As the Web3 ecosystem continues to grow, so does the threat of crypto scams.
Recently in the news, the Australian Securities and Investments Commission (ASIC) reported having uncovered and shut down over 600 cryptocurrency investment scams in just one year, highlighting the increasing sophistication and prevalence of these threats. Even more concerning is the fact that the 600+ operations that were shut down comprises a mere 9% of the 7000+ total phishing and scam investment websites identified.
These somewhat alarming statistics are part of a broader trend where scammers exploit new technologies like artificial intelligence to deceive unsuspecting investors.
The Anatomy of a Modern Crypto Scam
Cryptocurrency scams today are not just about tricking individuals into sending funds to a fraudulent address. They have evolved into complex schemes, keeping up with the growth of the typical Web3 user. Todayâs scams often involve fake investment websites, phishing attacks to steal personal data, false promises of AI-powered trading systems that guarantee unrealistically high returns or falsely claimed international regulation. ASIC’s crackdown on these operations is a clear indication that the landscape of financial crime is adapting quickly to the innovations within the Web3 space.
The Role of AI in Amplifying the Scam Threat
One of the most concerning developments is the use of AI by scammers. While these emerging technologies are beneficial in many aspects, they can also provide tools for criminals to automate and enhance their scams, sometimes multiplying the potential damage. This can include creating convincing fake identities, automating phishing attacks and even generating fraudulent financial reports that appear entirely legitimate to the untrained eye.
As the Gala ecosystem continues to advocate for decentralized technology and the empowerment it offers, itâs crucial that our community remains vigilant against these emerging threats. Awareness is the gateway to knowledge, and knowledge is power and safety in this new Web3 world.
ASICâs Efforts: A Wake-Up Call for the Global Crypto Community
ASIC’s successful takedown of 615 crypto investment scams serves as both a warning and a call to action for the global Web3 community. With Australians losing an estimated A$1.3 billion to these scams in the last year alone, the scale of the issue is undeniable. This is not just a problem for regulators but for every participant in the Web3 space, including those within the Gala community.
GalaChainâs Commitment to Security and Education
At Gala, we are committed to creating a safe and secure environment for all our users. GalaChain, our purpose-built Layer 1 blockchain, is designed with security at its core. Our ecosystem includes robust measures to protect against malicious activities and ensure that users can engage with Web3 technology safely. However, technology alone is not enough. Ongoing self education and awareness are key to avoiding and preventing scams.
We encourage our community to stay informed about the latest threats and to always verify the legitimacy of any opportunities in the Web3 space. Remember, if something sounds too good to be true, it probably is.
Building a Safer Web3 Future Together
The fight against crypto scams is a collective effort. As we continue to build and expand the Gala ecosystem, we must all remain vigilant and proactive in protecting ourselves and each other. By fostering a well-informed and cautious community, we can mitigate the risks and continue to enjoy the benefits of decentralized technology without falling victim to fraudulent schemes.
Imagine that you were a scammer trying to target a particular group of people⌠letâs say people who like to spend their days at the lake relaxing with a fishing pole hanging in the water. Who knows why â maybe you are trying to sell counterfeit lures? Coordinate putting out some AI-enabled fishing rod thatâs collecting fingerprint data while they laze their days away? Motivations are rather inconsequential for this example.
You could pay for a big list of dark web data, but you could also just insert yourself into that community. You can hop on message boards, join chat groups, heck you could even go hang around local bait shops. Before long, youâve got a lot of useful demographic data on people that are part of that group. Maybe all you have is some emails and IP addresses⌠but thatâs enough to start refining your list and getting more information.
The same is true with Discord. The Gala community is a great place for the latest news and robust conversation about every aspect of the Gala Ecosystem. The popularity and richness of social connections that are forged on our Discord server or Telegram channel, however, also make them a popular destination for another type â scammers. Itâs important to know and understand the tactics of these digital miscreants to keep your digital assets safe while still participating in any digital community.
Welcome to the 8th installment of The Guardian Papers, where we try to impart the wisdom that everyone should have to start a successful journey through the world of digital ownership. The blockchain world is still in its infancy. We here at Gala believe that empowering each and any member of our community makes us stronger as a whole.
Miss an issue of the Guardian Papers!? Check out past editions below!
It is our hope that this series has and will continue to present foundational information that will not only provide a base understanding of how to keep your blockchain footprint secure, but will also help inform your journey through this digital adventure so you can ask better questions, do better research, and make better decisions to help guard your entire community.
