CategoryCryptoLab

Crypto Lab Technology Blog Postings

Windows – Installing WireGuard & Documentation

W

Windows – Download Configuration Files First
After you purchase your VPN service you will be issued VPN configuration files. You can visit the download area where you can download the zipped files. If you have downloaded them to the downloads folder, move them out of the downloads folder into your Documents folder or Desktop. Double Click or Right Click on the file to un-zip the file. When you double click the file it might force you to enter the password issued to you and can be found in your welcome email. 

You will notice that a new folder was added to the Documents folder similar to the name of the zipped file you downloaded. Instead of a single file that ends in a .zip name, it is a folder that contains your VPN configuration files. You will use these files when you import your VPN connections into WireGuard.

 

Download WireGuard app

Download the official WireGuard app for Windows (available in 32- and 64-bit versions) from the WireGuard website.
Run the installer.
After WireGuard installs, click the Import tunnel(s) form file button.
Navigate to the folder where you have the Algo configuration files stored and select the configuration file you’d like to import.
Click Open
Click Activate to connect to the selected VPN connection.
Click Deactivate to disconnect from the VPN connection.
That’s it!

Edit A Connection

Click on the WireGuard icon  located in your computer.
Click on the Tunnel (VPN Connection) you would like to edit.
Click the edit button.
Make changes to the name of the Tunnel.
You can turn on Block untunneled traffic (kill-switch)

0

MacOS Desktop – WireGuard Installing & Documentation

M

Currently, the WireGuard app requires macOS version 10.14 or newer. If you are running an older version of the MacOS that will not support the WireGuard app, checkout our video on installing Wireguard on Linux. This video will show you how to install WireGuard on an older MacOS.
The video below is not as detail in the installation instructions as the step by step below. This video will be updated shortly. 

Mac – Download Configuration Files First
After you purchase your VPN service you will be issued VPN configuration files. You can visit the download area where you can download the zipped files. If you have downloaded them to the downloads folder, move them out of the downloads folder into your Documents folder. Double click on the file to un-zip the folder. When you double click the file it will force you to enter the password issued to you and can be found in your welcome email. 

You will notice that a new folder was added to the Documents folder similar to the name of the zipped file you downloaded. Instead of a single file that ends in a .zip name, it is a folder that contains your VPN configuration files. You will use these files when you import your VPN connections into WireGuard.

Download WireGuard app

Open the macOS App Store and find the WireGuard app.
Click Get/Install to download and install the app.
Start the WireGuard app from your computer’s Launchpad or Application folder.
The WireGuard icon will display in your desktop’s top menu bar (no window will automatically open).

Import the configuration file

Click on the WireGuard icon located in your desktop’s top menu bar.
In the drop-down menu, select Import tunnel(s) from file…
Navigate to the folder where you have the VPN configuration files stored and select the configuration file you’d like to import. In the example above we moved this folder to the Documents folder.
Click Import.
Click Allow if you get a pop-up saying “‘WireGuard’ would like to Add VPN Configurations.”

Connect

Click on the WireGuard icon located in your desktop’s top menu bar.
In the drop-down menu, select the VPN connection that you want to connect to, for example “atlantanoads-25”.
A checkmark will appear next to it. That’s it!

Disconnect

Click on the WireGuard icon located in your desktop’s top menu bar.
In the drop-down menu, click on the server that you’re connected to (the one with a checkmark next to it).
The checkmark will disappear, signaling that you are disconnected.

Edit A Connection

Click on the WireGuard icon located in your desktop’s top menu bar.
In the drop-down menu, click on the Manage Tunnels.
Click on the Tunnel (VPN Connection) you would like to edit.
Click the edit button. You will be asked to verify your computer password.
Make changes to the name of the Tunnel.

On-demand activation

Enable this option if you are experiencing frequent disconnections or if you want to ensure that the VPN service is always active.

Click on the WireGuard icon located in your desktop’s top menu bar.
In the drop-down menu, click on the Manage Tunnels.
Click on the Tunnel (VPN Connection) you would like to edit.
Click the edit button. You will be asked to verify your computer password.
Enable Cellular or Wi-Fi or both.

0

What is an Algo VPN?

W

Algo, a self-hosted personal VPN server designed for ease of deployment and security. Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need. 

Algo is a set of Ansible scripts that simplifies the setup of a personal IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not require client software on most devices.

