Topic: Bitcoin Wallet Security (Read 1266 times)

i think if the electrum server that you are connected to had bitcoin-core version 10 and up there was no problem. right?

and as for core, people like me who don't want to download around 40 GB of data and save it on their computer have no choice but use SPV wallets

creating multisig with Electrum has clear explanation with pictures in it's wiki. i guess it is enough.

Yes, offline wallet is 100% secured. My entire btc are stored in the deep cold storage.

i don't use electrum or any other spv, and i'm doing it right seeing how the last issue of invalid block was affecting most those clients, it's the reason why i want it on core

now that i think of multisig, the procedure to create one, should be made more simple and clear for newbies, without the need to go in the console, there should be a one click button

I think this feature is already available in electrum. but, it's only for 2 of 3 multi-sig addresses & we need always depend on trusted coin to make a transaction. And also we have to pay an extra fee for trust coin service.

Do you know any glitch of this 2fa service of electrum ?

No coin is safe after it changes hands 3 times when bought directly from the miner with kyc/aml. There can be a point in time were authorities find out they've been used in illegal transactions, taint them, enforce bitcoin infrastructure in their juristiction to not accept them and effectively make the coins useless without anyone else knowing it before buying/accepting them.

This is the problem with bitcoin

they are also very slow, centralized exchange as an online wallet are against what bitcoin is all about, security and decentralization

better get rid of this crap and aim at developing a decentralized exchange which you can run by your own desktop and can work as an offline wallet too if needed

Coinbase is an online wallet not desktop!

and when it comes to security of bitcoin wallets, all online wallets are at the far end of the list no matter how many 2FA they have. besides coinbase is worse thanblockchain.info IMO, because you don't even have access to your private keys and they can and do ban you for many reasons which will cut your access to your funds. not to mention if they stop their service and run away!

It is already made mate. Its name is Coinbase and have the two factor authentication possibility to be enabled if you want. If I chose I cannot enter at my coinbase wallet without the code that must come to my cell phone. You have various options then to use. I sent you with pm the joining link if you would want to use this wallet.

Normally how these services work is you set up a 2 of 3 multisig wallet, you keep one key on your PC, they keep one key and you keep the final key on paper. Should they refuse to co-sign or go out of business you can use your paper backup to regain access to your coins.

Exactly. Someone with access to the computer can go find the wallet file and brute force it to steal the private keys. 2fa will do nothing to stop that.

Using 2fa with a third party would work but requires you to trust said third party. You need to trust them to let you to spend your bitcoin otherwise they could lock the bitcoin up in the multi sig address. Also, what happens if they go out of business?

2FA can be easily broken in 10 minutes I don't think it is a solution

2FA security is pretty old , but what if your PC is compromised with all sensitive data??
The best way is to store your Private key offline not on Computer:
various methods that i know are:

1.  paper printout
2.  a metal coin
3.  a tattoo on your body

Of all the above three the [3] one is pretty innovative to me

So i have an idea that we actually see in home security, before sending a transaction or unlock your wallet you get a courtesy phone call from a security agent asking you if you open your bitcoin wallet and if everything is alright in your home of place is taken the transaction in.

It is not much secure than a password protected wallet. Blockchain.info store the encrypted keys on their server. The addition of 2FA basically allows the computer to only have the wallet downloaded when the 2FA is correct. Your wallet would still get compromised if their wallet file gets compromised and hashing algronithm is weak. This method would not protect against other vulnerability like weak RNGs.

Yep! Core should be like Trezor in the sense that if you haven't made a back up & your PC dies or gets stolen you can simply download the full blockchain again & enter a 12-24 word seed which reloads your bitcoin balance into the new client. I would be very happy & impressed if the developers could incorporate this.

I was using Google Authenticator but since there is no way to backup the stuff, i moved to Authy, i can sync with many devices

Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.

there are ways to secure your wallet and bitcoin other than using 2fa.
like using the cold-storage which has many different ways to it.
from paper wallets to creating offline wallets on your pc.

2FA is not the solution. How to keep your private key offline is the key.
                                                                                               

the newer versions of Electrum has the option to enable two factor authentication. you can check out the Electrum wiki page for more information here:
http://electrum.orain.org/wiki/Two-factor_authentication

it is a service provided by TrustedCoin, it is with a remote server acting to co-sign transactions, adding another level of security in the event of your computer being compromised.

you also have your seed to restore your wallet in case you didn't have access to TrustedCoin for any reason.