Pages:
Author

Topic: how much BTC would you trust in a blockchain.wallet,how long should passord be?? (Read 3047 times)

legendary
Activity: 3710
Merit: 1586
Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

What was your password? Do you use Windows?
I would never! Completely clean Ubuntu computer. 'Twas a big 108 BTC major hack - others were affected. I only lost 1.2 however. Now I use 2FA and a paper wallet for my new Bitcoin Smiley

Well that is odd. Linux rules out malware.

What kind of password was it?
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

What was your password? Do you use Windows?
I would never! Completely clean Ubuntu computer. 'Twas a big 108 BTC major hack - others were affected. I only lost 1.2 however. Now I use 2FA and a paper wallet for my new Bitcoin Smiley
newbie
Activity: 42
Merit: 0
Only really trust Bitcoins in my own personal wallet. With all these sites going down and hackings seems to safest way.
legendary
Activity: 1050
Merit: 1002
Your password doesn't matter, the only thing that matters is password uniqueness.

This is very true. Password uniqueness and strength are the key to keeping Bitcoins safe online.

https://www.strongcoin.com/en/blog/are_you_guilty_of_the_following_password_mistakes

No, that is not true.

Password uniqueness and strength, as well as two-factor authentication, are measures which HELP keep bitcoins safe online.

None of that matters if the online service you use becomes corrupted. Two-factor authentication would not have helped anyone with a mybitcoin.com account. Password uniqueness and strength would not have helped Bitcoinica customers.

I will say it again:

For ANY online Bitcoin service I advise only storing as much there longer term as you are willing to lose completely if something unforeseen (like hacking/dishonesty/mistakes etc.) happens.
legendary
Activity: 3710
Merit: 1586
FYI blockchain is currently down because of a DDoS:

https://twitter.com/blockchain/status/324785363002458112

So not being able to access your account is another risk with blockchain.
legendary
Activity: 3710
Merit: 1586
Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

What was your password? Do you use Windows?
newbie
Activity: 42
Merit: 0
sr. member
Activity: 262
Merit: 250
Your password doesn't matter, the only thing that matters is password uniqueness.

This is very true. Password uniqueness and strength are the key to keeping Bitcoins safe online.

https://www.strongcoin.com/en/blog/are_you_guilty_of_the_following_password_mistakes

newbie
Activity: 56
Merit: 0
Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

what happens if you loose your mobile, what happens to2 factor then?

If you're smart you'll have written down your 5 - 10 throwaway two factor authentication codes that you get when you signup for 2FA with Gmail and you'll use one of those to log into your account to turn off 2FA and change your password and reset everything.

Just my opinion but if you have a lot invested in Bitcoins/ALT currencies I'd have a separate phone locked in a safe so you don't lose it.
legendary
Activity: 2632
Merit: 1023
Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

what happens if you loose your mobile, what happens to2 factor then?
donator
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
regarding password length




http://xkcd.com/936/


IT still has a LOOOOOOOONG way to go ...

If we say there are 10,000 words and a password will be 4 words...that is 1E16 combinations. If we have 26 uppercase, 26 lower case, 10 numbers and 10 symbols, then a 9 char passwords has 72^9= 5E16 combinations. So, a good 9 char password (really hard to memorize) is as decent a password as a 4 word pass phrase.

That sound right?
sr. member
Activity: 315
Merit: 255
Your password doesn't matter, the only thing that matters is password uniqueness. You shouldn't rely on your password to keep your account safe. You should rely on 2-factor authentication to keep your account safe; you should assume your password will be keylogged or stolen - if that's the case then the only risk (because you have 2-factor) is that your password will be tried by the crackers on other services to see if you re-used it. But, if you didn't re-use it then you're fine.

You know what I do with my Blockchain wallet? I have a 30 character password that I keep in a Google Doc, and I copy/paste it into Blockchain but I have Google Authenticator / 2FA on both the Google account that holds the password doc, and Blockchain.

This might seem insecure, but seriously, nobody has their password stolen because they wrote it down somewhere. People get hacked because they re-use passwords and because they don't 2FA. 2FA is never going to get hacked. Just don't lose your phone. Smiley

Unique passwords, even if you have to track them all in a document, or in KeepPass/LastPass etc is far more secure than using the same passphrase everywhere.

The other mistake people make is not securing their email address. If your email is compromised then it can be used for password reset.