And best of all the Algo VPN software is open source and Free.  With closed source programs you need to take it on faith that a piece of code works properly, open source allows the code to be tested and verified to work properly. Over time this means open source projects (like the Linux kernel) tend to become more secure with more people testing and fixing the code.

You can read what Romain Dillet from Techcrunch.com has to say about the Algo VPN Server. “But there’s something refreshing about Algo VPN — it lets you set up disposable VPNs.”. “…I don’t see any reason why you should sign up to a commercial VPN service after playing with Algo VPN. I trust myself for not handing over my data to authorities (duh).”
0

Testing Tools

T

Data Breach

haveibeenpwned.com Check if you have an account that has been compromised in a data breach.

monitor.firefox.com See if you’ve been part of an online data breach.

Data Breaches Privacy Rights Clearinghouse’s Chronology of Data Breaches.

Email Testing

IsMyEmailWorking.com A simple & Accurate Way To Test Your Email. Try the Advanced Email Test to see your email go through it’s steps.

IsNotSpam online spam checker was created to help you test email and newsletter content, and alert if it is likely to trigger spam filters.

Browser Finger Print Testing

deviceinfo.me will display all the information being revealed by your browser.

panopticlick.eff.org is run by Electronic Frontier Foundation.

amiunique.org is another good resource and is open source.

Security Testing

DNSleaktest.com DNS Leak Test Check to see if your DNS is being leaked to your local ISP.

ipleak.net IP Leak Test Check to see if your real IP is being leaked via your VPN.

Astrill IP Leak Test Check to see if your real IP is being leaked via your VPN.

Wigle Wireless Network Map Find your wireless network on a public map. Look at a close road and not directly at your home on the map.

Qualys SSL Labs test your sites SSL cert.

Qualys BrowserCheck Qualys BrowserCheck will perform a security analysis of your browsers and plugins, and will run several system checks.

Reputation Testing

ipqualityscore.com Quickly perform domain reputation checks to identify domains being used for abusive behavior. Examples include phishing, malware, hosting email addresses used for fake account creation and chargebacks, and similar types of malicious behavior.

Speed Testing

Is your VPN causing you to lose internet speed? Try some of these tests to see.Network Speed Test by speedtest.netNetwork Speed Test by Google

Tools of the trade

USB Flash Drive Recovery Software to Undelete Files

Great Firewall of China Testing – Websites are censored in China at the behest of the government and the ruling Communist Party. Any websites or apps that undermine Party rule, or have the potential to, are typically blocked. This consists largely of western news media, social networks, and sites built on user-generated content. Other content deemed vulgar, pornographic, paranormal, obscene, or violent is also blocked. Some western websites, apps, and services are blocked in order to prevent competition with domestic, homegrown alternatives.

All Things Mac

How to free up storage space on your Mac

Turn Your Windows Share Into A Time Machine Backup
0

LCC Litecoincash Fork

L

It’s time for another fork? It appears that LCC will be participating in a 4 way fork. LCC, BTC, DASH & DOGE holders will be getting some free RNG (Ring) .

To participate you will need to have your LCC coins in a LCC Core Wallet or LCC Magnum Wallet. They will be taking a snapshot on Feb 18, 2020. Make sure you have your LCC in one of those 2 wallets before that date. Why a Core or Magnum wallet? It appears that you will need to expose your private key to get the new coin. It’s very similar to how LCC was forked from LTC. For anyone who has your LCC still in your ledger wallet in the form of the forked LTC, it might be time to get your coins.

Below are the claim amounts for Ring

1 RNG = 1 BTC

1 RNG = 5000 LCC

DASH = The claim ratio of Dash will be derived from the exchange value against Bitcoin at the time of the snapshot.

DOGE = The claim ratio of Doge will be derived from the exchange value against Bitcoin at the time of the snapshot.

Secret Bonus = who knows….

More information can be found here: 
0

DTA Token Swap

D

Please see the Adding DTA to Klaytn Wallet page on how to add the DTA token to the Klaytn Wallet.

Attention: Please be careful when you transfer your DTA from one exchange to another. Now that Bittrex and Upbit have complete their DTA token swap, they only have DTA(Native). Other exchanges still have DTA(ERC20). Do NOT transfer DTA(ERC20) to Bittrex or Upbit you will lose anything transfered.

December 12, 2019 UPDATE: From DTA – “We are planning other ways such as another DTA token swap and staking program in the near future, just like the last one we have launched in Antube. Users can participate by staking DTA(ERC20) and they will get back DTA(Native) after the program ends.”

December 9, 2019 Huobi.com and Hbus.com are closing down on December 15, 2019. There will be no DTA swaps taking place on Huobi. No US exchange has yet to be announced.

November 24, 2019 Please see the Adding DTA to Klaytn Wallet page on how to add the DTA token to the Klaytn Wallet.

November 19, 2019 – Upbit will start DTA token swap on Korean time November 21th 2:00 pm. During token swap, withdrawal/deposit is suspended, however, the trade of DTA will be unaffected. Within this period, users who hold DTA(ERC20) on Upbit will automatically complete DTA token swap, and their DTA(ERC20) will be converted to DTA(Native), which is based on DATA’s strategic partner Korean’s No.1 mobile company Kakao’s Klaytn mainnet. Learn more about it: 

November 13, 2019 – DTA Token Swap Announcement on Medium After DATA has switched to Klaytn mainnet, the first exchange DTA token swap will launch on Bittrex global.bittrex.com

Users can transfer DTA (Native) to the following wallet: Kakao Klaytn Web Wallet 

DO NOT USE BITTRIX – I recieved this from Bittrix today “The swap is currently underway and the wallet is closed at this time. This is a one time swap and we will not be performing the swap a second time. Please do not deposit your DTA (ERC20) as this will be considered a cross-chain and could potentially be unrecoverable.”

You might need this informaiton to pull DTA off of MEW or LedgerLive

DTA Contract on etherscan.ioContract address: 0x69b148395ce0015c13e36bffbad63f49ef874e03 18 decimals

*****************************

October 4, 2019They intend on working with some exchanges to make the token swap.Two announced exchanges for US citizens are Huobi.com, Hbus.com. Exchanges external to USA are Huobi Global & Huobi Korea. At this time, only China residents and US residents in qualified states can register on HBUS. They do not currently provide services to US persons who reside in Alabama, Arizona, Connecticut, Georgia, Louisiana, New York, North Carolina, Hawaii, Vermont, Washington, and all U.S. Territories. If anyone resides in one of these areas and doesn’t have a VPN, you can contact me and I could let you use a 1 time VPN to set up your account. You will need to Verify your account to Level 1 to do anything but browse.
0

Browsers

B

I know we all don’t have a lot of time to read and digest the information. I have put this document together to help skip to the good stuff. I’ve added a few tips of my own with the browsers that I’ve used. If you want all the information, please consider reading the entire article found at

The article above recommends the Tor browser. However, there is mounting evidence that the Tor browser has been compromised and is no longer trustworthy. See Tor Browser below for more information.

You can test your current browser for WebRTC leaks and browser Fingerprinting by visiting

Recommended Browsers

Brave

Brave is a Chromium-based browser that is fast, secure, and privacy-focused by default with a built-in ad blocker. The main developer behind Brave is Brandon Eich, who formally worked for Mozilla. For out-of-the-box privacy and security, Brave is a decent option.

Brave is based on Chromium, with many privacy-abusing features/preferences stripped out. Brave does well with its default privacy settings and extra features. Here is a brief overview:

Blocks ads and trackers by defaultProtects against browser fingerprintingBuilt-in script blockerAutomatically upgrades to HTTPS (HTTPS
Everywhere)

WebRTC – It’s also worth noting that all Chromium-based browsers are vulnerable to the WebRTC leak issue, whereby your real IP address can be exposed, even if you are using a VPN service. While there are solutions to WebRTC leaks for all browsers, but with Chromium, you’ll need to block WebRTC because it cannot be completely disabled (such as with Firefox).

Keep in mind, however, that to effectively “block all fingerprinting” you will probably need to consider other factors as well – see the browser fingerprinting guide. You can read more about Brave’s privacy and security features here:

Did you think your identity was safe while using a VPN? Nope, you’re not. Reading through the 2 articles below will help you understand how to keep your identity from being leaked out without you knowing it.

What is a WebRTC leak?

What is Browser Fingerprinting:

One quick tip on using Brave. Some sites break when you leave the Shields Up option that Brave leaves on by default. A quick shields down will fix the issue.

How to configure your Brave browser to protect and secure.

Firefox

Firefox is a great all-around browser for privacy and
security. It offers strong privacy protection features, customization options,
excellent security, and regular updates with an active development team. The
newest version of Firefox, Firefox Quantum, is fast and light-weight with many
customization options.

Out of the box, Firefox is not the best for privacy, but it can be customized and hardened, as explained in my Firefox privacy modifications guide . Be sure to disable telemetry in Firefox, which is a feature that will collect “technical and interaction data” and also “install and run studies” within your browser.

NOT Recommended Browsers

Tor

Most people think Tor is the ultimate for online anonymity.
I hate to break the news to you, but that’s not the case anymore. Here’s why.

According to Roger Dingledine (Tor co-founder) and other key
Tor developers, getting people (outside the US government) to widely adopt Tor
is very important for the US government’s ability to use Tor for its own
purposes. In this goal, they have largely succeeded with Tor being widely
promoted in various privacy circles.

Here are some surprising truths about Tor.

Tor is compromised and not anonymous. Governments can de-anonymize Tor users is another well-known fact that Tor promoters are ignoring.

Washington Post Article –

“Since 2006, according to a 49-page research paper titled simply “Tor,” the agency has worked on several methods that, if successful, would allow the NSA to uncloak anonymous traffic on a “wide scale” — effectively by watching communications as they enter and exit the Tor system, rather than trying to follow them inside. One type of attack, for example, would identify users by minute differences in the clock times on their computers.”Washington Post

Tor developers are cooperating with US government agencies. Some Tor users may be surprised to know the extent to which Tor developers are working directly with US government agencies. The journalist, Yasha Levine, was able to clarify this cooperation through FOIA requests, which revealed many interesting exchanges. There was an email correspondence in which Roger Dingledine discusses cooperation with the DOJ (Department of Justice) and FBI (Federal Bureau of Investigation), while also referencing “backdoors” being installed.

No warrants are necessary to spy on Tor users.

“The U.S. Federal Bureau of Investigation (FBI) can still spy on users who use the Tor browser to remain anonymous on the web. Senior U.S. District Court Judge Henry Coke Morgan, Jr. has ruled that the FBI does not need a warrant to hack into a U.S. citizen’s computer system. The ruling by the district judge relates to FBI sting called. Operation Pacifier, which targeted a child pornography site called PlayPen on the Dark web. The accused used Tor to access these websites. The federal agency, with the help of hacking tools on computers in Greece, Denmark, Chile and the U.S., was able to catch 1,500 pedophiles during the operation.”

Tor was created by the US government for a reason. Roger Dingledine, co-founder of Tor in a 2004 speech.

“I forgot to mention earlier, probably something that will make you look at me in a new light. I contract for the United States Government to build anonymity technology for them and deploy it. They don’t think of it as anonymity technology, though we use that term. They think of it as security technology. They need these technologies so that they can research people they’re interested in, so that they can have anonymous tip lines, so that they can buy things from people without other countries figuring out what they are buying, how much they are buying and where it is going, that sort of thing.”Roger Dingledine

Tor is funded by the US government. Financial data showed that Tor wasn’t the indie-grassroots anti-state org that it claimed to be. It was a military contractor. It even had its own official military contractor reference number from the government.

US Agency for Global Media (spun off from CIA) – $6.1 millionState Department – $3.3 millionThe Pentagon – $2.2 million (2011 through 2013)

Safari

Safari is the default browser for Mac
OS and iOS devices. Overall, Safari is not a horrible choice in terms of privacy
and tracking protection – but it also cannot be recommended for a few reasons:

Apple is a partner in the NSA PRISM program: (surveillance_program)

Apple was caught “hoarding” Safari browsing history – even after it was deleted

Apple was found to be collecting Safari history even when used in private mode.

On a positive note, however, Apple
does somewhat better with privacy than other large companies. The Safari
browser blocks third-party cookies by default and also implements cross-site
tracking protection.

Google Chrome

When it has the name Google in it, you know it has to be
gathering everything it can get its greedy little hands on. But if you run into
issues with other browsers, it’s a good backup to see if it’s a browser issue
or a site issue.

Google Chrome is a secure browser, but it also collects
quite a bit of data. While it remains the most popular browser on the market,
Chrome is not the best choice for privacy.

Microsoft Internet Explorer/Edge

Edge is a Microsoft product. Just like with Windows, it’s a good idea to avoid Microsoft products, including Internet Explorer, and their newer browser, Edge. Internet Explorer and Edge are also closed-source, so there’s no telling what’s going on behind the scenes, and they’re also not the best for privacy reasons.

Opera Browser

Opera started off as a decent browser, developed in Norway.
However, in 2016 it was sold to a Chinese consortium for $600 million – and a
lot has changed. Opera’s privacy policy explains how your data is being
collected and shared when you use Opera products.

Epic Browser

Epic is a browser based on Chromium, created by “Hidden
Reflex” which is based in India. Since 2014, Epic has been claiming they would
open source the code, but it remains closed source today. What’s going on
behind the scenes? How do they manage Chromium and remove invasive code? Who
knows.

Just like with Opera, Epic falsely claims to offer a “free
VPN” through the browser, but this is not really true. The browser is merely
routing traffic through a US proxy server. As we learned with Opera (and with
many other “free proxy” services), proxies are frequently used for data
collection (and they are often not secure). Sure enough, when reading the
privacy policy, data from “video download and proxy services” is being collected.

One person who analyzed Epic found it to be connecting to
Google on startup. This means that Epic is not, in fact, de-googled as it
claims.
0

My VPN Thoughts

M

There are a ton of great articles out there about a VPN. I’m not going to try and compete with what they have to say. I think having a VPN is an important part to anyone’s online security. I have a VPN connected to each one of my running computers when I’m home or away from home. I use my VPN on my iPhone when I want semi-complete privacy. When I’m working out, my gym doesn’t need to know what music I stream, nor do they need to see I just made a transfer of fiat from one bank account to another. Those are my thoughts, but they don’t have to be yours.

At the end of my VPN rant, there are a few linked articles I’d recommend reading. They have some good information that you might find helpful.

I decided to go full time VPN after my local fiber provider was sold to a much bigger company. I had met the owner and knew his company was not mining my data and selling it. But I couldn’t say the same for our new fiber provider. AT&T, Xfinity, Cox, Frontier, HughesNet, etc, do collect and sell your data. Your data is just another revenue stream for them. I’m a private person and I expect my data to be mine and no one else’s.

I’ve had quite a few people ask me about who I’d recommend as a VPN provider. If you would have asked me a few months ago I would have said NordVPN. They have been great for years. I can’t say that anymore. Not that Nord has changed, or that they are a bad company. But a company doesn’t know what it doesn’t know. They didn’t realize that there was a back door into one of their servers. You can read from both angles below:

NordVPN confirms it was hacked

Why the NordVPN network is safe after a third-party provider breach

This fall I sat under the silver maple in my back yard. I pondered about life and technology. I came to the conclusion that if I wanted to be my own crypto exchange, be my own bank, I also needed to be serious about securing my own data. I decided to become my own VPN provider. Why would I want to be my own VPN provider? So I know exactly who is and who is not looking at my data.

Some of us understand Sutton’s Law. Why would someone rob a bank? Cause that’s where the money is. The same goes for VPN and Data. Someone uses a VPN to secure their data and keep it private. That’s not illegal, but some would like it to be. When you use a large VPN provider everyone knows where you’re coming from. There are companies that sell IP ranges of IP Proxies and VPN providers. Clause D made a statement in Telegram that struck a note with me. “I used VPN for a few years and now, NordVPN. But from what I know already I feel it’s almost pointless, and using a VPN might actually attract additional attention – like a honey pot.” – Clause D.

There are countless examples out there about Big Tech saying one thing publicly and doing another thing privately. I personally experienced these types of business practices and it became the norm. It’s what you had to do if you wanted to remain “part of the team”. The question is, can you trust what a company says. That’s for each one of us to decide on our own.

There is one more experience that has forever changed my view on power. I was working for a small company that its main focus was communication via the internet. A couple times a year we would be contacted by the Secret Service or FBI due to some type of threat made via our service. It became pretty routine. The law enforcement agency would call and tell me what they needed, I would ask for a subpoena, I would give them the information they wanted, I would get a copy of the subpoena and our deal was done. We felt the subpoena would cover us for handing over someone else’s private data to law enforcement. We felt we couldn’t be sued by our client or our client’s clients for the information we disclosed. This procedure morphed over the years. I got a call from an FBI agent, he informed me on what he needed, I asked for a subpoena, ect. Three days went by, no subpoena, I called. Four more days went by, still no subpoena, I finally got him on the phone. I asked him where the subpoena was, I was informed that they would no longer need to get a subpoena for me. That he just needed the Patriot Act. He told me to read it. I told him I wanted the subpoena he promised me. He told me to read the Patriot Act and he would email me the link. That was it, and the conversation was over.

