Be careful using Blockchain as your wallet...

jubalix

legendary

Activity: 2618

Merit: 1022

Quote from: Desolator on October 21, 2012, 11:33:58 PM

Anyone using a 3rd party wallet host will get all their coins stolen, confiscated, or magically disappeared at some point. Nobody should use them, ever. It's safer, faster, and infinitely smarter to secure your own wallet file yourself.

how?

have the private key backed up

[2] My online wallet (blockchain.info) is encrypted with about 20 wordletter password and the sending of info is all opensource crypto

the worst that can happen is the online wallet service gets shut down, and they get a load of hashedupcryptobabble, and so I fire up bitcoin qt, elctum or whatever and carry on.

bitsource

member

Activity: 96

Merit: 10

I have used Blockchain for some time without any problems. They had a hic-up earlier - last week, but seem to be fixed. On the login problem, make sure you are not mixing up passwords if you have several wallets to log into. Check your wallet identifier and make sure it matches your pw.

dmatthewstewart

sr. member

Activity: 439

Merit: 250

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

They dont store the password for security purposes. This means that anyone that infiltrates their DB's can get all the identifiers they want but wont be able to do a damn thing with them other than look at them and wish they had a password

01BTC10

vip

Activity: 756

Merit: 503

DropBox and :

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: 01BTC10 on March 09, 2013, 12:25:49 AM

Why use an online password manager when you can use http://keepass.info (Open source and free) and backup the encrypted password database on DropBox or GoogleDrive?

Because keepass doesn't work as well as LastPass when it comes to automatically and seamlessly keeping everything in sync between multiple desktop machines and a mobile device.

01BTC10

vip

Activity: 756

Merit: 503

Why use an online password manager when you can use http://keepass.info (Open source and free) and backup the encrypted password database on DropBox or GoogleDrive?

jubalix

legendary

Activity: 2618

Merit: 1022

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

I use last pass that ensures my password is right

wachtwoord

legendary

Activity: 2324

Merit: 1125

Quote from: Raoul Duke on November 01, 2012, 07:31:44 PM

I wish I had 1 BTC for every time I saw a browser just like that one on someone elses' computer, mainly computers used by females lol

I find it quite impressive they are able to use such browsers. I doubt I would not be able to...

justusranvier

legendary

Activity: 1400

Merit: 1013

The only thing that would make LastPass better is if they would accept bitcoin for their premium subscriptions.

ninjaboon

legendary

Activity: 2128

Merit: 1002

I've been in the IT industry for 15 years and nowadays I use LastPass to generate random secure passwords.

opentoe

legendary

Activity: 1274

Merit: 1000

Personal text my ass....

I am the original poster and pretty much lost all the funds that were in that blockchain wallet. I'm in my 40's and have worked my way up through the IT world and I'm very familiar with how things work and how important it is to have good, secure passwords. I have two factor authentication on all my banking sites and have "similar" passwords on all the sites with different variables. Lets just say the variables alone are more strong then most users regular passwords. It is very unlikely I lost or forgot my password. I've never done that in the 20+ years I've used passwords. Anyway, there wasn't much money in there to begin with, but it does make me wonder how it happened. Since then I've strictly used the old original bitcoin local wallet. Backup my wallet to several places, encrypt it the wallet itself, again and I've been safe ever since. Oh well, what can you do.

thebaron

sr. member

Activity: 434

Merit: 250

Quote from: Desolator on November 20, 2012, 01:37:28 AM

I run a PC repair shop so I'm starting to feel like EVERYONE has MyWebSearch and Freeze and iLivid and Freeze. How fucking stupid are people?!

You would not have as much business without their ineptness.

Desolator

sr. member

Activity: 392

Merit: 250

I run a PC repair shop so I'm starting to feel like EVERYONE has MyWebSearch and Freeze and iLivid and Freeze. How fucking stupid are people?!

rebuilder

legendary

Activity: 1615

Merit: 1000

Quote from: Desolator on November 01, 2012, 06:42:08 PM

Quote from: dancupid on October 22, 2012, 12:09:11 PM

How is using a browser interface any different than using a stand alone piece of software?