Passwords = just for fun. 2FA = keep out crackers
member
Activity: 112
Merit: 10
Admin at blockbet.net
I have 100% trust towards blockchain.info, but still, I would only store as little as necessary, for as short a time as necessary.

It's all subjective though, what one person might consider his life savings might be small money to somebody else. But frankly I can't see any reason why you'd put your bitcoins there unless you plan on spending it soon. If you have thousands of dollars worth of bitcoins, then in my opinion, it's a good idea to spend some time to study how local wallets work and how they can be kept safe.

Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

Can you tell us what happened? Did you have a easy password, a trojan on your computer, or how did that happen?
legendary
Activity: 1050
Merit: 1002
Sure, local wallets will always be more secure when done correctly.

What I'm wondering about is the risk importance.

How important are your funds to you? If you lose whatever amount you have on an online service I daresay you would feel it's important. The only way to minimize that loss/importance is to minimize what can be lost that way.

Now if you're asking about likelihoods sure that can be a consideration. Is it likely Blockchain.info will be effectively hacked or that piuk, the site's creator, is dishonest and/or unreasonably incompetent on security matters? Given its history I'd say no that's not likely. That still doesn't mean I'm willing to trust 100% of my coins there. I'd put there as much as might be used for typical transactions, for example.

EDIT: now that I think about it where is Blockchain.info hosted? If it's not hosted under only piuk's administration (i.e. with a hosting provider) then anyone with access can compromise the site and steal coins with clever code.

sr. member
Activity: 434
Merit: 250
Sure, local wallets will always be more secure when done correctly.

What I'm wondering about is the risk importance.
sr. member
Activity: 363
Merit: 250
how much BTC would you trust in a blockchain.wallet, how should password be??

note assumes you have got all your private keys backup and encrypted everywhere

me, unsure at this stage (hence the thread) but it seems with say a 20 plus letter password it should be ok?Huh

I have all my bitcoins there in watch mode with a strong long password. I use paper addresses and I import the keys when I want to use the coins. Those coins might sit there a couple of days and I have no problems with that but long term I wouldn't let any coins sit there in case the site goes down and you can't access the website or something similar.
legendary
Activity: 4424
Merit: 4794
using any remote service for storage that is not owned by you is risky.

no matter how much security a bank vault has, there have been hundreds of years of examples of bank thefts involving gaining entry to a vault.

no matter how much security a bank has on its computer systems there are decades of examples of hacking banking institutions.

the only reason to still trust banks is that your money is insured.

with bitcoin it is not insured.

so don't let third parties hold all your funds, no matter how much security they promise they have.

remember if the only copy of the private key is on your hard drive or a piece of paper in your possession then the coins only belong to you.

if a third party service has it, secured or not. there is always a risk.

so only risk what your willing to use/lose.
legendary
Activity: 1050
Merit: 1002
In 2011 it was really silly to use the webwallets.
However, because blockchain.info (and others) never touches your private keys, is it still as much a risk as many here pretend?
(Provided you use a secure password, of course.)

How do you know they don't touch your private keys? They say they don't, but unless you read the javascript source code every time you access their website, you are taking that on trust. If their website is hacked, the hacker could edit the javascript to leak your private keys/password back to them and steal your bitcoins.

This is a much lower risk than an old style web wallet that stores your private keys. In the blockchain.info case you would only be at risk if you tried to access your webwallet in the window between the site being hacked and someone noticing and taking it offline.

This is correct.

Unless you are reading the code/information exchanged between your computer and blockchain.info (or elsewhere) EVERY TIME you connect and exchange information then you can't be sure things are happening as you imagine and hope they are.

For ANY online Bitcoin service I advise only storing as much there longer term as you are willing to lose completely if something unforeseen (like hacking/dishonesty/mistakes etc.) happens.
legendary
Activity: 892
Merit: 1013
newbie
Activity: 15
Merit: 0
In 2011 it was really silly to use the webwallets.
However, because blockchain.info (and others) never touches your private keys, is it still as much a risk as many here pretend?
(Provided you use a secure password, of course.)

How do you know they don't touch your private keys? They say they don't, but unless you read the javascript source code every time you access their website, you are taking that on trust. If their website is hacked, the hacker could edit the javascript to leak your private keys/password back to them and steal your bitcoins.

This is a much lower risk than an old style web wallet that stores your private keys. In the blockchain.info case you would only be at risk if you tried to access your webwallet in the window between the site being hacked and someone noticing and taking it offline.
Pages:
Jump to: