3 fren tips for improving your IC security
1. Making sure your extensions won’t mess with you
Man In The Browser attacks are the web’s worst enemy.
If you want to get the full technical explanation of why you shouldn’t let extensions freely roam in your web pages, check this out https://link.springer.com/article/10.1007/s10207-019-00442-1
Click on the puzzle icon — top right. Go to “Manage Extensions”
Then hit “Details” on each one of them
On dangerous extensions you will see something like this
Change it to “on click”
You will now see your extensions in cute white bubbles you will learn to love. These protect you. Extensions don’t start automatically. You will have to click and activate them for a certain session+domain. You get major upgrade of privacy and security for your whole crypto portfolio at the cost of one inconvenient click.
It works awesome and should be the default.
2. Your Internet Identity backup phrase...
Head to https://identity.ic0.app/ and delete your backup phrase. Are you sure no extension recorded it when you initially received it? Every extension you had with full access to your pages could have recorded it and perhaps its waiting for you to collect cool stuff. So make sure all extensions are in lovable cute white bubbles, reload the page or browser if they aren’t. Then delete your backup phrase and create another one. Now this safer backup phrase is one you can hit “protect” on, thus locking it so other devices won’t be able to delete it.
3. Remove hackish Internet Identity integrations.
While I admire the ingenuity of certain hacks, some wallets I won’t mention are “Integrating” Internet Identity by asking users to manually add a “remote device”. This must be the worst idea in IC I have seen so far. If you have sinned, you can find these “devices” in the list, delete them and be safe once again. Make sure you aren’t deleting your own device keys tho.
By removing the “integration” not only you will raise your security, but you will also help them avoid the seppuku they will be required to commit once this gets out of hand.
Were you warned that such integration is giving the wallet:
- Full access on everything you own on all IC sites with Internet Identity, including NNS wallet
- Can delete your other devices and lock you out of your account (It can’t delete only the protected backup phrase)
- Your whole Internet Identity security gets reduced from being safeguarded by the IC network with billion$ cap ICP token — to — the mercy of some guys and the questionable safety of their closed source code.
Stay safe frens of Anvil.