Remove Your Seed/Recovery Phrase From Centralized Password Managers

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: dansus021 on January 16, 2023, 07:39:55 PM

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

It's not only that it is easily opened and stolen, but if anything happens to your chrome installation, you will lose your passwords (unless you chose to sync them with your Google account) as the user_data folder will be trashed and replaced with a clean one.

But let's be honest. Built-in browser password managers do not help. Most of us use multiple browsers, so even if your browser can sync passwords, it can't sync them to other browsers.

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

Quote from: Nwada001 on January 28, 2023, 12:58:02 PM

Check my mail, and this statement was given: "Oh no—pwned!"pwned in six data breaches and found no leaks (subscribe to "search sensitive breaches"). This "subscribe to search for sensitive breaches" simply means they are also seeking traffic and email data.

Other ways of password protection were suggested, which are some form of random sites too; they might be active and protective, but I can't use them if my saved passwords on Google are already breached, which means the safest way is to go old school, like I do with my wallet security, and write down everything on paper and take charge of my own security. Thanks to this thread left to me alone I could have not known of my password being leaked.

Great it can help you, I have found my email and password and leaked in other place as well because I'm recycling my password on every site back year ago but now I'm using password generator and save it on bitwarden.

Using old school way is good but I think you should using password manager too

Nwada001

hero member

Activity: 700

Merit: 673

Quote from: dansus021 on January 17, 2023, 09:12:57 PM

and i found useful website that called https://haveibeenpwned.com/ basically to check my email or password has been compromised and you guys should check it too

Check my mail, and this statement was given: "Oh no—pwned!"pwned in six data breaches and found no leaks (subscribe to "search sensitive breaches"). This "subscribe to search for sensitive breaches" simply means they are also seeking traffic and email data.

Other ways of password protection were suggested, which are some form of random sites too; they might be active and protective, but I can't use them if my saved passwords on Google are already breached, which means the safest way is to go old school, like I do with my wallet security, and write down everything on paper and take charge of my own security. Thanks to this thread left to me alone I could have not known of my password being leaked.

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

Quote from: lovesmayfamilis on January 17, 2023, 12:47:08 AM

I think your peace of mind about the safety of your passwords in the browser is just a matter of time.ven here on the forum, it has been written a thousand times that simply trusting the Chrome browser is the same as walking naked in front of an open window, so you also trust him with something that should be stored very carefully.

Yeah I'm right now moving to bitwarden after advice from you guys

and i found useful website that called https://haveibeenpwned.com/ basically to check my email or password has been compromised and you guys should check it too

But the lucky me I'm never save sensitive password like bank or keyphrases to my google Grin

So thanks yall

Sanitough

hero member

Activity: 2856

Merit: 674

Quote from: Sandra_hakeem on January 16, 2023, 05:42:53 PM

This are things a sane person won't try at all... I keep saying it
What's the point of getting registered on a decentralized platform just to end up giving away your earnings on a centralized exchange, knowing too well the unbearable disadvantages? C'monnnn, this is been said over time.
Password managers ain't even an option to choose for something as important as your seed phrase -- I won't even save my forum account info on it, talk more of the keys to your FREEDOM? NO!!

Sandra 🧑‍🦰

Centralized password managers can never be reliable at all since they can be a source of losing our privacy by allowing them to access to our own funds and steal them in the process. Seed phrase should always be kept to yourself and not to any other group or entity, otherwise you are giving them the freedom to control you and your funds, rather than having the freedom all by yourself. That is why decentralized wallets are made, to help us more responsible with our own coins and our hard-earned funds.

erep

hero member

Activity: 2282

Merit: 589

Quote from: BitMaxz on January 17, 2023, 06:29:33 AM

I agree with some points but I do not recommend using such tools to save passwords to any accounts that involve money. I'm fine with social media accounts and forum accounts but for exchange sites, wallets, or bank accounts storing your password to any password manager is too risky and it can be targeted by hackers soon all user's passwords are leaked. I am more safe writing them all on a piece of paper than storing them to any password manager even it is opensource there are still possibilities that it can be hacked.

