Secure Your NXT

From Nxt Wiki
Jump to: navigation, search

1 The Importance of Passphrases

Unlike most other crypto-currencies and traditional tokens of value, an NXT account is secured only by a single passphrase which can be thought of as a very secure password. We call this a "Brain Wallet". The passphrase is the only identifier needed in order to transact using NXT and in order to Forge NXT blocks. There are no additional wallet files of any sort.

And unlike traditional web sites which limit the number of login attempts and do not disclose the authentication algorithm, the open source and free NXT client allows an unlimited number of login attempts which can be executed very quickly, at rates reaching billions of login attempts per second. Considering this, and unlike traditional passwords, your passphrase has to be very long and complex. The NXT client account registration process is known to generate very secure passphrases. We recommend that you use it. Alternatively, you can choose a passphrase with at least 35 truly random characters.

If you are using special characters in your passphrase i.e. not just numbers or letters, make sure to use the ASCII representation of these characters and not one of the Unicode representations. For example the quote character " can be represented as ascii code 34 (0x22) but also as various unicode characters as explained here http://www.amp-what.com/unicode/search/quote these are considered different characters when used in a passphrase so to avoid confusion we recommend always using the ascii version of these characters or not using them at all. For example MS Word uses the “ unicode character by default which differs from the " ascii character and will cause your passphrase to generate a different account address.

Losing your passphrase means losing your funds, there is no way to recover your passphrase. It is YOUR responsibility. If you cannot accept this, better don't use NXT.


1.1 Mitigating Risks of NXT loss

Let's analyze the various risks and how to mitigate them. The main risks are:

  • Losing your passphrase
  • Letting someone steal your passphrase
  • Accidentally sending your NXT to an account with an unknown passphrase

If you are one of those guys who always mess up things online and need customer support, you will have to exercise extra care to not to lose your NXT one way or the other.


1.2 Best Ways to remember your Passphrase

If you lose your passphrase there is no way to recover it. The chance of forgetting your passphrase is much higher than getting your password stolen.

The best way not to forget your passphrase is to store it somewhere safe, preferably in more than one secure place or backing up your secure storage somewhere safe.

You have to accept that there are risks no matter where you store your passphrase.

  • If you store it on your hard drive - the drive might crash
  • If you store it in a password manager - the passwords file might get corrupted or deleted
  • If you print it on paper - the paper might get burned or lost
  • If you store it in your brain - you might forget it

Therefore, by using more than one storage method, you lower the risk.


1.3 Keep Your Passphrase Safe

Eventually you have to use your passphrase on your local workstation to sign transactions, and you might even need to send it to your remote node for forging, bundling, shuffling, account monitoring etc.

So you have to store it securely, preferably in more than one place, and at least one of these places needs to be easily accessible.

Again there is no 100% security, but there are best practices:

  • Don't share your passphrase with anyone
  • Don't store your passphrase unencrypted on a remote node or your local workstation
  • Always use the official NXT wallet
  • Take special care when connecting to remote nodes
  • Do not leave your passphrase printed on paper next to your computer
  • Split your NXT to several accounts, use the smaller balances for daily operations and only access the higher balance accounts when necessary

Using a password manager, that allows you to store multiple passwords encrypted under a single database password, can be secure and convenient. A free, open source option is Keepass.

There are also a options for offline usage, e.g. Offline_Transaction_Signing or NXT Bridge.

2 Increase NXT transfers security with Public Keys

For security reasons, it is important to announce the public key of your new accounts.

Also keep in mind to

  • Always use the official client and make sure the recipient account for your transfers have a public key.
  • Use only "NXT-" addresses and avoid using numeric addresses.

3 Use the Phasing Feature for Account Control

To add another layer of safety, the phasing features can be set up for accounts. These features present some interesting account usage scenarios, for example:

  • Multi-signature account
  • Tagging an account as a "savings" account, with no ability to send Nxt
  • Using a locked account as an "escrow" account
  • Limiting the ability to transfer assets, aliases or other entities from an account

There are specific pages that describe how the account control can be set up in the Ardor Platform and the NXT Platform.