Author

Topic: Here is why they say to store your seed "offline" (Read 574 times)

legendary
Activity: 1554
Merit: 1139
But saving your seeds offline is often said because from the moment you have them online, there is a risk that they will be stolen by hackers, and for that it doesn't matter if Amazon Drive stops its service on Dec. 31, 2023.
Of course, we've already made a point as to what kind of data that should be stored on the cloud and that is, the non sensitive data or files. In this regard, we don't hope to have users who will go ahead to upload or store there private keys and seed phrases online just because, you can access it anywhere and anytime in the world with any Internet device by simply logging on.

The major issues to this is hacking but I don't think that is the only. These files or data are stored for easy accessibility, recoverability, security and leveraging the storage space available on these servers. Now, shutting it down kind of takes all that away and one dumb enough to store there private keys or seed phrase online with hopes to recover and import wallet in the invent of a crash might have just lost everything.

If hacking makes you lose everything and shutting down a service has the same effect, then technically, we could say they are the same thing. Offer the same risk, just different means!
sr. member
Activity: 1190
Merit: 469
Online data storage is essential for any valuable data.

ok so if that's the case then it seems like you're suggesting seed words need to be stored online.

Quote
That is why, in order to prevent any scam effects, those seed words or other information that could be used to access your precious possessions shouldn't be stored on the cloud or with any online storage provider.
but now you contradict yourself by saying seed words shouldn't be stored in the cloud.

member
Activity: 364
Merit: 13
Online data storage is essential for any valuable data.
That is why, in order to prevent any scam effects, those seed words or other information that could be used to access your precious possessions shouldn't be stored on the cloud or with any online storage provider. It should be written down and preserved on paper in your closet, or even better, a safety deposit box.
jr. member
Activity: 126
Merit: 4
Cloud storage is certainly convenient, but it has nothing to do with the word "security." Too many people make a living hacking everything they can reach to blindly trust important data to be stored on the Internet, moreover, on a server, that you absolutely cannot control.
hero member
Activity: 3178
Merit: 661
Live with peace and enjoy life!
Storing all your important documents online will never be safe in the first place. The fact that you might give others the chances to access to your own important documents, that would be the start of being in danger as you might not recover them suddenly and lose everything what you have been safekeeping the whole time. Not your keys, not your coins. So don’t wait to happen it for you, always take caution in everything you do. It’s best to store them offline, at least you don’t have to worry if it will be hacked or not.
member
Activity: 994
Merit: 14
Apart from the fact that Amazon is shutting down cloud storage, it is very dangerous storing your seed phrases and other password online because these platform are suceptible to hackers. It is always advisable to keep your phrase offline.
sr. member
Activity: 1190
Merit: 469
So true! (personal experience)
I sent some of my wallets seeds to my Yahoo email address. After a year of inactivity they deleted all my emails and there is no way to recover them! And am sure more than 90% of Yahoo users aren't aware of this so-called feature.

When did that happen? I don't think they do that to everybody.

With that said, I do recall a long time ago where they had some data loss which caused peoples' email accounts to lose a bunch of emails
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
what about protonmail?  if you had to store it in the cloud would that be the best option?
Nope. If you must store something sensitive in the cloud (and I'm not sure that is ever actually the case) the only two acceptable options are either 1) don't do it, or 2) set up your own cloud server.
There is a "US Government" "region" in AWS that is used by various US government agencies, including the DOD. I don't think the nuclear launch codes are stored there, but I do understand that classified (and other sensitive) information is likely to be stored there.

So a "never" policy for using cloud services is probably not appropriate, but it is important to understand the risks involved. It is easy to make mistakes with permissions when using cloud services, although most cloud providers will alert you when you are doing something that is clearly undesirable, there is no guarantee that your cloud provider will catch all mistakes regarding permissions. It is similarly possible to make other mistakes that will result in either your cloud services being exposed to the general public or that may result in your information being exposed to someone you don't intend to have it exposed to.

In general, the appropriate customers for cloud services are governments and/or businesses. If you cannot be described as either of these and are using the cloud to store sensitive information, you are probably doing something wrong. Governments and businesses can hire professionals whose job it is to ensure that relevant settings are correct and that your private information will not be exposed to those who should not have access to it. They can also hire separate professionals to audit the above
hero member
Activity: 2814
Merit: 576
It's not just the cloud actually. It is not recommended to store any piece of sensitive information online. Anything stored online could be illegally and legally accessed by anybody. And not only do you not have complete and sole control of your information, even the storage itself is not within your control. The authorities could conduct a search in a cloud storage. Furthermore, even encryption does not guarantee complete security.
That’s the fact when it comes to online storage, no one can guarantee it’s full security. Although it give us advantage to access it easily, but there is no full security on our accounts. So it’s better to store them offline that only yourself knows about it, than to keep it online and all eyes are on it.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
It doesn't matter how reliable and trustworthy the storage service provider is, storing your wallet files/seeds/private keys (even encrypted) on someone else's computer/server is not the right way to store a back up of your wallet.

Any online service, be it free or paid, be it some tiny provider no one has heard of or some global giant like Google or Amazon, be it cloud storage or an email account, can close your account or lose or delete your data at any time for any reason and without warning
So true! (personal experience)
I sent some of my wallets seeds to my Yahoo email address. After a year of inactivity they deleted all my emails and there is no way to recover them! And am sure more than 90% of Yahoo users aren't aware of this so-called feature.
legendary
Activity: 2268
Merit: 18711
So what site can you use where you don't have to worry about an inactive account?
Your own hardware. That's it. That's the only place you can ever be sure that your account won't be inactivated or your data won't be deleted without your consent. Any online service, be it free or paid, be it some tiny provider no one has heard of or some global giant like Google or Amazon, be it cloud storage or an email account, can close your account or lose or delete your data at any time for any reason and without warning, not to mention the massive risk of theft or hacks you take by using any online storage.

It seems that no matter how many times you are told this you are absolutely dead set on risking everything by storing your seed phrase or other sensitive data on the cloud. Why?
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
what sites do not delete your account if you don't log in after a certain amount of time?  What pay sites allow you to keep an account active without logging in for a long period?


gmail and yahoo ... do they close your account if you doni't sign in at least once a year or something?  So what site can you use where you don't have to worry about an inactive account? 

Used to until Google received backlash. Now the new policy took effect last year, whereby contents are deleted but not the access to the accounts themselves.

Quote
As of June 2021, Google may delete content in Gmail accounts that have become inactive. Your Gmail account is considered inactive when you haven't accessed it for more than 24 months (two years). If your account becomes inactive, you could lose the data that you stored in Gmail, such as messages, files, pictures, and videos. Still, you won't lose the account.

Source: https://www.lifewire.com/when-does-my-gmail-account-expire-1171894#:~:text=Google%20no%20longer%20deletes%20inactive%20Gmail%20accounts&text=As%20of%20June%202021%2C%20Google,24%20months%20(two%20years).
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
what sites do not delete your account if you don't log in after a certain amount of time?  What pay sites allow you to keep an account active without logging in for a long period?


gmail and yahoo ... do they close your account if you doni't sign in at least once a year or something?  So what site can you use where you don't have to worry about an inactive account? 

Mostly, services that you pay subscriptions to.

But then again — quick reminder that this is not a very good idea for your bitcoin/crypto wallet backups.
full member
Activity: 1750
Merit: 186
what sites do not delete your account if you don't log in after a certain amount of time?  What pay sites allow you to keep an account active without logging in for a long period?


gmail and yahoo ... do they close your account if you doni't sign in at least once a year or something?  So what site can you use where you don't have to worry about an inactive account? 
sr. member
Activity: 1190
Merit: 469
what about protonmail?  if you had to store it in the cloud would that be the best option?

Proton Mail is pretty good, because they (claim to) do actual client-side encryption (i.e. they are unable to decrypt your data). The thing is, how do you verify that claim?


 if u go a certain length of time without logging in, they might delete your entire account (if you're a cheapskate and use their free plan). as well like all other services they reserve the right to decide if you are doing anything illegal (even if you're not a cheapskate) and if so, delete your entire account.
legendary
Activity: 2268
Merit: 18711
Though storing it using usb is not that safe because if you plan to access your account then you need to insert your usb and that usb is now exposed to the internet.
USB drives or other removable media can be relatively safely used for back ups if you only ever connect them to airgapped devices, and are aware of the risks regarding their fragility and lifespan.

Maybe Jeff Bezos has a backup for them but no guarantee.
If there is one person in the world I definitely trust with my seed phrase, it's Jeff Bezos. Tongue

what about protonmail?  if you had to store it in the cloud would that be the best option?
Nope. If you must store something sensitive in the cloud (and I'm not sure that is ever actually the case) the only two acceptable options are either 1) don't do it, or 2) set up your own cloud server.
hero member
Activity: 1064
Merit: 843
Any cloud storage is bad for everything, who still use such ways to store files this days? This is even why I dont invest money on any cloud storage crypto projects, because anything can happen at any time.
Lol, it's not only about cloud storage projects, but it same applies with other shitcoin projects that I can't mention one by one.

Those projects only promising their readers and investors if they will work at their best to become the best project that will beat Bitcoin, but when the price already ten times higher from the beginning, you will see many CEO will run away with investors money since they already achieve the money that they're aim before creating their project.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10

This is a horrible thing. Every time I hear something like that, it makes me want to cry for a little while.


Not as bad as storing them on an exchange/ CeFi.

Learned a hard lesson from that one.
jr. member
Activity: 38
Merit: 18
Any cloud storage is bad for everything, who still use such ways to store files this days? This is even why I dont invest money on any cloud storage crypto projects, because anything can happen at any time.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
Amazon is providing approximately 18 months notice they are shutting down their service. That is more than ample time for someone to make arrangements to store their backups elsewhere if they chose to store their backups online.
In this case, maybe. But there have been plenty of cloud providers in the past who have provided little to no notice, and there will be plenty more in the future.
The best practice is to store at least three copies of their seed, including one off-site, and including storing them via at least two mediums of storage, suddenly losing one copy should not affect their ability to spend their coin. If you lose access to one copy for whatever reason, you should still have two other copies. I would obviously repeat my warning about why storing your seed in the cloud is generally not a good idea in my previous post.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
what about protonmail?  if you had to store it in the cloud would that be the best option?

Probably better than most options, but still — no. Seriously, just grab a hardware wallet/s, write down the backup, and hide that backup.

Tbh if you're asking about options with cloud storage, you're probably not capable of securing your backup in a digital manner proficiently.
hero member
Activity: 510
Merit: 4005
what about protonmail?  if you had to store it in the cloud would that be the best option?

Proton Mail is pretty good, because they (claim to) do actual client-side encryption (i.e. they are unable to decrypt your data). The thing is, how do you verify that claim?

Even if you do a point-in-time security audit on their code, nothing prevents them from "accidentally" including some JavaScript into your session that leaks your encryption key to them.

Good security is (partially) about reducing the number of things that you have to trust not to let you down. With that in mind, learning how to do things for yourself (if you're able) is recommended.
full member
Activity: 1750
Merit: 186
what about protonmail?  if you had to store it in the cloud would that be the best option?
legendary
Activity: 3024
Merit: 2148
When people talk about storing private keys "online", they generally don't mean cloud storage. They mean hot wallets or custodial wallets. And the reason why many choose to store their coins "offline", aka use cold storage is because they are in full control of their coins and the coins are exposed to a much smaller number of threats when compared to other methods.
legendary
Activity: 2492
Merit: 1232
Any valuable data is a crucial component when storing it online.
That's why those seed phrases or any information that can be leaked to your valuable belongings shouldn't store in the cloud or any online storage provider to avoid such possible consequences of scam.  It should be on a piece of paper and kept in your closet or much better a safety vault.

Good thing that the Amazon cloud services provider announced this which is they also care about their reputation and I think 18 months is enough time for users to retrieve their files and important data out of that cloud service.  
legendary
Activity: 1526
Merit: 1359
I have read about more than one instance of a user storing a seed phrase or private key in the drafts of some email provider...

This is a horrible thing. Every time I hear something like that, it makes me want to cry for a little while.
sr. member
Activity: 1190
Merit: 469
While i agree there's lots of time before their service shut down, i have small concern about how they notify their customer. According to the news, currently they only use email to notify their customer. I expect most people only open their email when they need to register or recover their online account, unless their job regularly use email. Additionally, it's likely their email buried with lots of promotional content unless they opt out from it manually.

Which is why in these types of situations there are going to be people with Amazon Drive accounts that lose their data. Say they went on a 2 year vacation when they come back, their data is gone! Maybe Jeff Bezos has a backup for them but no guarantee.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
It would be much better if you have quoted some important notes why storing your private keys or seed phrase offline is the best choice and why it is much safer compared to storing it online or using usb or hard drive. Though storing it using usb is not that safe because if you plan to access your account then you need to insert your usb and that usb is now exposed to the internet. You wouldn't know that your computer is infected with malware that is possible to steal your wallet.
legendary
Activity: 2212
Merit: 7064
Do you know what cloud storage actually is? Someone else's computer. Why would you store your seed phrase on someone else's computer? Do you know who can access that computer? Do you know how good that computer's security is? What if that person stops letting you access their computer? An incredibly stupid thing to do.
But it's safe and encrypted right? Right??
Or maybe you could be a presidents son that stores your whole weird life on iCloud and than someone hacks it and posts everything in public.  Cheesy
It's crazy to store anything or any sensitive information on any cloud service, and it's even more crazy to keep bitcoin seed words and passwords there.
Best option for seed words is to keep them offline on paper or metal, and for everything else it's not that hard to set up your own self-hosted ''cloud''.
legendary
Activity: 2268
Merit: 18711
Wow I love this thank you for this enlightenment am usually use to saving my phrase and passwords on my emails but now am not taking chances I word clear everything and save they offline properly.
Great that you are now going to secure your seed phrases properly, but simply deleting everything from the cloud storage is not sufficient. Again, think of cloud storage as someone else's computer. If you say to them "Delete this file" and they say "Ok, I've deleted it", you have absolutely no proof whatsoever that the data is actually deleted. And even if it is deleted, it probably isn't properly shredded and could be recovered. And even if it is shredded, it is probably backed up on more than one other server somewhere and could still be accessed.

Instead, you should consider whatever seed phrases or private keys you had stored online permanently compromised. Create some brand new wallets with the seed phrases backed up only via non-electronic means (i.e. pen and paper), and then transfer all your coins out of your old wallets in to these new ones.
sr. member
Activity: 952
Merit: 391
Underestimate- nothing
Not just your seed phrase / private keys, but any data you really care about is too risky to exclusively store in the "cloud". Always make sure you have local copies of important stuff.

Also, never store anything sensitive without encrypting it first. There are data breaches all the time, and this can easily lead to your bitcoin disappearing and your accounts being hacked.

TLDR: The only thing cloud storage is good for is (client-side) encrypted backups. But if you don't know exactly what you're doing, just avoid it altogether.
Wow I love this thank you for this enlightenment am usually use to saving my phrase and passwords on my emails but now am not taking chances I word clear everything and save they offline properly.
legendary
Activity: 2268
Merit: 18711
Take for example, there is no way a company as big as Amazon would want to shut down a service without announcing it first and giving their customers who use that service time to transfer their documents to another company that provides the same service(like they just did in this case).
I have read about more than one instance of a user storing a seed phrase or private key in the drafts of some email provider, who have shut down without warning. Amazon might have given a warning, but many won't.

So the major reason why storing seeds and private keys online is frowned at is because of hack, most especially for newbies who don't know how to use strong passwords for their account security, and some also do not know how to use 2FAs, such account can easily be hacked, so this is why it is better to keep your seed phrases offline for better security.
This isn't the most likely attack either. Even if I used a truly random password of 500+ characters along with a hardware key 2FA, I would still never store anything valuable on the cloud (i.e. someone else's computer). You have absolutely no idea how good their security is, if your data is transferred securely, stored securely, how many times it is copied, in how many servers all around the world it is stored, where these servers are, who can access these servers digitally, who can access these servers physically, and so on. Even if your account is not hacked there are a million ways that your data could be stolen or lost.
sr. member
Activity: 1190
Merit: 469
Amazon is providing approximately 18 months notice they are shutting down their service. That is more than ample time for someone to make arrangements to store their backups elsewhere if they chose to store their backups online.
In this case, maybe. But there have been plenty of cloud providers in the past who have provided little to no notice, and there will be plenty more in the future.

That's right. This Amazon situation is the best case scenario you see in these type of situations where the service provider decides to pull the plug.  
 

Quote from: Fivestar4everMVP
You are exactly wrong in your subject, that Amazon is shutting down their service has nothing to do with why peeps shouldn't store their seed or private keys online.
It's one of the reasons. Just highlighting that you can't trust online cloud storage providers at all. As well, not all of them are as nice as Amazon. As o_e_l_e_o pointed out.

To say nothing of how shady cloud storage providers can just close your account and delete all your files without your permission and not have to explain why. it happens.


Quote
The reason why it is said never to store your seed or private keys online is due to how easy it might be to get hacked...

That's one of the reasons.

But back to this Amazon situation. There will most likely be people that don't migrate their data away from Amazon Drive for a variety of reasons. One of them being they never knew the service was shutting down. Yes, isn't that hard to believe? But its' true.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
You are exactly wrong in your subject, that Amazon is shutting down their service has nothing to do with why peeps shouldn't store their seed or private keys online.
The reason why it is said never to store your seed or private keys online is due to how easy it might be to get hacked, and not because of the service itself shutting down.
Take for example, there is no way a company as big as Amazon would want to shut down a service without announcing it first and giving their customers who use that service time to transfer their documents to another company that provides the same service(like they just did in this case).
So the major reason why storing seeds and private keys online is frowned at is because of hack, most especially for newbies who don't know how to use strong passwords for their account security, and some also do not know how to use 2FAs, such account can easily be hacked, so this is why it is better to keep your seed phrases offline for better security.
legendary
Activity: 2268
Merit: 18711
Do you know what cloud storage actually is? Someone else's computer. Why would you store your seed phrase on someone else's computer? Do you know who can access that computer? Do you know how good that computer's security is? What if that person stops letting you access their computer? An incredibly stupid thing to do.

Amazon is providing approximately 18 months notice they are shutting down their service. That is more than ample time for someone to make arrangements to store their backups elsewhere if they chose to store their backups online.
In this case, maybe. But there have been plenty of cloud providers in the past who have provided little to no notice, and there will be plenty more in the future.
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
If you are aware of the risks that storing anything important such as seeds or private keys online then it's your call. Basically, you have an idea on how to keep those things confidential despite being not recommended in doing so. I've known people that have been doing that but of course, not for their keys but for some important login details and information which eases them from their tasks and businesses. It could be done for crypto-related stuff but if you're also aware of those breaches that have happened, you'll never do this when you're aware that a hacker might find and crack it. As for Amazon, the point is actually good, what if the cloud storage you're using suddenly collapsed or announces an immediate closure but for someone who understands the importance of keeping your keys safely through the manual way of writing it down, this is out of choice.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
/

Amazon is providing approximately 18 months notice they are shutting down their service. That is more than ample time for someone to make arrangements to store their backups elsewhere if they chose to store their backups online.

With that being said, there are plenty of reasons to not store your backups in the cloud or online, such as the potential for the service provider having a security breach, your account being hacked via various means, or your account password being reset via phishing.

Even if your private keys are encrypted, an adversary would have an unlimited number of attempts to decrypt your private keys, until you become aware of the breach and move your coin.
full member
Activity: 1834
Merit: 166
Even if Amazon has decided to shut down it's cloud storage then also you should not be storing your seeds over there and only offline ways should be used for it.If some bad actor or hacker gained access to your keys or seeds through cloud then your funds will be gone so why use these ways in first end.It is advisable never to have digital copy of them and you are saying about Amazon services which can easily involved in data leak so don't trust them at all.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
That's just one thing, but people are against storing your backup digitally(or worse, on the cloud) mostly because of potential breaches. Writing your backup down on a piece of paper or etched on a steel sheet automatically removes the risk of hacking.
legendary
Activity: 1372
Merit: 2017
Well no, I do not agree with the title of the thread. That amazon is going to shut down its cloud service has nothing to do with what is usually said about saving your seeds offline.

Amazon is going to stop providing a service and if you store things in that cloud, you will have to find another service if you want to continue storing them in a cloud.

Saving things in a cloud has its advantages and should always be done with information that is not too sensitive, as mentioned above.

But saving your seeds offline is often said because from the moment you have them online, there is a risk that they will be stolen by hackers, and for that it doesn't matter if Amazon Drive stops its service on Dec. 31, 2023.
legendary
Activity: 2576
Merit: 1860
It's not just the cloud actually. It is not recommended to store any piece of sensitive information online. Anything stored online could be illegally and legally accessed by anybody. And not only do you not have complete and sole control of your information, even the storage itself is not within your control. The authorities could conduct a search in a cloud storage. Furthermore, even encryption does not guarantee complete security.
hero member
Activity: 510
Merit: 4005
Not just your seed phrase / private keys, but any data you really care about is too risky to exclusively store in the "cloud". Always make sure you have local copies of important stuff.

Also, never store anything sensitive without encrypting it first. There are data breaches all the time, and this can easily lead to your bitcoin disappearing and your accounts being hacked.

TLDR: The only thing cloud storage is good for is (client-side) encrypted backups. But if you don't know exactly what you're doing, just avoid it altogether.
Jump to: