New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update security guidelines for Ethereum and cryptocurrency users page #12390
Conversation
stytlistic edits to bring article more in line with Ethereum guidelines. I notice a few passive voice instances, e.g. "They are considered the most secure wallet option for storing your private keys: your private key never touches the internet and stays completely local on your device," that could use attribution. There's also a part telling a story about a scammer who "stayed in touch" that could use a hyperlink, but I don't know what story the OP is talking about
WalkthroughThe recent updates aim to enhance security guidelines for Ethereum and cryptocurrency users. By refining password security tips, emphasizing unique passwords, detailing Two-Factor Authentication (2FA) specifics, and shedding light on prevalent scams, these changes seek to improve user understanding and application of security measures in the crypto domain. Changes
Related issues
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
✅ Deploy Preview for ethereumorg ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
i missed an 'X' in firefox
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (1)
- public/content/security/index.md (9 hunks)
Additional comments: 19
public/content/security/index.md (19)
- 9-9: The introduction succinctly sets the stage for the importance of security in the context of rising interest in cryptocurrency. It's clear and directly addresses the reader's concerns about scammers and hackers.
- 17-17: The statistic provided here is impactful and immediately highlights the importance of strong passwords. Including a source for the statistic is good practice as it adds credibility to the claim.
- 19-19: The explanation of a dictionary attack and the example of a weak password versus a strong password is very informative. It helps readers understand why certain passwords are considered weak and how to improve them.
- 27-27: Highlighting common mistakes in password creation, such as using easily guessable information, is crucial. This advice directly addresses a common security vulnerability and educates readers on how to avoid it.
- 34-34: The bullet point about avoiding common words is a valuable addition to the good password practices section. It reinforces the idea of creating complex passwords that are harder to crack.
- 40-40: The mention of "Have I Been Pwned" is a practical resource for readers to check if their accounts have been compromised in data breaches. This advice, coupled with the emphasis on using unique passwords, is actionable and beneficial.
- 63-63: Introducing the concept of factors in authentication is educational and sets the stage for explaining Two-Factor Authentication (2FA) effectively. It's a good lead-in to the importance of 2FA.
- 69-69: The detailed explanation of 2FA and the emphasis on using an authenticator app over SMS-based 2FA is crucial for security. It educates readers on more secure methods of 2FA, addressing a common security misconception.
- 87-87: The section on security keys as a form of 2FA provides valuable information on advanced security measures. Mentioning the FIDO U2F standard adds depth to the discussion on 2FA options.
- 95-95: The cautionary advice about browser extensions and their potential risks is important for web security. This section effectively raises awareness about the permissions extensions may require and their implications.
- 111-111: Educating readers on the decentralized nature of Ethereum and the importance of understanding how crypto works to avoid scams is essential. This section effectively addresses a common vector for scams.
- 128-128: The strong emphasis on never sharing private keys is critical for wallet security. This line serves as a clear and direct warning to readers, reinforcing a fundamental security principle.
- 136-136: Warning against screenshotting seed phrases or private keys is a practical piece of advice that addresses a common oversight. It highlights a specific risk associated with cloud syncing.
- 151-151: The reminder that Ethereum transactions are irreversible and the advice to double-check addresses before sending transactions are crucial for preventing common mistakes in crypto transactions.
- 154-154: Encouraging readers to review transaction messages before signing is a good practice that can help prevent unintended actions when interacting with smart contracts. This advice adds an extra layer of security.
- 168-168: The introduction to common scams sets a skeptical mindset, which is healthy in the context of cryptocurrency. It prepares the reader to be cautious and critical of too-good-to-be-true offers.
- 186-186: The explanation of the giveaway scam and its urgency tactic provides readers with specific details to recognize and avoid this type of scam. It's an important inclusion for educating readers on scam patterns.
- 250-250: Highlighting the tactics of scam crypto trading brokers and the risks of trusting internet strangers with investments is valuable. This section effectively warns readers about a specific type of investment scam.
- 260-260: The warning about mining pool scams, especially in the context of Ethereum's transition away from mining, is timely and relevant. It addresses a specific scam that exploits misunderstandings about Ethereum's current state.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (1)
- public/content/security/index.md (9 hunks)
Files skipped from review as they are similar to previous changes (1)
- public/content/security/index.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good to me! Thanks @setgree.. cc: @minimalsm Mind taking another peek here?
@@ -125,15 +125,15 @@ One of the biggest reasons people get scammed in crypto generally is a lack of u | |||
|
|||
**Never, for any reason, share your private keys!** | |||
|
|||
The private key to your wallet acts as a password to your Ethereum wallet. It is the only thing stopping someone who knows your wallet address from draining your account of all of its assets! | |||
The private key to your wallet is a password to your Ethereum wallet. It is the only thing stopping someone who knows your wallet address from draining your account of all of its assets! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My side-concern with this statement is it can give people the false impression that they need to enter this "password" when they use their account... vs a password used to encrypt/decrypt your wallet, which works differently and is more commonly the "password" users will need to actually remember or have easy access to (unlike their private key which they may never see)
I see that as out-of-scope to the current changes though, just noting for the future
one fewer word 😃
Congrats, your important contribution to this open-source project has earned you a GitPOAP! Be sure to join the Ethereum.org discord if you are interested in contributing further to the project or have any questions for the team. GitPOAP: 2024 Ethereum.org Contributor: Head to gitpoap.io & connect your GitHub account to mint! Learn more about GitPOAPs here. |
@all-contributors please add @setgree for content |
stytlistic edits to bring article more in line with Ethereum guidelines.
I notice a few passive voice instances, e.g. "They are considered the most secure wallet option for storing your private keys: your private key never touches the internet and stays completely local on your device," that could use attribution -- who considers this the most secure wallet option? is it an empirical fact that people who employ this technique get hacked the least?
There's also a part telling a story about a scammer who "stayed in touch" that could use a hyperlink, but I don't know what story the OP is talking about
Summary by CodeRabbit