Pages:
Author

Topic: Storing my seed in Lastpass (Read 3682 times)

legendary
Activity: 2730
Merit: 7065
May 08, 2021, 01:20:00 AM
#43
Don't do that, my brother hid something like that once and we couldn't get it out again...
It was just an example to show that there are so many hiding places all around you if you look carefully enough. Scenarios like those that jerry0 considers regarding splitting up the seed in small chunks and storing them in multiple safety deposit boxes in different banks are outrageous. And then, after so many years of asking questions he goes and stores his recovery phrase online...
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
May 07, 2021, 02:21:12 PM
#42
Don't store your seed phrase in any password manager online or offline! (not even keepass)

Buy a safe a store your offline copy in there. There are small portable ones you can buy that are inexpensive.

Do you have an old office chair. Unscrew one of its wheels, put the seed phrase in the tube and screw the wheel back on. You just hid your seed in plain sight. The chances of a thief stealing your chair or taking it apart to see what is inside are very small.     

Don't do that, my brother hid something like that once and we couldn't get it out again...
legendary
Activity: 2730
Merit: 7065
May 03, 2021, 12:17:38 PM
#41
Okay didn't know that about lastpass.  So is keepass the only password program to never gotten hacked then?  I heard some other one like lpassword i think but maybe thats the wrong one?
There are no guarantees that Keepass wont suffer a breach in the future. Just because they weren't hacked yet, doesn't mean it can't happen in the future. Not to mention that you have to consider all the possible attack vectors that can go through the devices that you use with Keepass. Remember that users considered many crypto exchanges to be a safe storage mediums until they started getting hacked and people started losing their mind.

Umm... i store my seeds online with a password manager as i described.  I know people said don't do that... because I didn't have any good option because i thought...
Is there nothing in your house or apartment were you can hide a piece of paper that contains your seed? Look around. Do you have an old office chair. Unscrew one of its wheels, put the seed phrase in the tube and screw the wheel back on. You just hid your seed in plain sight. The chances of a thief stealing your chair or taking it apart to see what is inside are very small.

I know a friend who kept jewelry in and old pair of computer speakers from the 90s. That's also an option. Hide it inside a VCR recorder for example. No one is going to take that even if it's free. Look around the place you live in and find something.     
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
May 03, 2021, 11:03:46 AM
#40
Umm... i store my seeds online with a password manager as i described.  I know people said don't do that... because I didn't have any good option because i thought... as long as i have my encryption password and cloud password aka dropbox/gmail...i thought that was fine.  Of course that would mean making sure my computer has no malware/virus.
You can't exactly make sure your computer doesn't have malware and virus, it can just be undetectable and storing it offline is the only way for non-physical attacks to be prevented.



I always felt seeds would be safe there... since well... someone needs to have your password for keepass/lastpass... but also they need your cloud username/password as well.  Now the cloud part is obviously much easier... but how they going to get your keepass/lastpass password assuming its completely unrelated to your email if you never wrote it down anywhere online.  Now i know if you get malware/keylogger on laptop, then thats completely different story. 
Storing your seeds in any digital medium will open up a whole range of attack vectors, malware, password compromise, encrypted data leak from the password manager. If you're storing your seeds on the cloud, I consider that as good as giving someone else your password. Most password manager encrypts your data locally but that doesn't mean an attacker can't get your encrypted string and start bruteforcing it. While it is unlikely that people can crack your encrypted strings unless you're using a weak password, why would you even take the risk?
full member
Activity: 1750
Merit: 186
May 03, 2021, 10:56:33 AM
#39
Okay didn't know that about lastpass.  So is keepass the only password program to never gotten hacked then?  I heard some other one like lpassword i think but maybe thats the wrong one?



Umm... i store my seeds online with a password manager as i described.  I know people said don't do that... because I didn't have any good option because i thought... as long as i have my encryption password and cloud password aka dropbox/gmail...i thought that was fine.  Of course that would mean making sure my computer has no malware/virus.



That is why i started asking... maybe its maybe to just store the seeds in multiple safe deposit boxes at different banks.  Im not asking the other way around...


Well is passwords to your email/sites and banking all you should put in keepass/lastpass then?