We should avoid saving passwords in the password manager on any browser except for social media accounts or other accounts that do not require second screen security, but for the security of exchange accounts and other important accounts we must add the security feature 2fa to increase the security of account access, because even though we save passwords on manual paper but without activating 2fa then account security will not be guaranteed to be hacked, so always increase the security features available for every use of the account.

dzungmobile

sr. member

Activity: 854

Merit: 424

I stand with Ukraine!

Quote from: o_e_l_e_o on January 17, 2023, 05:29:51 AM

Quote from: Crypt0Gore on January 17, 2023, 05:25:37 AM

Every Chrome browser users automatically have their password saved by the browser for easier log in later

Then turn it off. Or better yet, stop using Chrome since it is literally spyware.

Instead of Chrome, use Firefox or Tor browsers. Avoid Brave browser that is a copy of Chrome and spyware too.

https://nordvpn.com/blog/best-privacy-browser/

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Quote from: dansus021 on January 16, 2023, 07:39:55 PM

Yeah, I heard about what happened to LastPass but to be honest we still need a password manager, and most of a password manager is centralized, why we need password manager because I personally keep changing the password on every account which is good since using the same password will get you hacked when one of your accounts got hacked.

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

I agree with some points but I do not recommend using such tools to save passwords to any accounts that involve money. I'm fine with social media accounts and forum accounts but for exchange sites, wallets, or bank accounts storing your password to any password manager is too risky and it can be targeted by hackers soon all user's passwords are leaked. I am more safe writing them all on a piece of paper than storing them to any password manager even it is opensource there are still possibilities that it can be hacked.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Crypt0Gore on January 17, 2023, 05:25:37 AM

Every Chrome browser users automatically have their password saved by the browser for easier log in later,

You can go to Settings > Autofill > Password Manager and uncheck "Offer to save passwords".
Take note that even if "Offer to save passwords" is checked, it doesn't save your passwords automatically and it always ask you whether you want the password to be saved or not.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Crypt0Gore on January 17, 2023, 05:25:37 AM

Every Chrome browser users automatically have their password saved by the browser for easier log in later

Then turn it off. Or better yet, stop using Chrome since it is literally spyware.

Crypt0Gore

sr. member

Activity: 952

Merit: 275

Quote from: hd49728 on January 17, 2023, 04:20:57 AM

If you don't want to use Lastpass, keepass because of security concerns, I am so surprised to see you're ready to store your password on your browser, Google Chrome and use Google Password manager.

Do you think something is wrong? Google don't have good reputation about their data protection for users. They even proactively collected data from users and sold it somewhere to convert free data to their income like Facebook.

If you have ever saved your passwords on Google Chrome, Google password manager, it's time to change all your passwords and never repeat it.

If you use gmail, you can check [Guide] How to know if your email address was part of any data breach.

Every Chrome browser users automatically have their password saved by the browser for easier log in later, since all the websites I am engaging with are not money saving platforms I am fine with google password manager, when it comes to my online bank account for example or exchange account my password and security level is crazy..

My password alone is over 20 alphabet with a mixture of signs and other things I don't want to say.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Removing you seed phrase from a password manager is not enough. If the seed phrase is in the password manager in the first place, then it has been stored electronically on a computer with an internet connection. You should therefore assume it is already compromised. Instead you should set up a brand new wallet with its seed phrase only backed up via pen and paper and move all your coins over to this new wallet.

Quote from: alastantiger on January 16, 2023, 02:11:59 PM

Additionally, I would advise against saying your seed phrase aloud if you use voice-activated devices like Alexa, Siri, or Cortana. I don't want to sound paranoid in saying this. It's impossible to completely rule out the chance that these gadgets are listening in on our chat and that, in the event of a hack, your seed phrase will be stolen.

Rather than it being impossible to rule out that these devices are listening to you, it has been widely confirmed multiple times that they are listening to you at all times, and what you say is being transferred to centralized servers for storage and analysis. Anything you say in the vicinity of one of these devices is on a third party server somewhere, and you have no idea who has access to it.

Quote from: dansus021 on January 16, 2023, 07:39:55 PM

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

Google were caught storing users' password in plain text for over a decade. I wouldn't trust them with a single satoshi.

I would suggest using KeePassXC or Bitwarden.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

If there are significant funds in discussion, the seed phrase should not touch even the computer or smartphone that will ever be connected to the internet. This supersedes the use of password managers, e-mail, cloud or whatever.
I don't understand, people no longer have paper and a ball pen in their homes?! Is it so difficult to actually write down (a couple of times) 12 or 24 English words? They have to put everything onto the internet? WTF?!

hd49728

legendary

Activity: 2044

Merit: 1018

Not your keys, not your coins!

If you don't want to use Lastpass, keepass because of security concerns, I am so surprised to see you're ready to store your password on your browser, Google Chrome and use Google Password manager.

Do you think something is wrong? Google don't have good reputation about their data protection for users. They even proactively collected data from users and sold it somewhere to convert free data to their income like Facebook.

If you have ever saved your passwords on Google Chrome, Google password manager, it's time to change all your passwords and never repeat it.

If you use gmail, you can check [Guide] How to know if your email address was part of any data breach.

Crypt0Gore

sr. member

Activity: 952

Merit: 275

I've lost some passwords to hackers through google password manager and the reason why they still don't have access is Gmail code and 2Fa code, most times I get message alert that someone is trying to log into my twitter account and other platforms until I changed the password to something stronger...

Imagine keeping crypto wallet recovery seeds this same way, it's complete stupidity of anyone to do such.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: dansus021 on January 16, 2023, 07:39:55 PM

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

Open-source password managers like Bitwarden, KeePass (for Windows), and KeePassX (for Mac and Linux) allow you to generate very robust passwords and passphrases using a system source of random data. Unlike browsers' in-built password managers, they store sensitive information in encrypted containers, which is decent protection in case of physical access to your device. If someone were to find your phone with the google chrome browser installed, he would extract all your passwords by clicking two buttons, but he would have a hard time trying to hack your encrypted password manager application. However, all this doesn't mean that password managers are the right place to store seed phrases because there is no such thing as an unhackable application.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

Quote from: dansus021 on January 16, 2023, 07:39:55 PM

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

I think your peace of mind about the safety of your passwords in the browser is just a matter of time. Even here on the forum, it has been written a thousand times that simply trusting the Chrome browser is the same as walking naked in front of an open window, so you also trust him with something that should be stored very carefully.
I will explain more clearly. Hackers need a little. You just need to follow the link they need, and it can be disguised as a completely decent and useful site. By clicking on the link, you will get something similar to an error; you will be informed that you did something wrong, then you calmly press the "OK" button and think that you have calmly left. But you have already sent the hackers all the passwords that were saved in the browser.

https://www.doyler.net/security-not-included/xss-password-stealing

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

Yeah, I heard about what happened to LastPass but to be honest we still need a password manager, and most of a password manager is centralized, why we need password manager because I personally keep changing the password on every account which is good since using the same password will get you hacked when one of your accounts got hacked.

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Why would you save the seed phrase backup into a centralized password manager or any password manager this software was just created for passwords not for very important backups like private keys or seed phrases.
Backup seed phrases shouldn't be shared with anyone for the safety of these back-ups you need to manually rewrite them into a piece of paper or save it to any device offline so that you are far from leaks.

If you are going to use any software that has a cloud server like a password manager then that's risky there are many people being hacked because of sharing and using weak passwords, leaks, malware, virus, phishing, and many attacks online to protect from harmful online activity always backup your important data to the offline device(That you know you will never connect it to the internet forever). I have a laptop with broken LCD but all my backup I can still open it and connect laptop to external monitor so that I can still access it and all my backup are there and safe the only problem is that it is still Windows 7 I disable/remove wifi/internet connection of this laptop to make sure I never use it to any online activity.

sheenshane

legendary

Activity: 2492

Merit: 1232

Don't store all your valuable credentials, which can be accessible by the internet because there's a chance of getting hacked, just like a password manager, this isn't a necessary tool for keeping passwords or any credentials that are valuable to you.

As long as it's possible can access the internet your seed phrase is vulnerable or prone to hacking.
Writing it down on a piece of paper or engraving it into a piece of metal is the best way to protect your privacy, stay offline and you're just fine not unless if someone steals it personally.

Topic: Remove Your Seed/Recovery Phrase From Centralized Password Managers (Read 325 times)