The next time they asked for something, I told them I needed something first. That didn’t work either. Instead of a call, I had people knocking on my door. Lesson learned and noted.

These are my experiences that I can talk about. But what about the ones that no one can talk about? Have you ever heard of a Gag Order, a National Security Letter? If a company is hacked and your data is stolen, you legally need to be notified. But no so if it’s your own government. Secret F.B.I. Subpoenas Scoop Up Personal Data From Scores of Companies

So why my VPN rant?

** Update: I had this article 95% complete and was ready to make it public. However, Claus posted an article that I just had to read. It led me down hours worth of rabbit holing. After that read I’ve come to the conclusion that I won’t be renewing my NordVPN service. There were too many things I stumbled accross which left more questions than answers. You can go rabbit holing too if you want (see links below). You can also read how US Senators Demand Probe of Foreign VPNs Over Spying Risk . I don’t feel the need to turn this article more negative then it already is. This information is not to induce fear, but to educate so you can make your own decision based on knowledge. Don’t listen to me, don’t listen to a YouTuber, listen to your inner voice. I feel that always leads anyone on their best path.

These two three examples convinced me of the following:

I have distrust of Big Tech.I expect that my personal data will be shared if asked for by any law enforcement agency.I’m not sure I should trust my VPN provider. **

My Solution

So that’s why I’ve been running my own VPN servers for the last 6 months. I’m a small target, not a big one like NordVPN or other VPN provider. No one has a clue I’m running my own VPN.

I have a connection in the USA (one that I connect to 24x7x365). I have a connection in London. At this point I feel I’m covered in whatever I need to do. But time will tell, and I’ll let you know how it’s working out.

Helpful Articles

This article came to the same conclusion I had this summer –

What is a VPN –

Best VPN Services 2019 –

5 Eyes, 9 Eyes, & 14 Eyes Countries – What You NEED to Know –

Why you might be a moron – Humor Helps –

Rabbit Holing with NordVPN

There appears to be some good evidence on this site worth reading and verifying for yourself. This was my starting point.

Tesonet with the CEO named removed from the page. The letter has the same date.

Tesonet with the CEO named on from the page. The letter has the same date.

I investigated the NordVPN ordeal. Here is what I found. from VPNTorrents

ProtonVPN and Tesonet from ProtonVPN

Wyoming Secretary of State CloudVPN, Inc.

Who really owns NordVPN? – Tefincom S.A., according to my NordVPN receipt.

Tefincom S.A. owns NordVPN. Alina Gatsaniuk ( Linkedin Page ) is the Director & Secretary. She is also the Director & Secretary for 5 other companies. Her mail.ru page shows she is 32yrs old and lives in Kiev, Ukraine and not Panama. To get an idea of what some companies registered in Panama are designed for, watch The Laundromat on Netflix.

It’s pretty easy to state that Tefincom S.A. in a Panamanian shell company. My latest invoice (2019) from NordVPN stated they were in Nicosia, Cyprus. If they have a shell company in Panama, but offices in Cyprus, what jurisdiction would they really fall under?

Everyone Loves Images In a Webpage

This gives you a visual idea of how a VPN might help protect you.

0

Password Managers

P

According to Verizon’s 2017 Data Breach Investigation report, 81% of data breaches are caused by poor credential management. Account breaches can happen when using weak passwords or reusing old passwords/sharing passwords across accounts. A password manager simplifies your online life by remembering your passwords for you and alleviating these poor habits. It will help to manage your logins, it’s easy to have a strong, unique password for every online account and improve your online security.

What is a password manager?

A password manager is a software application that stores, retrieves, and manages complex passwords, storing them in an encrypted format. Password managers store login information and automatically enters them to log you into your online accounts.

Why use a password manager?

A password manager makes your internet experience easier and safer. With a password manager to manage your logins, it’s easy to have a strong, unique password for every online account and improve your online security. It stores login information of various accounts and automatically enters them into web forms to save you time. This helps prevent:

The need to remember multiple passwords.Poor password behavior such as low complexity or one repeated password for multiple sites.Attacks like keystroke logging.