I always felt seeds would be safe there... since well... someone needs to have your password for keepass/lastpass... but also they need your cloud username/password as well.  Now the cloud part is obviously much easier... but how they going to get your keepass/lastpass password assuming its completely unrelated to your email if you never wrote it down anywhere online.  Now i know if you get malware/keylogger on laptop, then thats completely different story. 
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 03, 2021, 08:26:13 AM
#38
Also would you store it on lastpass or keepass or are they about the same?
I would personally choose not to store it anywhere electronically. It's losing its point. The seed phrase should and is being defined as a list of words which store all the information needed to recover your funds. Most of the software wallets will instruct the user to write them down on a paper.

The developers didn't choose to warn the user such thing casually. Besides the fact that your chances of getting robbed by anything malicious are less, there's another reason:  Which item would you be more comfortable with if you wanted to keep it working for 10+ years?   rhetorical

I don't know if Keepass was ever hacked.
It's an open-source software. You can't hack it same like lastpass.
legendary
Activity: 2730
Merit: 7065
May 03, 2021, 04:15:14 AM
#37
Has lastpass ever been hacked before? 
They have been hacked a few times. 2-3 times I think. I don't know if Keepass was ever hacked.

Also would you store it on lastpass or keepass or are they about the same?
I wouldn't store my seed in either of the two software no matter what anyone else says. Recovery phrases shouldn't have digital backups, period.
How do you get from wanting to store your seed in multiple bank accounts across the country to wanting to store them on your computer or online service in any format?   
full member
Activity: 1750
Merit: 186
May 02, 2021, 01:14:10 PM
#36
Has lastpass ever been hacked before?  Someone mentioned of a password manager that was recently hacked... and said like if you installed updates during a certain time, then you got hacked.  Anyone know anything about this?


Also would you store it on lastpass or keepass or are they about the same?
legendary
Activity: 2730
Merit: 7065
March 31, 2019, 03:01:18 AM
#35
I have never been a fan of these password managers, they are useful, sure, but we are still somehow giving control to a third party when it comes to password generation and storage. We are trying to move away from centralised control when it is related to our private keys but we give another party the option to generate the passwords that we use. 
legendary
Activity: 3472
Merit: 10611
March 30, 2019, 11:06:17 PM
#34
The other thing is this.  Most ppl store passwords on these programs.  So its not safe putting your 12 word or 24 word seed on it?  Because someone still need to know your password to lastpass or keepass.  But if someone installed malware or trojan, then it record your keystrokes so that means all your passwords are not safe?

well you want to use it in a safe/clean environment. if for example you use it on a computer that has a malware that can steal your encrypted keypass file + the password you enter in it, then it is obviously not going to be the safe way of using it. it would be like having a safe in your wall but instead of locking it, you leave the door open with your valuables inside!
full member
Activity: 1750
Merit: 186
March 30, 2019, 06:18:46 PM
#33
The other thing is this.  Most ppl store passwords on these programs.  So its not safe putting your 12 word or 24 word seed on it?  Because someone still need to know your password to lastpass or keepass.  But if someone installed malware or trojan, then it record your keystrokes so that means all your passwords are not safe?
legendary
Activity: 3472
Merit: 10611
February 18, 2018, 09:56:22 PM
#32
~

try not to overthink things! you have a bunch of words that you need to remember. if you have one of those strong memories then memorize them. and if you don't then simply write it down on a piece of paper, in a book or basically anywhere physical (no digital storage). then place that paper in a safe place.
now you can increase the resilience of that paper in a lot of different ways like laminating it or even using a metal plate instead of paper and etching your words on it.
full member
Activity: 1750
Merit: 186
February 18, 2018, 04:52:01 PM
#31
what physical locations are you guys putting the seeds into?  So you break it into 2 parts?  So whether its electrum or ledger wallet which has 24 or 25, you do the same?  Now what happens if you computer with electrum gets stolen.  And also 1 part of the seed in your apartment/house get stolen.  The other part let say you put in a bank safety deposit box.  First off, is that even safe?  That seems like a really bad idea as i heard of safety deposit box in banks getting broken into/drilled etc.  Then what happens then?  Same as if your nano ledger wallet gets stolen.  Half of the seed got stolen, the other half its somewhere else.  If you have no online backup, then what do you do here?  The other thing i thought was this.  If you keep it in keepass and put a copy of it online such as dropbox or google drive... well as long as you remember your dropbox/google drive password and keepass, that is all that is needed.  Don't you guys agree?  The other thing might be... how about create 2 different keepass files?  Where half the seed is on one keepass file... the other is on another file?  And each one is on 2 different dropbox/google drive email?  That way if somehow your dropbox/google drive account got hacked... well they still need the password for keepass. And if they somehow get it... well they still need to hack your other dropbox/google drive account and also hack the other keepass file.  So basically create different passwords for your different dropbox/google and for each keepass file.  Yes you would have to remember a few more passwords.  But wouldn't this probably be the safest way to store a password on keepass and keep an online backup?


