Update security guidelines for Ethereum and cryptocurrency users page

[setgree]

stytlistic edits to bring article more in line with Ethereum guidelines.

I notice a few passive voice instances, e.g. "They are considered the most secure wallet option for storing your private keys: your private key never touches the internet and stays completely local on your device," that could use attribution -- who considers this the most secure wallet option? is it an empirical fact that people who employ this technique get hacked the least?

There's also a part telling a story about a scammer who "stayed in touch" that could use a hyperlink, but I don't know what story the OP is talking about

Summary by CodeRabbit

• Documentation
  • Updated security advice related to Ethereum and cryptocurrency, including password security, Two-Factor Authentication (2FA), and common crypto scams.

[coderabbitai]

Walkthrough

The recent updates aim to enhance security guidelines for Ethereum and cryptocurrency users. By refining password security tips, emphasizing unique passwords, detailing Two-Factor Authentication (2FA) specifics, and shedding light on prevalent scams, these changes seek to improve user understanding and application of security measures in the crypto domain.

Changes

Files	Change Summary
public/.../security/index.md	Enhanced password security advice, highlighted unique passwords, clarified 2FA, and outlined common crypto scams.

Related issues

• Review texts still referring to mining/miners etc. #12030: The updates in public/content/security/index.md align with the objective of reviewing and updating text references to mining-related terminology in Ethereum processes.
• Dev resource page: "Indexing and querying" #11564: While not directly related, the emphasis on security in Ethereum aligns with the broader goal of improving content for dapp developers on Ethereum blockchain data indexing and querying.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Note: Auto-reply has been disabled for this repository by the repository owner. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for ethereumorg ready!

Name	Link
🔨 Latest commit	722a335
🔍 Latest deploy log	https://app.netlify.com/sites/ethereumorg/deploys/661466f5bd32ff0008e6dbee
😎 Deploy Preview	https://deploy-preview-12390--ethereumorg.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between a7db23c and 7426117.

Files selected for processing (1)

• public/content/security/index.md (9 hunks)

Additional comments: 19

public/content/security/index.md (19)

• 9-9: The introduction succinctly sets the stage for the importance of security in the context of rising interest in cryptocurrency. It's clear and directly addresses the reader's concerns about scammers and hackers.
• 17-17: The statistic provided here is impactful and immediately highlights the importance of strong passwords. Including a source for the statistic is good practice as it adds credibility to the claim.
• 19-19: The explanation of a dictionary attack and the example of a weak password versus a strong password is very informative. It helps readers understand why certain passwords are considered weak and how to improve them.
• 27-27: Highlighting common mistakes in password creation, such as using easily guessable information, is crucial. This advice directly addresses a common security vulnerability and educates readers on how to avoid it.
• 34-34: The bullet point about avoiding common words is a valuable addition to the good password practices section. It reinforces the idea of creating complex passwords that are harder to crack.
• 40-40: The mention of "Have I Been Pwned" is a practical resource for readers to check if their accounts have been compromised in data breaches. This advice, coupled with the emphasis on using unique passwords, is actionable and beneficial.
• 63-63: Introducing the concept of factors in authentication is educational and sets the stage for explaining Two-Factor Authentication (2FA) effectively. It's a good lead-in to the importance of 2FA.
• 69-69: The detailed explanation of 2FA and the emphasis on using an authenticator app over SMS-based 2FA is crucial for security. It educates readers on more secure methods of 2FA, addressing a common security misconception.
• 87-87: The section on security keys as a form of 2FA provides valuable information on advanced security measures. Mentioning the FIDO U2F standard adds depth to the discussion on 2FA options.
• 95-95: The cautionary advice about browser extensions and their potential risks is important for web security. This section effectively raises awareness about the permissions extensions may require and their implications.
• 111-111: Educating readers on the decentralized nature of Ethereum and the importance of understanding how crypto works to avoid scams is essential. This section effectively addresses a common vector for scams.
• 128-128: The strong emphasis on never sharing private keys is critical for wallet security. This line serves as a clear and direct warning to readers, reinforcing a fundamental security principle.
• 136-136: Warning against screenshotting seed phrases or private keys is a practical piece of advice that addresses a common oversight. It highlights a specific risk associated with cloud syncing.
• 151-151: The reminder that Ethereum transactions are irreversible and the advice to double-check addresses before sending transactions are crucial for preventing common mistakes in crypto transactions.
• 154-154: Encouraging readers to review transaction messages before signing is a good practice that can help prevent unintended actions when interacting with smart contracts. This advice adds an extra layer of security.
• 168-168: The introduction to common scams sets a skeptical mindset, which is healthy in the context of cryptocurrency. It prepares the reader to be cautious and critical of too-good-to-be-true offers.
• 186-186: The explanation of the giveaway scam and its urgency tactic provides readers with specific details to recognize and avoid this type of scam. It's an important inclusion for educating readers on scam patterns.
• 250-250: Highlighting the tactics of scam crypto trading brokers and the risks of trusting internet strangers with investments is valuable. This section effectively warns readers about a specific type of investment scam.
• 260-260: The warning about mining pool scams, especially in the context of Ethereum's transition away from mining, is timely and relevant. It addresses a specific scam that exploits misunderstandings about Ethereum's current state.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 7426117 and 9244f73.

Files selected for processing (1)

• public/content/security/index.md (9 hunks)

Files skipped from review as they are similar to previous changes (1)

• public/content/security/index.md

[wackerow]

Changes look good to me! Thanks @setgree.. cc: @minimalsm Mind taking another peek here?

[wackerow]

My side-concern with this statement is it can give people the false impression that they need to enter this "password" when they use their account... vs a password used to encrypt/decrypt your wallet, which works differently and is more commonly the "password" users will need to actually remember or have easy access to (unlike their private key which they may never see)

I see that as out-of-scope to the current changes though, just noting for the future

[gitpoap-bot]

Congrats, your important contribution to this open-source project has earned you a GitPOAP!

Be sure to join the Ethereum.org discord if you are interested in contributing further to the project or have any questions for the team.

GitPOAP: 2024 Ethereum.org Contributor:

Head to gitpoap.io & connect your GitHub account to mint!

Learn more about GitPOAPs here.

[wackerow]

@all-contributors please add @setgree for content

[allcontributors]

@wackerow

@setgree already contributed before to content