Pages:
Author

Topic: Most people are not capable of keeping their wallets safe? (Read 6090 times)

member
Activity: 115
Merit: 11
I like long walks on the beach, shaving my head...
I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

So you leave an encrypted version of wallet.dat in your .bitcoin folder. What does your client do when it sniffs around and finds no wallet.dat file?
full member
Activity: 210
Merit: 100
firstbits: 121vnq
Who would enforce this? The US? Bitcoin is not legally considered a currency anywhere to my knowledge. The bank could in fact just take your bitcoins and not return them. There would be zero legal repercussions.

So we can't have binding contracts in a bitcoin world? That would kinda suck.

Quote
More services like My Bitcoin
Quote
Sure, the market will decide, but this would be an easy way to steal people's bitcoins.

For a short period of time anyway. Presumably there is more money to be made in offering a service without scamming than with scamming. And whether or not bitcoins are recognized as a currency, there is nothing saying they aren't of any value, so that if you steal them from me and I know who you are, and my philosophy/politics do not go against getting the police involved, that I can't attempt to have you arrested for theft. Presumably a "trusted bitcoin bank" would be transparent as to who they were and seek something like voluntary regulation/certification.

If I have a choice between depositing with a bitcoin bank that tells me they are doing business as such and such in such and such a country and here are the regulations they are operating under versus a bitcoin bank that has none of that, it's not a really hard decision where to park some money.

Quote
It seems like you're describing Paypal. It has a worldwide network, an easy to use interface, option of physical card, legal liability, and an online banking system. Apart from fees, there's no reason for anyone who can't back up or remember a password to use Bitcoin at all instead of Paypal.

You're kidding, right? I can think of about 50 reasons why people might want to use BTC rather than paypal that have absolutely nothing to do with passwords, backups, or wallet.dat files.
member
Activity: 87
Merit: 10
Ability for automatic offsite encrypted backups that occur after every transaction (storing bitcoins in the cloud) and "password recovery" features in those cloud services

Someone could sell a "cloud client" that does this. However, you have to trust the provider that they won't use your Bitcoins.

Ability to easily use multiple wallets and transfer between wallets (I'm talking large buttons in the client that are like "Checking Wallet" "Savings Wallet" etc)

Wallets should be easily importable and exportable from the GUI. However, simultaneous usage of multiple wallets would be more confusing, don't you think? The whole point of the "savings" wallet idea is that you generate an address and then send money to it periodically, but you don't need to open the wallet unless you want to send from it.

Ability to have a physical card that bitcoins can be transferred to

If we're assuming that people can't back up or remember a password, the current QR code implementation in Bitbills probably won't be useful. I suppose someone could just encrypt and distribute their wallet and then write their password on a piece of paper and use it as a "Bitcoin card", but then the security of all of your money is dependent on a single piece of paper.

Easier ability to store bitcoins in a bitcoin bank

Bitcoin banks might be an excellent business but the market doesn't exist yet. Right now most people are content to control their own money.

Bitcoin banks with legally binding guarantees (ie; you can store up to 10000 BTC with us and if we get hacked or detrayo your btc somehow, we are on the hook)

Who would enforce this? The US? Bitcoin is not legally considered a currency anywhere to my knowledge. The bank could in fact just take your bitcoins and not return them. There would be zero legal repercussions.

More services like My Bitcoin

Sure, the market will decide, but this would be an easy way to steal people's bitcoins.


It seems like you're describing Paypal. It has a worldwide network, an easy to use interface, option of physical card, legal liability, and an online banking system. Apart from fees, there's no reason for anyone who can't back up or remember a password to use Bitcoin at all instead of Paypal.
legendary
Activity: 1145
Merit: 1001
Would it be possible to have some kind of program running that checks if any process other than the Bitcoin program is acessing the wallet.dat file, and if so, then pop-up a warning?
full member
Activity: 210
Merit: 100
firstbits: 121vnq
It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

It simply isn't reasonable to ask people tot ake the risk that their paper dollar can disappear because of losing their wallet.  oh wait..but it is reasonable...