This:

If your browser looks like that, the rest of your OS isn't likely to be very secure, either.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: Desolator on November 01, 2012, 06:42:08 PM

Quote from: dancupid on October 22, 2012, 12:09:11 PM

How is using a browser interface any different than using a stand alone piece of software?

This:

I wish I had 1 BTC for every time I saw a browser just like that one on someone elses' computer, mainly computers used by females lol

Desolator

sr. member

Activity: 392

Merit: 250

Quote from: dancupid on October 22, 2012, 12:09:11 PM

How is using a browser interface any different than using a stand alone piece of software?

This:

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Blockchain.Info definitely has a problem - https://bitcointalksearch.org/topic/m.1297566

dancupid

hero member

Activity: 955

Merit: 1002

Quote from: Desolator on October 21, 2012, 11:33:58 PM

Anyone using a 3rd party wallet host will get all their coins stolen, confiscated, or magically disappeared at some point. Nobody should use them, ever. It's safer, faster, and infinitely smarter to secure your own wallet file yourself.

They only host an encrypted wallet that is decrypted in the browser. They do not store any bitcoins.
There is no difference in me using this service than using the official client - except it is much more functional and can be accessed from any computer.
The same vigilance is necessary (key loggers etc) but blockchain wallet is worlds apart from the mybitcoin like websites that you have to trust to hold bitcoins for you.
You remain in control - you hold all the private keys.
How is using a browser interface any different than using a stand alone piece of software? - it's just a program running in the browser. You can even use it offline.
It's open source and you can examine the code: https://github.com/blockchain

Desolator

sr. member

Activity: 392

Merit: 250

Anyone using a 3rd party wallet host will get all their coins stolen, confiscated, or magically disappeared at some point. Nobody should use them, ever. It's safer, faster, and infinitely smarter to secure your own wallet file yourself.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: jbreher on October 18, 2012, 01:56:19 PM

Quote from: ErebusBat on October 12, 2012, 04:47:32 PM

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

Ironic or not?:

While your link provides a ready means of buying your new book, it lists no option to do so in bitcoin.

(sorry for the thread derail)

Especially considering the author is a bitcoiner.

jbreher

legendary

Activity: 3038

Merit: 1660

lose: unfind ... loose: untight

Quote from: ErebusBat on October 12, 2012, 04:47:32 PM

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

Ironic or not?:

While your link provides a ready means of buying your new book, it lists no option to do so in bitcoin.

(sorry for the thread derail)

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ErebusBat on October 18, 2012, 08:42:09 AM

Agreeded. Are you using another wallet? Or perhaps a service like one of the dice? You normally shouldn't get double spends unless something out of the ordinary is going on.

Aye. I was playing SatoshiDice with the coins in Blockchain wallet.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: Come-from-Beyond on October 18, 2012, 02:50:59 AM

Quote from: ErebusBat on October 17, 2012, 08:44:38 PM

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

Agreeded. Are you using another wallet? Or perhaps a service like one of the dice? You normally shouldn't get double spends unless something out of the ordinary is going on.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ErebusBat on October 17, 2012, 08:44:38 PM

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well.

Password re-use is never a good idea.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this.

What 'funny feeling'? That is a pretty strong accusation coming from a low post forum account against piuk. Something tells me that there would be many more 'interesting' account for them to 'steal' if he were so inclined.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

I am pretty sure that you don't understand how the service works given that this is near impossible (as others have pointed out).

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password.

Knowing and communicating the password to the server are two entirely different things (also as others have pointed out). Why would they risk their reputation to steel random piddly accounts?

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

Quote from: opentoe on October 09, 2012, 10:41:44 PM

So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

This is of course a personal decision and there is no right way for 100% of the people. Personally I have like BCI because an un-encrypted version of my wallet never hits my disk.

Sorry to be so negative, but attacks on long standing services / members irritate the hell out of me, especially when done from sock/low count accounts.

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

Quote from: julz on October 10, 2012, 01:28:42 AM

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit: ^^ what he said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Thanks (and thanks to Stephen Gornick as well). I'll go do that tonight.

kokojie

legendary

Activity: 1806

Merit: 1003

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

Sounds like your fault for not properly backing up your wallet, both on paper and in encrypted form (it's impossible for blockchain.info or anyone else to change your password on your backups). Plus since you re-use your password, how do you know if your password has not been compromised somewhere else, and the hacker simply went into your blockchain.info account. It can be pretty useless to hack into online banking, so you might not notice your online banking has been hacked. If your coin hasn't been moved, then if you have properly backed up, you would not have lost anything.

piuk

hero member

Activity: 910

Merit: 1005

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe.

Try opening notepad or another simple text editor and writing the password in plaintext exactly how you think it should appear. Then copy and paste it into the password field.

Keeping you own paper backup or .aes.json backup is the always recommended. Then you can restore the wallet using a desktop client if need be.

julz

legendary

Activity: 1092

Merit: 1001

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit: ^^ what he (Stephen Gornick) said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).

Account details -> Secuirty

You can enabled two-factor authentication. This can be an e-mail, SMS text message, Yubikey, or Google Authenticator.

Quote from: ralree on October 10, 2012, 12:58:47 AM

no reason to risk losing it if I lose my phone.

As long as you have it save backups (or send them to you), you are protected from lost. You can also set up a second password that is required only for spending. So even if the phone is stolen and someone tries to send funds, they can't without the second password.

Account details -> Passwords

- http://www.Blockchain.info/wallet

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

dancupid

hero member

Activity: 955

Merit: 1002

If you have a backup of the wallet just open another account and import it to it - or import it into multibit.
I would also just use a watch address for the bulk of your bitcoins with the private key stored offline.

edit - just realised you'd still have the same password problem though. But blockchain do not store any bitcoins they just store an encrypted wallet that is decrypted in the browser. They can't steal these bitcoins.
I suggest you keep trying the same password - perhaps try it on a different computer

allthingsluxury

legendary

Activity: 1540

Merit: 1029

Wow hopefully it is just something simple like a keyboard error. Hopefully you get access to your cash soon.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

This is good reading:

Caution: Do You Bank Online?
- http://market-ticker.org/post=212456

by Karl Denninger, Ticker Guy

[Update:
And also:

Quote

[Project Blitzkrieg is] a collaborative effort designed to exploit the U.S. banking industry’s lack of anti-fraud mechanisms relative to European financial institutions, which generally require two-factor authentication for all wire transfers.

Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks
- http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks ]

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is the same password I use on several of my banking sites, so I know the password well.

Well, that could be one explanation as to what happened. I'ld first be worried that my system has been compromised and then only after being able to rule that out would I continue to use it. From a secure system, then I'ld change my bank passwords after this. Again -- password reuse is not recommended.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

No, they won't. They don't have access to the unecrypted keys.

Now did you have a previous backup of your wallet from prior to having any trouble?

But if a thief got access to it, even with an older copy of the wallet the funds are likely spent.

The login page shows three backup methods ... Dropbox, Google Drive, and Email.

You can configure it so that a copy of the encrypted wallet is sent to your e-mail after each change.

Also, setting it up with a second password (required for spending) is a good recommendation.

Atlas

jr. member

Activity: 56

Merit: 1

OP, all they store is your public keys/private keys in a encrypted JSON with a linked identifier. That's it. There's no way they can alter it unless they are storing your passwords which would ruin them.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Number of times I've typed a password again and again and again and SWORE I did it right but it clearly isn't working... only to discover that my keyboard is set in a foreign language, and I'm either typing "ραςςωορδ", or it's AZERTY and I'm really typing the equivalent of "pqssword" or whatever.

julz

legendary

Activity: 1092

Merit: 1001

That they don't store the password on their server is a good feature. I don't see how Blockchain can get that money eventually - unless you used a pretty simple password and they run a brute force against it.
Highly unlikely anyone external could brute force any but the simplest of passwords - as blockchain seems to do IP lockouts (though perhaps via botnet?)

Also - check your keyboard isn't damaged.

..and - look for keyloggers. Perhaps someone got in via your system and changed the pass.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Just use a paper wallet. And/or back up your keys to paper, Blockchain makes that pretty easy.

opentoe

legendary

Activity: 1274

Merit: 1000

Personal text my ass....

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

Topic: Be careful using Blockchain as your wallet... (Read 16498 times)