The Dark Side of Community
Discord was originally made for gamers. As the scope of the platform has grown to include countless massively popular communities, however, it has also attracted the riffraff that stalks digital space for the opportunity to steal from the unwitting. Because Discord servers categorize people into common interests, itâs easy for scammers to get inside groups and represent themselves as just another member â or even an authority figure â within that community.
The same is true for Telegram or other messaging apps where people commonly gather in like-minded groups. In these spaces, the community itself has already done the work to compile victims for all the villains in the cryptoshadows. Communities are welcoming because thatâs the point of community. By simply being in these groups, however, youâve done part of the scammers research for them⌠they know that you are part of their target audience.
Make sure you customize your privacy settings in Telegram⌠or else youâre about to get a whole hornetâs nest of attention from all the wrong people!
Community messaging apps like Telegram and Discord are third-party platforms that are utilized by Gala, but these can have their own security issues that are simply beyond any communityâs ability to control. The scammers thoroughly know the shortcomings of these apps, and can exploit them to attempt to scam thousands of members of a community within minutes. Even one success will show them this pond is well-stocked with easy catches for their future fishing endeavors.
Any community where the digital villains see opportunity isnât going to get rid of them without a fight, however. We can only turn the tide against the scammers by making sure that each and every one of us is ready to defend against them.
Don’t forget to customize your exceptions as well! By default, any member of Telegram’s premium subscription can contact you regardless of your settings đą
Donât forget to customize your exceptions as well! By default, any member of Telegramâs premium subscription can contact you regardless of your settings! đą
How Scammers Prey on Communities
Itâs hard to build and feel community if youâre always suspicious of your neighbors. The scammers are counting on this, because thatâs not how defenses work. When you perceive yourself as âamong friendsâ your defenses naturally go down. You want to be helpful â after all, thatâs what building community is all about.
Thatâs why theyâre here. Community is a group trust that we build up over time with likeminded people. We canât simply turn it off and on. Itâs not like we recognize every member of the community, we just recognize that they are part of the community.
Weâve discussed impersonation before, so youâre all very well aware that there are people out there who will pretend to be Gala customers or community support. You need to stay vigilant for these types of things⌠these apps are where the scammers find their marks.
This isnât to say that community itself is bad. In fact, itâs very very good. Community standards and best practices are how we combat these scammers. Building a community is too important to let scammers stop us. We have to build a better community to make it outlast the villains.
Trust is Earned
Just because someone is part of your community does not mean theyâve earned trust, and itâs not an insult to tell them so. Caution is admirable⌠and part of the point of web3 is to establish systems that donât rely on trust.
First off, please adjust your privacy settings on Telegram, WhatsApp, Discord or similar apps if you have not. In Telegram, for instance, you can be contacted by anyone by default. If you donât change that itâs only a matter of time before you are getting blown up with spam and scams. Similarly WhatsApp will show your personal phone number to anyone who comes looking if you donât change the security settings⌠make sure to get this done or youâre wide open to an attack from a crytpovillain.
Even on Discord you can customize your security settings to control who can reach out to you. As weâve discussed before, donât trust a display name⌠that can be easily changed. Put people you trust on your friends list. Consider changing your settings so friends can message you. That way any new friend requests are where you know you need to be vigilant, and anyone on your friends list has already been vetted.
Trust, but verify
-Old Russian proverb
Donât trust these security measures to be the end all be all of your defenses, however! People can get hacked or lose access to their accounts. Sometimes the attack could come from someone you know⌠albeit not them actually sitting in front of their keyboard.
Community Strong
With so many threats among communities you trust, the fight against bad actors in digital spaces can seem hopeless. Fortunately, community is also the cure to this malady.
âŹď¸ Not a great way to seek help from the community. Not only does anyone watching now know this userâs needs, but also their urgency. I bet their DMs blew up.
⏠ď¸This is a great way to utilize the knowledge of the community. Tons of eyes can get on the deceptive scam attempt right away to verify if itâs legitimate or not. HINT: This one was not legitimate.
No one person can be entirely vigilant all the time. We get tired. We get distracted. Our guard comes down for a moment here and there⌠and thatâs when attacks happen. Talk to your community. Educate each other and call out the tactics that scammers are using so that everyone can learn to avoid them. Alone an attack is inevitable. Together weâre strong.
If you see something sus, reach out! Ask the community you trust whether you should be engaging. Donât be embarrassed. A simple question could save you a lot of hassle.
Guarding Each Other
When we work together, the community really shows its strength. Those who seek to exploit communities of common interests in the web3 space are counting on us not following through with our commitment to a solid community. If a victim doesnât use the community resources at their disposal to help themselves, what can a community do to help?
Thatâs why itâs so important to share tips and educate fellow community members about security culture. If we all get a little better at spotting bad actors, weâll all be a little less likely to get scammed. If we all get a little better and share a little more of that culture with each other, weâll be exponentially more protected from those who seek to do us harm.
Thatâll do it for this weekâs Guardian Papers, but weâll be back! Next time, weâll be breaking down multi-factor identification and how it can help protect your digital sovereignty in this new age.
Stay safe Galaxians⌠and always have your shield ready!
In our continuous effort to enhance the security of GalaChain, we are implementing a significant security upgrade to the GalaSwap API that will require action from users of the API. If youâre using the GalaSwap API, we appreciate your cooperation in this process to ensure that your integration continues to operate correctly.
Security Upgrade Overview
This update focuses on enhancing the security of API operations by standardizing the signature process. Moving forward, GalaChain will only accept one specific signature out of the two possible valid signatures for any given operation. As a result, API users must update their signing code to generate the newly accepted signature. Failure to do so will cause approximately half of your signed requests to the GalaSwap API to fail with an error message such as “S value is too high.”
Required Actions
Review and Update Request Signing: Please consult the updated Request Signing section of the GalaSwap API documentation. Ensure that your signatures are normalized according to the new guidelines provided in the example code.
Update Your Code Before August 1, 2024: It is critical to update your code to comply with the new signature requirements before the deadline. This includes users of Galaâs open-source bot, who should pull the latest version of the botâs code. If you interact with third-party services using the GalaSwap API, consult the operators of those services to confirm they are also prepared for this change.
Why This Matters
This proactive security improvement is not a response to any current vulnerabilities but a strategic enhancement to our security protocols. For more information on the technical details and the importance of this update, refer to this informative article on Signature Malleability.Thanks for your prompt attention and support for this important update. Ensuring the security and integrity of GalaChain remains our top priority, and we appreciate your cooperation in achieving this goal. If you have any questions or need further assistance, please reach out to Gala Support.
You sit down at the breakfast table with your coffee. As the yawns squeeze out of you and you wipe the sleep from your eyes, you pull out your phone to catch up on your emails.
Just routine stuff⌠spam, spam, free offer, Amazon invoice â wait, whatâs this? Your cuteandreallycuddlyfluffypuppies.com account has been compromised and needs your immediate attention! đą You click the link to reset your password, glad you caught this email before it was too late.
You follow the prompts on the next screen and fill out your new password⌠little do you know, your cuteandreallycuddlyfluffypuppies.com account has been compromised. By you. Right now. That was a fake link from a fake address, and they got exactly what they wanted out of you!
Sound familiar? This is one of the most common tales of how scammers find their way into someoneâs defenses. As digital security continues to improve, there is still one glaring vulnerability to even the best system â the human behind it!
Welcome back to The Guardian Papers, where digital heroes can get the base training they need to thwart villainsâ underhanded attacks against them across the web3 world.
Email is often where scammers have a chance at getting directly to you. One miscalculation or momentary lapse of attention to detail could cause you a lot of hassle, so youâve got to know how to keep yourself safe.
Miss a previous edition of The Guardian Papers? Catch up below!
First off, we definitely donât want to imply that email is inherently insecure â many email providers have excellent security protocols put in place, and there are tons of tools out there for anyone who wants to beef up the actual protections in their email. The problem with email security is the person behind the keyboard⌠and itâs a vulnerability that isnât going away.
Your email is a direct line to you. No matter your security infrastructure, if youâre getting a scammerâs email in front of you, youâre probably going to read the words they wrote. This direct access is the dream of all those fake Discord admins and help desks. They want that direct line so they can exploit your trust⌠because your security systems work for you. If they convince you, your security isnât an issue.
For most people, email is the height of routine. When you are checking emails, youâre performing the same ritual youâve done thousands of times. You may have many email accounts, only adding to the volume and frequency of your email checking ritual. When you do something day in and day out, over and over, you eventually become less attentive to the process overall.
As something becomes part of your routine, you eventually sort of automate it in your mind. How many things do you automatically do throughout the day without any real conscious thought? Itâs the same for email. While the part of your brain that reads and parses the information in the emails may be present, other parts of your mind have moved on to other tasks.
This leads to some easy wins for scammers that would never work on your while at full attention.
How Did They Find Me!?
Honestly, how wouldnât they find you? Itâs important to remember that our data is everywhere, and we donât typically consider email addresses private data. If itâs ever been out there, itâs still out there probably.
Letâs say Billy has a private, personal email address that he typically only shares with family and close friends, then he has another that he uses for work. Billyâs dad is fond of forwarding emails on occasion, and so drops a long chain email forward into Billyâs inbox once in a while. Billyâs friend Sally CCs him into a monthly newsletter that she sends out for their Karaoke Club. One day, Billy starts seeing large amounts of spam coming into his personal email account! đ¨
What happened? Well you see, Tyrone from Karaoke Club was trying to get his friend Trevor to come to last monthâs championship, so he forwarded him the newsletter. Trevorâs email account was compromised and the inbox contained Tyroneâs address, along with the CCd address of every other member of Karaoke club. Welcome to a list, Billy.
Letâs be honest though, itâs probably not the first time Billy has gotten scam emails at that address. He used to have it visible in his Facebook about section for years, and itâs still listed on an ancient and forgotten DeviantArt portfolio along with his real name. Also, heâs had this account for a long time and emailed lots of people. Each of those is a chain that connects to his email address. If any one link is discovered by the bad guys, the whole chain is in the open.
After that they can do a surprising amount to learn your behaviors. With a full-feature email service, they can theoretically tell exactly when you open the email, your operating system, your geolocation⌠all sorts of stuff that isnât exactly secret, but gives you the shivers that they could know. Once they have this, itâs not hard to generalize demographics and predict who would be receptive to what scams.
Wolves Dressed as Sheep
Many of the ways people will attack you through your email fall right in line with our previous discussion about The Impersonator. In your email they know they have you in a format that youâre likely to overlook small details. If they know they can get past your spam filter, then they know thereâs a good chance that youâll at least click on their email.
Theyâll try to mimic emails that you are likely to be receiving. There are lots of ways they could get an idea about what email lists you may be on, and not all of them are data breaches. A tracker in your browser could be feeding info about your behavior without necessarily doing anything nefarious to be flagged as malware by your safeguards.
Remember, legitimate businesses and individuals assign cookies and trackers all the time without any ill intent. We all click âAccept All Cookiesâ once in a while. Even if thereâs just a .01% chance that any of those you click on has something harmful coming across, itâs just a matter of time.
Also consider that people are quite predictable with a large enough sample size. For every well-timed scam email youâve ever received that seemed like they must be actually watching you, youâve probably received two dozen weird ones that seemed to come out of left field. Itâs just a numbers game. Theyâll get it right sometimes.
If theyâve identified your email and the most likely services and addresses that can trick you, itâs only a matter of seeing what they can slide by.
In the case of this above example, the fake may seem obvious. After all, weâre here stretching our brains and thinking about scammers, but when someone comes across this email they may be distracted or in a hurry. Then, they could feel panicked that their MetaMask wallet has been compromised.
Notice that they color the email to draw the eyes directly to what they want you to see. The large notice at the top, and the button to âupdate nowâ. While we didnât click that link, a quick mouseover revealed the target to be a proxy site, with a slug pointing to a long string of characters for a dAPP command. This link almost surely goes to a fake service site where you will be immediately asked to connect your wallet.
Oh, and also ââMŇ˝taMaskâ? Thatâs not an E. Thatâs an Abkhazian Che, a Cyrillic character that is entirely different from the latin âeâ. If youâre not paying close attention though⌠it may be enough to not get them flagged for impersonation, while your eyes simply autocorrect that to âMetaMaskâ.
Also, check out that XM over there. Thatâs called a BIMI or Brand Indicator for Message Identification. These are verified trademark spaces, so a brand can submit a BIMI that wonât be copied anywhere else. This is a relatively new system that only works with some email providers, so you may notice a difference between impersonators and the emails theyâre impersonating based on their mark. This isnât always the case though, as some brands have not yet adopted BIMI⌠our emails here at Gala, for instance, do not ever use a BIMI.
That verification check mark doesnât mean anything, itâs just part of the display name â like we saw with fake help admins in our imposter profile.
The dead giveaway is the return email though. Even half redacted, it should be pretty easy to tell thatâs not from MetaMask. Why would MetaMask not send emails from their domain that users know and trust?
Straight to the Source
The important part here is that your email usually has your attention. If they can slide into your inbox, half their work is done. If they send out 10000 emails, what do you suppose the chances are that no one is careless enough to click without thinking?
Thatâs the end goal for these scammers. They know that most people in the digital world are protected in some way from bad actors, but they also know that you hold the keys to your security mechanisms. The best defenses in the world donât mean much if you willingly click to their site and give them your information.
This is why The Guardian Papers are here. These scammers know that there is always someone to prey on because people arenât informed. If we all know what to look for, the fruit theyâre looking for gets waaaaay higher in the tree. Maybe theyâll just go find another tree to climb.
Digital Guardians
No one is going to ensure your security on the web. You have to take matters into your own hands and change behaviors if you want to be safe. While it may seem overwhelming to think of all the ways the bad guys can get to you, itâs really not that hard. If you learn the ways that they come at you, before long itâll be easy to spot the attackers long before they breach your walls.
We learn. We teach. If everyone is equipped to deal with them, digital villains donât stand a chance.
Thatâll do it for this weekâs Guardian Papers! Weâll be back though as we dive into common ways people use Discord and other messaging apps to prey on the unaware!
Imagine that you own a castle. As a proud owner of such an impressive, shiny fortress, youâve likely got defenses â a sturdy wall and a heavy gate to protect your valuables. When an advancing army approaches, however, you donât necessarily want them to test that security. You wouldnât even lower the drawbridge!
Your passwords function the same way and are your first line of defense to keep bad guys from ever even getting a foothold near your digital hoard.
Welcome to the 6th installment of The Guardian Papers, where we walk you through how you can protect yourself from the digital miscreants who seek to steal, cheat, and otherwise destabilize our beloved community.
As the blockchain revolution continues to provide opportunities for people all over the world, those who lurk in the shadows are always eager to prey on the unaware. It is our goal with this series to educate and empower our community to resist and repel the monsters who hide out there in the digital darkness, so that we all can be safe, secure and more prosperous as we build a better future together.
Miss an issue of The Guardian Papers? Catch up below!
In the next few articles, weâll be talking about security fundamentals that apply to all aspects of digital defense. Weâll rotate back to the Gala community specifically soon, but for now these are fundamentals that everyone should learn, and that are often highly exploited in the blockchain world.
What Makes a Password Secure?
Nearly everybody has countless passwords across their digital profile, so youâd think that creating secure passwords is a skill that everybody just picks up early on in life. Unfortunately, despite most people knowing better, many people are still using incredibly unsafe practices with their passwords that can leave your digital assets vulnerable to the bandits of the blockchain frontier.
Increases in technology bring many extra tools to help keep your assets secure, but also give your enemies more sophisticated weaponry to use against you, which makes it more critical than ever to use strong and secure passwords throughout your entire online ecosystem.
Length and Variety
Different platforms have differing minimum criteria for the length and character variety of passwords, and itâs never a bad idea to go overboard. With current computing power, a cybervillain could potentially attempt billions of passwords per second. While this may be limited somewhat by network security features on some platforms, longer and more varied passwords mean more combinations will be required to guess yours.
If you were using a 7-digit password that consisted only of numbers, that password would have 10 million possible combinations (0000000-9999999). Take that same 7-digit password and include capital and lowercase letters as wellâ now you have 62 possible characters per digit. This would increase the possible combinations of correct answers to a little over 3.5 trillion, still with only 7 characters in the password.
Uniqueness
Not only do you want your passwords to be unique for each of your accounts, but ideally you want them to not be a combination of characters that no one else would have ever thought of in their wildest dreams. Including dictionary words or common mnemonics like a year could leave you vulnerable to hackers looking for low hanging fruit.
Your password shouldnât be something familiar or easy to rememberâ the entire point is to make it something that only you know.
This may seem like common sense to many digital veterans, but repeatedly data breaches have shown that things like âpasswordâ, â123456â and âqwertyâ are the most commonly used passwords throughout the world. Using any common phrases in your passwords makes you the nice, soft target that the enemies of digital sovereignty are after.
Fun Fact: According to a study last year by NordPass, here are the top 10 passwords used worldwide:
1. 123456
2. admin
3. 12345678
4. 123456789
5. 1234
6. 12345
7. password
8. 123
9. Aa123456
10. 1234567890
Donât be like these people. Make your passwords secure.
Anonymity
If someone is going to try to penetrate your personal passwords, the best place to start is often for them to know their enemyâ you! If personal information that they can glean from public records or social media gives them insight into what your passwords may be, they may be able to breach all of your security before you even see them coming.
Using your birth year, your petsâ names, your childrenâs names or anything simple to guess with just a little information about you is incredibly unwise. Especially if you use similar mnemonics on all your passwords, one glance at your Instagram profile may have given a hacker all they need to clean out your digital hoards.
Common Password Vulnerabilities
Constructing strong and secure passwords certainly helps keep your defenses high. Secure passwords can still have vulnerabilities, however, and itâs extremely important to know all the angles that your password security could potentially be attacked from.
The Human Element
While many insecure passwords are often âbrute forcedâ by miscreants with a program that can guess combination after combination, some are obtained through phishing attempts as weâve discussed in our previous Guardian Papers profiling the common scams in the blockchain world. This is never to be taken lightly, as criminals will continue to develop new ways to trick your information out of you.
Your passwords are yours, and should never be shared. Even here at Gala, weâll never ask for your password or keysâ anyone who does is up to no good.
Even if you have excellent security and top-notch passwords, one error in judgment can still be exploited to ransack your digital fortress. There is no reason to share personal data or password information with anyone over email, Discord or any social media.
The scammers multiply because their methods get results. This is why itâs absolutely critical that the community here at Gala and throughout the entire blockchain frontier helps educate and empower their fellow digital pioneers. Once every member of the blockchain world is familiar with and prepared to fight off these attacks, these monsterâs food source will dry up.
Even the best password hygiene is no substitute for caution when connecting to unknown networks!
Data Breaches
As massive data breaches have repeatedly shown in recent years, even secure information can be compromised and leaked when the defenses of organizations that you trust are compromised. If your passwords are stored with an organization who has been breached, you need to consider that password or any variation on it compromised forever. After a breach, that information is compiled in lists and distributed all over the dark side of the digital world, and information is forever.
In 2020, white hat hacking group FireEye identified a worldwide breach in the SolarWinds software. SolarWinds was a network management company with a global presence, and over 18,000 compromised clients were identified in the breach. FireEye noticed the breach quite by coincidence, but the systems had been compromised for more than a year.
This breach was later determined to be coordinated by the Russian Foreign Intelligence Service, and by leveraging the breached systems within SolarWinds for many months, they were likely able to access a significant portion of protected information across the entire global internet.
Read more about the breach from the US Government Accountability Office.
To limit your vulnerability to data breaches that are beyond your control, never use the same password on more than one account. If one of your accounts is compromised, the last thing you want is for that to just open the door to all your defenses. Changing your password frequently will help you stay ahead of any breaches that may happen.
Most importantly, donât trust your password information to entities when you donât have to. Always think critically about whether you really want to share sensitive information with organizations before you have a chance to regret it. Rather than having a device remember your sensitive passwords, store them offline whenever possibleâ an old fashioned paper and pencil is about as unhackable as you can get.
Password Managers and Single Sign On
Password managers and single sign on (SSO) can be a great way for people to securely protect their individual credentials without getting lost in the tangle of hundreds of secure and confusing passwords.
These tools crucially only work, however, if you use them securely. If you arenât going to follow good security practices without a password manager, then putting all your credentials into one could just be shoving your eggs all in one basket for a scammer.
If you choose to use a password manager, make sure that you follow all recommended precautions and protect your credentials to that password manager. Make sure you are choosing a reputable and well-known password manager to use⌠the last thing you want is to try some brand new password manager, only to find that youâve been had by a phishing attempt that now has all your passwords!
Hold the Line
Most of the time that digital defenses are infiltrated, itâs through the front doorâ a password. How secure can you expect your personal estate on the blockchain to be with a wimpy lock on the front gate? Even with the extra layers of security weâve discussed throughout this series such as private keys, and the precautions weâll discuss moving forward (looking at you 2-factor authentication!), if your passwords are penetrated the enemy is already inside your defenses.
The best way to make sure you stay entirely secure is to keep that gate locked tight.
Maintaining secure passwords and protecting them from the grips of the enemy prevents any part of your digital profile from being compromised. Even one account being breached represents a chink in your armor that could then give way to other vulnerabilities. Keep your defenses battle ready at all times and donât let anything past your guard.
The Advance Guard
As we continue to advance through The Guardian Papers, itâs our hope here at Gala Games that weâre contributing a collection of resources for the community to reference and share, so that we can all power-up our defenses against those who would do us harm.
For our next installment, weâll stick to fundamental security and discuss 2-factor authentication and multi-factor authentication. As this series progresses beyond this module, weâll rotate to an increasing focus on issues that are incredibly relevant to not only the community here at Gala Games, but the entire cryptoculture as well.
It is our sincerest hope that this series not only empowers you to defend your sovereignty on the blockchain, but also inspires you to empower others throughout our beloved community.
