a16z The Most Basic and Feasible Password Security Configuration Solution

a16z Password Security Solution

Three basic methods for protecting personal sensitive information in the digital world: password protection, two-factor authentication, and mnemonic phrase protection of encrypted wallets.

In today’s highly digital world, we not only need to focus on how to better use online services, but also need to protect our sensitive information more rigorously. As we become more dependent on online platforms to handle various transactions, the security of sensitive information becomes increasingly important. The following content is compiled by MarsBit.

Three types of sensitive information that humans need to securely store and their protection methods:

In this increasingly active digital world, as our online accounts and information continue to increase, our demand for protecting privacy and sensitive information is also growing. Most people must keep the following three main types of sensitive information safe when using online services:

• Exploring the true potential of RGB What possibilities are there?
• Interpreting the Economic Impact and Risks of the Launch of the Cosmos Liquidity Staking Module from Three Perspectives
• Milady, the fog of civil war, founders or indirectly serving US intelligence agencies.

• Password – credentials used to access various websites and services. They should not only be kept confidential, but the password for each service should also be unique.

• TOTP codes – usually generated by an authenticator app or a time-based one-time password (TOTP) system. They provide two-factor authentication, where the second layer of protection (which can also be multi-layered, hence the term “two-factor” and “multi-factor”) helps ensure secure access.

• Mnemonic phrases – “mnemonic phrases” or recovery phrases that directly control all encrypted wallets derived from them. This demonstrates a powerful feature of encrypted wallets: once you enter your mnemonic phrase, you have complete control over your assets without the need to transfer them from one custodian to another.

It should be noted that these “secrets” are not limited to encryption/Web3 scenarios; today any internet user should adopt these security practices or customize them according to their needs. While we recommend adopting the strictest security measures possible, the reality is that for most people, purchasing a hardware wallet, WebAuthn key, or a device equipped with a TEE is not easy (at least not yet). Moreover, sometimes losing sensitive information can be even more dangerous than leaking it because some information cannot be recovered once lost.

Therefore, we propose a “most basic feasible security configuration” scheme. This scheme leverages tools that many people already have – using a well-tested password manager to store your mnemonic phrases and passwords, and using a TOTP app on your phone to store and use TOTP codes for two-factor authentication.

Here is a more detailed explanation:

• Avoid using SMS as the second step of two-factor authentication. Due to the increased risk of SIM card swapping attacks, SMS has become a weak point of 2FA. Hackers can request assistance from mobile service providers by impersonating you (“I lost my phone and need to access it…”), and then transfer your phone number to their device, gaining access to all accounts associated with that number. That’s why we recommend using authenticator apps like Authy, Google Authenticator, etc. Unfortunately, not all services offer two-factor authentication, but you should still ensure the use of strong and unique passwords.

• Use a password manager to store your passwords. This is primarily to achieve the goal of setting unique passwords for all online services; otherwise, most people tend to reuse passwords across multiple websites. Password managers can protect each online account with a unique and complex password, while utilizing a strong “master password” to encrypt all stored passwords (see 1Password, Bitwarden, or Dashlane).

• Your master password should be at least 16 characters long – preferably a randomly generated phrase composed of at least 5 words, which typically means about 30 characters but is easier to remember. This is not an arbitrary recommendation; the length and complexity of a password greatly increase its difficulty to crack. Therefore, longer is better. Most importantly, never forget your master password! If needed, you can write down password hints and store them in a secure place, remembering where they are stored.

• Keep an encrypted copy of your backup codes/TOTP in cloud storage and print them out to store in a secure physical safe. You may wonder if TOTP codes can be stored in a password manager. Although some password managers support this feature, we recommend using two separate tools to keep passwords and TOTP codes separate. So where should you store mnemonic phrases? The answer may be somewhat complicated, but in short, store them in your password manager. If you have a large amount of assets in an encrypted wallet, you may need to consider more complex solutions, but for most people, this method is sufficient.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!