra layer of protection. The protection from service disruption.
So we want to tell the Google 2-step verification service we’ve set up that we’re going to use the app on our phone, so click the switch to app button and this is what I’ve circled in orange on the screen.
Now you need to, in the pop-up, select the operating system of your phone once you’ve selected the operating system click continue. This screen will show up with the QR code on it. When this screen shows up, grab your phone, re-open the Google Authenticator App and on the top right corner click on add an account and when add an account page appear, which is what is on the screen right now, click scan a barcode.
Now take your phone camera point it at the bar code on the screen until the phone “beeps” to confirm that it recognizes the QR code. If you don’t have a QR code reader installed on your phone, you’ll be prompted to install a QR code reader, so go ahead and do that. Most people probably have one. Once the phone beeps, the Google Authenticator App will then display a 6-digit confirmation code on your phone. Take that code, enter it into the field provided on that screen you see on your computer right now. Then click verify and save.
That’s all there is to it, 18 steps later, that’s all there is to it. I realized there’s quite a bit to it but it’s actually all very simple, it’s very, very hard to go wrong, you’re just literally following the instructions on the screen. Google does a very good job at holding your hand and taking you through this. There’s just a bit of back and forth between the phone and the computer. There’s one more thing that we want to do now and this is for our additional security. We want to make back-ups.
So click the print or download button, you see it encircled there on the screen and this is the sort of screen you’ll see. Those are setup verification code that you can use in the future if for some reason you are cut off from your mobile device, print this page, store it safely and now you have a set of back up verification codes to make sure you have access to your machine in case for example you lose your phone.
Alright, at this stage you have 2 Factor Authentication enabled for your Google account and you have the Google Authenticator Application on your mobile device. Now I wanna show you how you can use this service to secure a third party application. So by way of example, I’m going to show you how to implement Google Authenticator on the Green Address Desktop Wallet.
So here we go. First you’d open Green Address. Now mind you this process, even though I’m using Green Address, is largely the same for any application where you want to add Google Authenticator for 2-step authentication, 2 Factor Authentication. It’s very, very straight forward, you’ll see in just a moment.
So after opening Green Address, you login and then you select the settings options on the menu. On the next page that will load, the settings page, you scroll down until you find the two Factor Authentication. You see it on the screen here. Then we click on the toggle button for Google Authenticator.
Green Address at this point in time gives us a pop-up, you want to click the button show QR code. Now go get your phones, switch your mobile device. Open your Google Authenticator App, click add an account up on the top right. Click scan a bar code and then point your camera that barcode on the screen, wait for it to “beep” and once it “beeps” click the close button on the Green Address Wallet screen and it will give you this new screen and in that space that’s provided you input the 6 digit code that shows up in your Google Authentication App.
Once you’ve done that, Green Address will immediately send you or display you an enabled message saying, “Hey you’ve enabled Google Authenticator,” so it confirms you now have the 2 Factor Authentication service enabled to protect Green Address Wallet and this will use the Google Authenticator App. Now that’s really quite a simple process and once you have Google Authenticator setup adding new services into it so that you can use that tool to help protect those services, very, very straight forward so don’t be daunted by this large number of steps we’ve gone through, it’s very much worth it because as you can see once you have it installed it’s actually quite easy and you only need to go through this once with each application.
Alright, it’s time to change topics. Now we’re going to talk about hard drive encryption and this is basically the process of helping protect the data that’s on the hard drive of your computer. Having a good password or passphrase that makes it difficult for someone to access your system is one thing but if your computer stolen, someone can remove the hard drive put it on to a different device and read the data, unless you’ve encrypted that hard drive. So it’s absolutely essential that you do keep your hard drive encrypted if you’re keeping your financial data on your machine. Now the first example were going to look at is hard drive encryption for Windows and then later we’re going to look at encryption for MAC, so again feel free to skip this if you’re not on a Windows machine.
From Windows 8.1 forward hard drive encryption is enabled by default however if you’ve upgraded your software to 8.1, your machine may not support the default encryption protocol, in which case you’re stuck doing it the way the older systems do it. And the older systems use BitLocker, which is an application that’s actually built into windows. You don’t have to actually go out and get anything, its right there for you already, you just have to start it. If you don’t want to use BitLocker, there are third party solutions available, some of them are on the screen right now, TrueCrypt, Kruptos. Privacy Drive, pick whichever one’s right for you but frankly for most people Bitlocker is the easiest to use, it’s certainly the least expensive option.
So here’s how to encrypt a Windows hard disk drive using Bitlocker. First you go to your control panel, select system & security. When the system & security screen loads, select Bitlocker Drive Encryption. When the Bitlocker drive encryption page loads, select the drive that will be encrypted. And of course here, you want to select your main drive where your data is stored. Now you need to select the preferred method for access control after the drive is encrypted. You can either create a Startup Key, you can set a pin or you can use an automatic method.
The startup key is the most secure, in this case, the key is actually safe to a third party device, a USB drive. The down side is you must have the USB drive to start up the computer, so if you really wanna lock down the computer, use the Startup Key option and keep you USB drive safely locked away, so that no one else can access it.
Alternatively create a pin and you’re going to have to input that pin correctly each time you want to start up the computer. The final automatic version is called TPM and this allows you to start up with just your Windows authentication, in other words when you login to Windows, it also goes ahead and gives you access to the hard drive. This is hardware dependent, not all systems will support it. It’s also the least secure because it does leave the computer vulnerable to different hacking attempts. Alright, once you chosen your method, if you’re using the Startup Key, it’s time to insert a clean USB drive and click save.
Now when I say clean USB, I mean nothing else on the USB drive just use it for this purpose. If you selected pin at this point in time you’d be entering your pin instead. Click save and you move on. Now you need to create a secondary location for saving your recovery passwords, so you have a recovery password in case you lose your pin or your USB drive. The recovery password will be displayed on the screen for you as well. Make sure that you record this, don’t skip this whatever you do because if you get locked out this is the way that you can get in, the only way you can get in. Once you’ve jotted that down click ok. And now, your system will begin to encrypt the hard drive on the machine.
Hard drive encryption on a Mac is fairly straight forward process. Encryption is built in to OSX, it’s a feature called “FileVault” but you have to enable it. I would also recommend while you’re in there enable the firewall. In Windows the firewall’s enabled by default, in Mac it’s not, so you should turn that on.
Let’s get started, go to your Apple menu, that’s the small apple shape menu on the top left of the screen. Select system preferences and when the system preferences pop-ups shows, select security & privacy. On the security & privacy screen we have to do a little housekeeping matter before we can proceed, we’ve got to unlock things so that we can make changes, so you click that little lock icon down on the bottom left hand side and a little pop-up will appear that ask you for your Mac username and password.
Enter that information and click unlock and that lock will change, the padlock will change from closed to open and it means we can now start to make changes to the system. So click the firewall tab and if the firewall’s not already on, click turn on firewall. Next click the FileVault tab, then select turn on FileVault.
At this point in time, their going to ask you what you wanna do for recovery key, just like with the Windows system that we showed earlier, there is a recovery key in case for some reason you can’t get in to your hard drive. You have two options here, you can either store the recovery key online with Apple, it will be encrypted or you can store it offline.
If you wanna store it online, you need to set up security questions and answers, what’s really important to remember here is the answers have to be given exactly, correctly to be able to unlock your recovery key. So if at some point in time in the future you can’t get in, you’ve got to access the recovery key, you go to Apple, they’re going to ask you these series of questions, you must give the exact answers. You really need to jot this down and do not lose the information. Once you’ve done all that click continue.
At this point in time they will display a recovery key on the screen for you, you need to write this down, don’t skip this, this is very important and store it in a safe place, click the continue button once you’ve done that. At this point, you’re prompted to restart the machine so it can begin the encryption process, click restart. The good news here is the system will restart, encryption can begin and you can continue to use your machine during the encryption process. The only thing you need to keep mindful of is don’t turn off the machine until it’s done. That’s it, that’s all there is to it, encrypting a hard drive on a Mac is really quite easy, it’s not much more difficult on a Windows machine either and you must do this to keep your financial data secured. Don’t skip over this.
One final note in this lesson and that is Anti-Malware & Anti-Virus. Now we haven’t talked about it up to this point because I would hope that by this point in time everyone is running Anti-Virus solutions on their machines. The world’s gotten too risky not to do this but for some reason you aren’t or you’re unhappy with the ones you have, here are a couple of recommendations.
For Windows machines we recommend AVAST, its good system, it’s kept up to date in patch, it has good virus definitions, it’s reasonably price and it’s not too resource intensive.
For Mac, there’s actually a free solution that’s very good it’s called Sophos Anti-Virus again the same things apply as to AVAST, it’s light weight, it’s not resource intensive and the virus definitions are kept up to date. Run a full scan regularly and certainly run it as soon as you install the software.
If the software you’re using offers you the option to schedule full scans use it. Also keep the active scan enabled for your incoming emails, in other words you want that software to scan all the incoming email looking for malware, looking for viruses. Finally, please keep your virus definitions up to date, “Don’t be lulled into insecurity, it’s too easy to do.”
Okay that’s it for this lesson, it was a long one I know. In the next lesson we’re going to be looking at Backups & Offline Storage, so please join us for lesson three.