Why not use your browser to store passwords?

Most modern browsers offer a rudimentary password manager. This is the option that Chrome or Firefox might give you when you enter your credentials into a website. This is an easy option but is very limited in its functionality and security level.

The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven’t left much time for improving their password manager. For instance, most of them won’t generate strong passwords for you, leaving you right back at “123456.” Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security.

Why my choice is LastPass

Most modern browsers offer a rudimentary password manager. This is the option that Chrome or Firefox might give you when you enter your credentials into a website. This is an easy option but is very limited in its functionality and security level.

One master password is all you need to remember to access all of your accounts! Just don’t forget that password. LastPass does not store your password anywhere so you’ll be 100% responsible to keep your password safe.

You can bring your passwords with you to any platform: web, desktop, and mobile. Compatible with every major OS: Windows, Mac, and Linux. LastPass even has a command line application. The passwords on one platform sync in real time on every other platform. This means, for example, if you change a password for a webpage on your web browser, it will automatically update the password on your tablet and mobile LastPass account.

LastPass is secure. The latest algorithms (AES-256, PBKDF2 SHA-256, and salted hashes) are used to encrypt passwords. LastPass never sees your passwords in plaintext and your master password never leaves your machine.

Your passwords are encrypted and decrypted at the device level. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass. This means even if your LastPass data is intercepted or compromised, your passwords are still safe. LastPass employs a ‘zero-knowledge’ model: all sensitive data is encrypted locally at your device with a key that is never transmitted to the host (LastPass). As such, even under government subpoena, LastPass could only turn over an encrypted blob with no key. This serves to protect your data from internal and external threats alike. This is why it is not guaranteed that your account will be recoverable if your Master Password is lost.

Additionally, adding a 2FA software or hardware solution will provides an extra layer of security for your LastPass account. I personally have implemented a YubiKey hardware key. My secondary choice is a Google 2FA software solution. You can find out more information about the 2FA solutions later in the “Securing With 2FA” section.

Compatible 2FA Software

Compatible 2FA Hardware

LastPass has support for various fingerprint readers, including Windows Biometric Framework, as a Premium feature. Once enabled, you can use the Fingerprint reader to login to the LastPass browser extension, rather than having to enter the Master Password. This includes Master Password re-prompts as well.

Change a site’s password with a single-click. LastPass’s Auto-Password Change currently supports 75 of the most popular websites. Learn more about generating a password.

LastPass helps you make better passwords with their Password Generator. The generator can be adjusted for length, types of characters, readability, pronounceability, and other options.

Password Generator

What information do I store in LastPass?

Besides storing passwords, I’ve learned to store many critical documents. I use it to store a scannable library card, driver’s license, passport, credit card numbers, birth certificates, etc.

How much is LastPass?

Besides storing passwords, I’ve learned to store many critical documents. I use it to store a scannable library card, driver’s license, passport, credit card numbers, birth certificates, etc.

They have free and paid versions. If I’m using something like LastPass every day (I use it multiple times a day) I always try to support software companies using their paid versions. It promotes further development and you typically get a better version of the software. Using the family version allows you to share login information with other family members very easily. When you share information with family members, you can show or block the password for that site.

If you like my work and want to support further published docs, please consider using my affiliate link for LastPass: 

A great article by Freedom Of The Press Foundation Choosing a password manager

LastPass (official) Video Tutorials: 

YouTube Video Tutorial for LastPass 

+1

Adding DTA to Klaytn Wallet

A

After you do your native DTA token swap at any of the exchanges, you will need to move your DTA (native) to one of the online wallets. This will focus on getting into the Klaytn Wallet. You can create your own Klaytn wallet by visiting . Setting up a wallet is easy. Just follow the simple online creation tool. After you have your wallet established, you will need some extra information to show you DTA (native) in the klaytn wallet. It’s a similar process of adding an ERC20 token in MEW.

Please refer to the DTA Token Swap page for more information on the native token swap.

You will need this information to Add the DTA (native) token to the Klaytn Wallet.

Token Symbol – DTAToken Contract Address – 0x8177ac20455f31d8cb777923f0c632436568c719Decimals – 18

DTA (DATA) put out a comprehensive Kakao Klaytn Wallet User Guide
0

Recent Posts

Recent Comments