12 word phrase, i could definitely see how people could remember that.  24 word or 25 word seed is basically impossible i think.


Because if you dont keep a copy of it online, well there is always a chance it physically could get destroyed/stolen.  So thoughts on that?  I mean there has to be lot of cases where people either did not wrote down their 12 word phrase or... they wrote it down but no idea where it is etc and they cannot access it anymore.
legendary
Activity: 2926
Merit: 1386
January 14, 2018, 02:10:04 AM
#30
So if you had to choose, its better to type it in on keepass as opposed to lastpass right? 

So if you upload your keepass or lastpass file on dropbox... well you still need to get the password of keepass or lastpass in order to access it.  So wouldn't that be the best way so that you would have a keepass or lastpass file backup on the internet such as dropbox in case you dont have your copy on your computer or usb etc?

Like the other mentioned... people say write your word on a seed and keep the paper safe.  Where do you keep this paper then?  Do you keep it in a safe?  Do you keep it in a safe in the bank?  Do you keep it in a drawer in your home?  Do you have the paper broken in 2 or more parts that way the one piece of paper doesn't have all the word?  The thing is someone mentioned what if there is a fire.  Well if there is, that means your computer and everything might be gone.  The other thing is what if someone breaks in your apartment or something like that and then takes your paper.  Or maybe they come and just take a picture of your seed and then leave etc.

So if this is the case, isn't what i mentioned a while back probably the best idea to do would be just type your phrase on keepass or lastpass and then upload it on dropbox?  Because that way, the person would need to not only hack your dropbox account, but they would the password to your keepass or lastpass etc.  That way you dont have to worry about your piece of paper?  Also even if you put it in a safe in a bank, there has been cases where safes have gotten destroyed in banks etc.

Thoughts on this?  I really don't think having the entire phrase written down on a single piece of paper is good idea.  I could understand if you have it broken down in say 2 or 3 pieces etc though.  But in any case, shouldn't you have a copy of the seed online somewhere in keepass or lastpass?  That way you dont have to think about the physical piece of paper?

There are some really, really bad ideas in this thread.

Please exclude from consideration all the programs, cloud storage and other crap.

But if you don't believe me, then take your seeds and keys, change the encoding as required and stuff them in a file entitled "Damn Microsoft Serial Numbers and Restore Keys"
full member
Activity: 1750
Merit: 186
January 10, 2018, 02:23:56 PM
#29
So if you had to choose, its better to type it in on keepass as opposed to lastpass right? 

So if you upload your keepass or lastpass file on dropbox... well you still need to get the password of keepass or lastpass in order to access it.  So wouldn't that be the best way so that you would have a keepass or lastpass file backup on the internet such as dropbox in case you dont have your copy on your computer or usb etc?

Like the other mentioned... people say write your word on a seed and keep the paper safe.  Where do you keep this paper then?  Do you keep it in a safe?  Do you keep it in a safe in the bank?  Do you keep it in a drawer in your home?  Do you have the paper broken in 2 or more parts that way the one piece of paper doesn't have all the word?  The thing is someone mentioned what if there is a fire.  Well if there is, that means your computer and everything might be gone.  The other thing is what if someone breaks in your apartment or something like that and then takes your paper.  Or maybe they come and just take a picture of your seed and then leave etc.

So if this is the case, isn't what i mentioned a while back probably the best idea to do would be just type your phrase on keepass or lastpass and then upload it on dropbox?  Because that way, the person would need to not only hack your dropbox account, but they would the password to your keepass or lastpass etc.  That way you dont have to worry about your piece of paper?  Also even if you put it in a safe in a bank, there has been cases where safes have gotten destroyed in banks etc.