The average person if much more comfortable with keeping track of a physical wallet than a file that can be corrupted/deleted/etc (yes I know its crazy. the file can be copied and backed up in 72 different places and the physical wallet only exists in one place! but its also true. Only a very small percentage of the population is comfortable with assets that exist only in intangible form)

Here are suggestions
- Ability for automatic offsite encrypted backups that occur after every transaction (storing bitcoins in the cloud) and "password recovery" features in those cloud services
- Ability to easily use multiple wallets and transfer between wallets (I'm talking large buttons in the client that are like "Checking Wallet" "Savings Wallet" etc)
- Ability to have a physical card that bitcoins can be transferred to
- Easier ability to store bitcoins in a bitcoin bank
- Bitcoin banks with legally binding guarantees (ie; you can store up to 10000 BTC with us and if we get hacked or detrayo your btc somehow, we are on the hook)
- More services like My Bitcoin

There are no alterations that destroy the ability of BTC to be used exactly as they are now, just modifications that allow some users to forgo some decentralization or some pseudonymity for ease of use/greater security/whatever.
hero member
Activity: 1316
Merit: 503
Someone is sitting in the shade today...
It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

It simply isn't reasonable to ask people tot ake the risk that their paper dollar can disappear because of losing their wallet.  oh wait..but it is reasonable...
member
Activity: 87
Merit: 10
We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

That's fine, if you want bitcoin to only be used by libertarian nerds.


I'd be interested to hear your ideas for how we might make Bitcoin secure for those who won't back up their wallet and won't remember their password without losing the decentralized aspect of Bitcoin. Bitcoin appeals to "libertarian nerds" because it gives users control over their own money. Would you give up control in exchange for security despite laziness? Use a USD bank.

Quote from: phatsphere
exactly what i think. my "dream" is some kind of banking or credit card, that has an intrinsic unique key and a passphrase -- just like EC cards today have. your actual wallet is stored at a central bank and thats where the real transaction happens.
the device where you put the card in just get's a token for verification and that also enables instant payouts. especially, the "bank", where your wallet actually is, pays for you and also manages your wallet to get the confirmations later.

Bitcoin banking of this type would be an excellent business for anyone who wants to build it. It would allow some people to give up control in exchange for security/convenience, but not force it upon all users. Though you'd still have to rely on a user remembering his or her password.
hero member
Activity: 763
Merit: 500
It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.


exactly what i think. my "dream" is some kind of banking or credit card, that has an intrinsic unique key and a passphrase -- just like EC cards today have. your actual wallet is stored at a central bank and thats where the real transaction happens.
the device where you put the card in just get's a token for verification and that also enables instant payouts. especially, the "bank", where your wallet actually is, pays for you and also manages your wallet to get the confirmations later.

even better: replace "card" with "smartphone"
hero member
Activity: 763
Merit: 500
Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
Really? That just about nailed it. Good job!

Thx. I've a master in mathematics, that helps understanding the paper and the crypto background  Grin
full member
Activity: 140
Merit: 101
The phrase "BITCOIN IS LIKE CASH" needs to be drummed into people from the day they download the client, if not sooner.

If you lose your cash, it's your problem.
If your cash is destroyed in a fire, it's your problem.
If you lock your cash in a safe and lose the key, it's your problem.
If you give someone your cash and he doesn't deliver, it's your problem.

But I agree that right now most people can't keep their wallets safe. Most people never back anything up, and eventually lose all their data as a result. Backup solutions are getting better and easier to use, but most people still aren't using them. Hell, I should know better, but I didn't get a wallet backup into place until I noticed that with the appreciation I suddenly had a lot of money invested in them, and I still don't have a real system.

There may actually be a business opening here for a secure wallet backup service that uses client-side encryption. (The client software would of course have to be open source, to prove it really was encrypting the data.) But then we'd still be trusting ordinary users to know the difference between a legitimate backup service and a scam. Personal responsibility is always dangerous in this way.
legendary
Activity: 2408
Merit: 1121

That's fine, if you want bitcoin to only be used by libertarian nerds.


That's what I like about you, no broad generalizations. Because, as we both know, only someone who has no argument to stand behind resorts to that kind of thing.
full member
Activity: 210
Merit: 100
firstbits: 121vnq
We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

That's fine, if you want bitcoin to only be used by libertarian nerds.

member
Activity: 87
Merit: 10
It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

member
Activity: 84
Merit: 10
Agorist
All average joe needs to do is install the bitcoin client on a usb dongle, plug it in when need to use and unplug immediately when done.

...Except as I just found out, that requires running bitcoin.exe with cmd with modifying instructions to relocate the data directory to the USB dongle, which is a real bitch. Average Joe doesn't even know what the F cmd is, much less how to use it.

I don't think it would be hard* to add something onto the client that will do that for the user automatically (on install have an option to run it from C:/ or elsewhere), and it would go MILES towards helping Average Joes and Janes use bitcoin securely more easily. Without ease of use, bitcoin will remain a niche commodity - and bitcoin needs greater market depth more than anything else.

*Note: I say this as a non-programmer. I have no idea how hard it would actually be. But I can't see why it would be hard.
full member
Activity: 210
Merit: 100
firstbits: 121vnq
yes bitcoins will never see mainstream adoption as long as people can literally delete a file or forget a password and lose all their money, no matter what you geeks think. I agree that more services like mybitcoin will emerge, and I suspect the next iterations o cryptocurrencies (the ones that do catch on after BTC crashes and burns) will have much different ways of dealing with this.

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

legendary
Activity: 1137
Merit: 1001
If bitcoin could be put on an ironkey like device, would that help?

https://www.ironkey.com/
legendary
Activity: 1204
Merit: 1015
Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
Really? That just about nailed it. Good job!
hero member
Activity: 763
Merit: 500
I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves?

No, technically, there are no bitcoins in a file and there are also no bitcoins really floating around. The system is based on transactions. They have two ends: input and output and they form long chains which are public knowlege. (see blockexplorer website)
Your actual wallet contains the private keys to all the addresses, from where you would be able to send money to somebody else. I.e. the open ends of transactions where you can proof that you are the receiver and you are able to append another chain to somebody else (and also yourself, too).
Where does the chain start? Well, each new generated block ("mining") starts with a loose end.

Your backup basically contains those private keys and about 100 more which will be used for future transactions. So, even when you loose your wallet file and your backup is some transactions behind, you should not loose something.

Quote
Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?

Well, the client reads the wallet file and checks all transactions if it is able to append to the chains. Then it sums up all the amounts in the open ends. I don't know what you mean with computer ID ... that's irrelevant. The wallet file is client dependent (assuming there will be independent and completely different btc clients in the future ... so you have to make sure that the wallet file can be read by the client software, that's all)

Self management depends on you. The file itself is unencrypted ... which is a flaw in the system. Hence, you have to make sure that nobody could use it if your hard-drive is stolen ... hence disk encryption. When you upload it somewhere, make sure that you encrypt the file prior to sending it.

Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
legendary
Activity: 1764
Merit: 1015
I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves? Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?
member
Activity: 87
Merit: 10
would it be possible or useful to back up everyones wallet somehow in an encrypted form in the block chain such that it would always be an up to date backup and also accessible from anywhere running bitcoin. you would be forced to use a strong password/phrase somehow.

maybe a completely stupid idea. just seems appealing that you could go to any computer with bitcoin on it, enter you're passphrase and voila, you have access to your wallet.  actually just writing this now thinking that this would be pretty stupid as there could be all sorts of spyware/key loggers on an unknown computer.

Better idea is to widely distribute your encrypted wallet.dat (P2P file storage comes to mind) and then download it if you move to a new computer. This protects fairly well from loss but you still need to remember your password (obviously).
Pages:
Jump to: