Security Tips

This page will eventually be full of useful information about security and avoiding scams etc...


You should NEVER EVER use the same password accross multiple websites!

Instead you should use a unique password for every different website you join, this is very important and I'll tell you why.

In order for a password to work on a website, it must be stored on that website, usually in a database connected to that website.

Any trustworthy website will not store your password the way you enter it but rather they will encrypt it first and then store it.

When the password is encrypted properly, nobody can work out what the password is, not even the developers of the website. If anybody manages to hack in to the website's database (which is pretty unlikely - but can happen), they can't get your password, they can only get the encrypted version which is totally useless to them.

But then how am I able to log in? When you login, you enter your password as you normally would and it gets encrypted again, the encrypted version of the password you enter to log in then needs to match the encrypted version of the password which is stored in the website's database.

If you had the encypted version of password and tried to enter that, it wouldn't work, this is because the already encrypted version is then encrypted a second time so it won't match.

This is why if you've ever lost your password for a website, you'll notice that the website usually will not send you your old password, instead they'll send you a link with instructions to reset your password and choose another one.

Any website that sends you your old password is not encrypting it when they store it on thier database (although just because the website does request that you reset it doesn't prove that they are encrypting it.

So why is so important to use a different password for every website if nobody can figure out what my password is?

Well you'll notice I said any "Trustworthy" website will encrypt your password, but not all websites are trustworthy, especially when it comes to Bitcoin and other Crypto Currencies. There's a lot of value in Crypto Currency, and unfortunately this means there's a lot of people who want to steal it from you or scam you out of it.

It's much easier for a web designer to not encrypt your password, that means it's very easy for scammers to make a scam website offering deals too good to be true, you sign up to their scam website, entering all yor information as you go including the password that you use for lets say for example your coinpt account. They don't encrypt the password, but store it in it's raw form. The webs designer then only has to go into the back end of their website and look in the database and BOOM! They have your email address and your password, this is all they need to log into your coinpot account unless you enabled 2FA (2 Factor Authorization - which I'll go over later). Now they can withdraw all available balances from your coinpot account to their own wallets and clean you out. All it takes is for you to enetr that password once into a dodgy website and you could lose everything!

How can I tell if a website is encrypting my password? You can't, unless they give you access to their database but that's not going to happen. If they send you your exact password then you know they're not encrypting it but other than that you have to take their word for it.

Does encrypt passwords? Yes, but I can't prove that to you without giving you access to my database which isn't going to happen, so please do NOT use your Coinpot password or any password you've already used on any other website for your acount or on any other website you join, it's much better to play it safe!