Thoughts on this?  I really don't think having the entire phrase written down on a single piece of paper is good idea.  I could understand if you have it broken down in say 2 or 3 pieces etc though.  But in any case, shouldn't you have a copy of the seed online somewhere in keepass or lastpass?  That way you dont have to think about the physical piece of paper?
newbie
Activity: 1
Merit: 0
December 20, 2017, 10:42:07 AM
#28
Reviving this a bit.

how is encrypted keepass on dropbox any different than lastpass? you're talking about client-side encryption being stored on a 3rd party service in both cases.
i realize there is a difference in relying on the lastpass client to perform the encryption vs handling that all yourself on an air-gapped machine, but there is always going to be some trade-off between usability, recoverability, memorability, and security. memorability being the biggest one there. which brings me to:

it is definitely possible to have a secure and memorable pass phrase to decrypt your secrets - contrary to what some people have said here. I have a few 8-10 word phrases that I've trained myself to remember and haven't written down anywhere (at least not altogether... I've left a few hints and fragments for myself just in case).

But the issue, as NUFCrichard said, is that there is always going to be a weakest link in your security - and if not there's a good chance it's so safe that you are at risk of losing access yourself. People say "just write it down and keep the paper safe" -- that's a huge understatement/misdirection! how do you keep a piece of paper safe?! in a literal safe? then how do you prevent someone from walking away with it? how to you keep the combination or physical key secure? what if there's a fire? The only truly safe place to store a piece of data is in your brain (torture notwithstanding) but then you're really talking about irrecoverable data loss if you happen to forget it...
legendary
Activity: 1218
Merit: 1003
July 26, 2017, 07:13:13 AM
#27
LastPass Password Manager is made to do this.
Do not forget to make backups and use a strong password.

The problem is you cannot make a truly random strong password that you can remember reliably, so you wind up writing the password down. Can you remember a random string of numbers, letters and symbols longer than 20 characters? I sure can't. If you allow a password manager to remember your password you have an attack vector. Hardware wallet manufacturers recommend you write your seed on paper and store in a safe place for legitimate reasons.
The thing is, there is almost no perfect way to store your Bitcoin in a 100% safe way, whilst still being able to access it yourself.
You can write down your very strong password, but there is always the chance that you lose your note. So you could save it somewhere or photograph it, but both aren't safe!

So you could use a password manager, but then you have your attack vector as you said. I personally see my very strong password hidden in my strong password/2FA protected password manager as a pretty good solution.

Could it be better? Yes probably. But if it were safer, it would probably be difficult for me to access. Another thing is to not keep all your eggs in one basket. I mean losing some of your bitcoins is obviously a nightmare, but that is preferable to losing all of your bitcoins!

Paper wallets are good, but nowadays with stuff like BCC and Byteball around, it is necessary to sign messages or split your coins, so just leaving your Bitcoin in an offline paper wallet is actually missing earnings opportunities.
legendary
Activity: 1806
Merit: 1164
July 25, 2017, 04:23:29 PM
#26
LastPass Password Manager is made to do this.
Do not forget to make backups and use a strong password.

The problem is you cannot make a truly random strong password that you can remember reliably, so you wind up writing the password down. Can you remember a random string of numbers, letters and symbols longer than 20 characters? I sure can't. If you allow a password manager to remember your password you have an attack vector. Hardware wallet manufacturers recommend you write your seed on paper and store in a safe place for legitimate reasons.
newbie
Activity: 1
Merit: 0
July 25, 2017, 04:14:27 PM
#25
Storing encrypted seed in LastPass is OK. The question is: how and where do you encrypt it?  I would not trust my PC, even though it has all the antivirus software one can get.

I went further and created a simple encryption program which runs as a web page and can be opened in any old smart phone.  The phone should be put in 'airplane mode', encryption done, and the resulting codes photographed from the screen by another device.  The phone should be then factory-reset (or destroyed).  As a result you get a picture of encrypted codes on the other device, and your secret never touches the web even if the phone was swarming with viruses.

So, this is the idea, please, take a look at  https://messagesafe.github.io/ . At this point I need feedback, may be I missed something. If there is any interest, I will start a thread to discuss any issues.
full member
Activity: 224
Merit: 100
June 08, 2017, 03:32:48 AM
#24
One of my friends had a Google Authenticator for his LP and one day his phone was stolen and he couldn't log in to his LP account without the GA code. He was in panic but everything ended well.
Pages:
Jump to: