EXCHANGES AND SAFETY

It has been often stated: keeping your coins on exchanges is not recommended. Exchanges have been hacked, closed down, or failed to upgrade when coins fork. Also, wallets on exchanges have been known to be in maintenance for extended periods of time, preventing timely withdrawals!



The following relates primarily to desktop wallets, but also applies to mobile wallets to some extend:

WALLET LOCK

Always make sure to lock your password protected wallet before exiting. Password strength is definitely something to consider! Adding special character is best practice.

When unlocking your desktop QT wallet in the console with the command 'walletpassphrase' your "yourwalletphassphrase" you specify the number of seconds your wallet stays unlocked in seconds, for example: walletpassphrase "yourwalletphassphrase" 240. This would leave the wallet unlocked for four minutes, enough time to complete a transaction. There is no need to keep the wallet unlocked for longer than needed.

STORING WALLETS

Storing your wallet on a computer that is connected to the web is only recommended when you need to make a transaction. Otherwise, it is best practice to keep your wallet (that should always be password protected) in cold storage – i.e., on an external hard disk, SD cards or USB sticks which are inexpensive and easy to carry with you and to store at different locations. There is still a debate whether current hardware wallets are any safer than files and keys properly encrypted multiple media storage devices.

Simply copy the wallet.dat file to the windows directory required to open your wallet when needed. Save the file on multiple media – as media can fail (especially SD cards!), can get lost, or files may become corrupted for some reason. In windows, the wallet.dat file resides in the following directory: C:\Users\..\AppData\Roaming\Syscoin\wallets

Running QT Wallet Off External Media

It is quite possible to install and run the desktop wallet off external media, such as USB sticks, thereby limiting the exposure of your wallet while connected to the web. Also, in case your computer has a meltdown you can simply use a different one using the usb stick that you setup. This article provides the details: https://medium.com/@bittyjohn1954/running-syscoin-4-qt-from-a-usb-on-windows-520a182885f5





Retrieving Your Private Keys

Each address has a private key that you may want to save apart from the wallet itself. The private key is the key to accessing the coins associated with an address. To retrieve your private keys for an address, follow these steps:

1. Unlock your Qt desktop wallet, see WALLET LOCK section above

2. Enter dumpprivkey "address" (address being your syscoin address)

3. Save the private key on paper or disconnected media USB/SD Card and encrypt it using tools described earlier

4. The private key allows you to retrieve and import your coins into any Syscoin wallet – useful if you lose or have a corrupted wallet.dat file or when your hard disk fails!

5. You will need a private key for each address you wish to save

SEGREGATED COMPUTERS

If you happen to own two computers, you may want to consider installing your QT Syscoin wallet on a dedicated computer that you only connect to the internet when making transactions on the blockchain!

WALLET ENCRYPTION AND PASSWORD LENGTH

Most wallets, including the Syscoin wallet encryption is based on a 256 bit key. It is generally assumed that password length of about 20 characters is safe – as it would take more than a year to break it using the most powerful computers available today. Best practice is to generate the password with a password manager that allows one to create random passwords of letters, digits, and special characters! Changing the password once a year or more often is best practice.

CHECK BALANCES WITHOUT USING YOUR WALLET

To check you balance in an address you hold, you can simple use blockchain explorers, such https://chainz.cryptoid.info/sys/

and enter your address without even using your wallet which adds to security! The same is true for most other projects. No need to even open your wallet to check balances and transactions!

PASSWORD MANAGERS

To create and store passwords for your wallet, or to store the private keys to individual addresses that let you retrieve your funds even without the wallet, use free Keepass password manager from https://keepass.info that can be run on any USB stick or SD card, Windows, or Unix system and is highly secure as it is based on a 256 bit encryption key.

FREE FILE ENCRYPTION TOOLS

To encrypt a file on your computer that is connected to the web, including your wallet, the Challenger encryption program (256 bit key) https://download.cnet.com/Challenger/3000-2092_4-10911709.html which is also available as a free version (128 bit encryption key) can be installed on any external device (SD card, USB stick, external HD) or on your desktop computer, also makes theft less likely – especially if you rename the wallet.dat into into something like ‘no10xa44.jpg’, encrypt it and place it in a different folder. This is not optimal, but still better than nothing. Best to use cold storage, see above.

ON ENCRYPTION KEY LENGTH

A useful blog post discussing encryption key strenght when chosing a program or provider!

FREE SECURED CLOUD STORAGE

You may also keep an encrypted and renamed version of your wallet.dat file on a ‘end-to-end’ secured cloud platform, like mega.nz that offers 50GB of free storage. In that case, the previous additional step of encrypting and renaming the wallet file as described above adds an additional level of safety!

WIPE YOUR MEDIA AFTER DELETING SENSITIVE FILES

Simply deleting files doesn’t remove them from you media (harddisk, usb sticks, sd cards). Make sure you WIPE the free space of media after deleting any file that contains private keys or other sensitive information. Use free Fileshreder or other similar programs: http://www.fileshredder.org





MORE TOOLS TO STAY SAFE

Visit the Electronic Freedom Foundation websites for some great tools to stay safe online.

Authy.com – a popular 2FA authenticator App that can be used for all your logins using Android, Windows, Unix, MacOS, Chrome and other system. It is the best 2FA app IMHO!

Btw, don't forget to visit and bookmark https://syscoin.network/syslinks where you find a complete and up-to-date link collection, including wallets, exchanges, MN hosting providers, chats, and everything else you need to participate in the project, all on one convenient single page!