Secure Computing Guide
When it comes to using Bitcoin on a daily basis, one of the biggest issues preventing mainstream adoption is the current state of computer security. The average person can never be truly confident that their computer or smartphone is completely secure. Specifically, keyloggers are particularly effective against Bitcoin users, allowing malicious individuals to capture your keystrokes in order to steal passwords and private keys. There are many smart people working on a solution to this complex issue, but our users demand an answer now.
First and foremost, all long term savings should be stored in properly generated cold storage paper wallets. Since your private keys never touch the internet, no hacker or virus can steal your funds.
This is only a solution for savings, what about day to day Bitcoin usage?
Secure Computing for the Average User
For the average user, we recommend using a Chromebook and two factor authentication in combination with web wallets for their daily spending needs. Think of cold storage as your savings account, while this is your checking account.
Chromebooks are laptops that run a modified version of Google’s chrome browser. They are full featured, secure, and very easy to use. They also happen to be extremely cheap, making them particularly useful as a dedicated secure machine. With Chromebooks, Google handles your computing security for you.
Chromebooks receive constant updates, for free, for life. Software that is not up to date can often lead to vulnerabilities which malicious individuals can exploit. With Chromebooks, updates are automatic and painless.
All Chromebooks are encrypted by default. Nobody can access your data without your Google password even if they have physical access to your hard drive. Neither Windows or OSX encrypts your hard drive by default, while Google’s integration is seamless. Make sure you have a secure Google password that you don’t reuse with other services. This site allows you to test the security of a given password. Use it to try different password techniques but make sure not to enter whatever password you decide to use.
Built in Virus protection that is always up to date. Google protects the entire ChromeOS ecosystem with it’s own built in, constantly updated, virus protection. Since they are able to administer the entire ecosystem, they can detect and neutralize new threats quicker than ever before.
Secure Boot. Chromebooks are designed with tight software and hardware integration. This allows them to initiate a secure boot process that makes sure none of your Chromebook’s hardware has been tampered with. It still boots up way faster than both Windows and OSX, rarely taking more than 10 seconds depending on your model.
Automatic Backup. All files, apps, settings are automatically backed up to Google Drive. You get 100GB Google Drive storage for the first two years included with all Chromebook purchases.
Useful for sharing. Unfortunately, many Bitcoin thefts turn out to be committed by friends who often have easy access to your computer and know you own Bitcoin. If a friend wants to use your Chromebook, you click “sign out”, and they sign in with their Google account and all of their data will be downloaded from the cloud. If they don’t have a Google account, they can use the “Guest Mode” feature. Either way, they are completely disconnected from your info and files and would need your password to break the encryption.
It is worth noting that the security of Chromebooks relies on you trusting Google. If you are trying to hide your activity from the US Federal Government, a Chromebook will be ineffective. Google will most likely honor the government's request for information, especially if there is a criminal investigation.
Two Factor Authentication
Two factor authentication is an additional security measure that requires you to enter a one time use number whenever you login to a service. Even if a malicious individual gets access to your password they will still need the code to access your account. You should have this enabled on all of your important accounts, especially your google account. You can have the code delivered to you in three different ways.
Text Message. This is the most basic type of two factor authentication, and is the easiest to implement but the least secure. The service sends you a text message with a one time use code whenever you attempt to sign in. You then enter the code when prompted during the login process. Text messages are unencrypted during transit and cell phone numbers can be spoofed, both vulnerabilities enable the interception of codes. That being said, its better to have text message based two factor authentication than nothing.
Using a Smartphone App. You can use either Google’s app or an app called Authy to deliver your two factor authentication codes. You sync them with the service when you first set it up using a QR code. They then use a formula based on time to present you with codes, regardless if you have internet reception. Since it doesn’t need an internet connection, you can install the app on an old phone that doesn’t have a cellphone plan/internet connection for added security.
- Dedicated Device. This is the method that many banks and corporations use. You are issued a dedicated device with a small screen on it. The screen displays a number. When you sign in you enter the code shown on the screen.
For those looking for a more in-depth overview of ChromeOS security, you can find their technical overiview here.
Disclaimer: This guide is intended solely to provide information. As I have no knowledge of individual circumstances and technical level, readers are expected to complete their own due diligence before proceeding with anything mentioned in this article. The topics discussed in this post are advanced and readers proceed at their own risk. Readers are expected to complete their own due diligence before purchasing or selling anything mentioned or recommended.