Topic: What are your biggest challenges around securing your crypto? (Read 524 times)
Hack and physical theft could the security challenge around me. sometimes physical theft information may not be useful to culprit and may just cost absolute loss. Demise of some individual may not give access to the coin, the fear of crypto loss due to demise came up as a challenging problem in recent dailies. I think this is enough or good idea for crypto enthusiasts to look into and create a project from.
-snip-
You could invest in a fire and water proof safe, and place it underneath your floorboards or bury it in your garden if you have one. Or inscribe your seed on some metal plates which would withstand the heat of a fire. Alternatively, use something like Shamir's Secret Sharing to give parts of your key to some trustworthy friends.I don't want to rely on a person per se, I prefer to rely on a system I think. I got trouble last year when my father passed away suddenly.
I know there's a metal thing to keep your seeds, cryptosteel or something like that, but I was in a hurry, I give it to a notary since I also need to use him for others stuff.
-snip-
You could invest in a fire and water proof safe, and place it underneath your floorboards or bury it in your garden if you have one. Or inscribe your seed on some metal plates which would withstand the heat of a fire. Alternatively, use something like Shamir's Secret Sharing to give parts of your key to some trustworthy friends.
The challenge I had was to keep the seeds in a safe place. At home, you will say, yes sure, but what about if there's a fire in your house. Your home insurance will do nothing. You can have the backups in all the rooms, all of them will be gone with the fire. I don't really have a family anymore so can't even ask someone to keep a piece of paper. I managed to store the seed somewhat but it cost me some buck
With regards to using computers that have never had access to the net - I'm thinking of removing the hard drive from a notebook, and installing Linux on a couple of USB SSDs. I can then boot the computer from one of the SSDs. If I keep personal info on the one that never accesses the net, then that should give me a bit of extra security.
The way I've done it is with a old laptop (10+ years) I had kicking around. It was serving no purpose anyway, other than gathering dust, so I simply opened it up and removed the WiFi card, so it will never accidentally connect to the internet. The hardware is old and it would struggle to run most modern software. Hell, I don't think it would even manage a modern version of Windows or a resource heavy browser like Chrome, but it's quite capable of running Linux and signing bitcoin transactions.The other vector of attack is obviously physical attacks on the device. I have full drive encryption on this laptop - it might be worth looking in to that for your SSD.
With regards to using computers that have never had access to the net - I'm thinking of removing the hard drive from a notebook, and installing Linux on a couple of USB SSDs. I can then boot the computer from one of the SSDs. If I keep personal info on the one that never accesses the net, then that should give me a bit of extra security.
I backed up my wallet.dat file along with my seed on a flashdrive which i never plug on another computer just mine with the Win7 OS.
For the best security, your seed should never touch an internet enabled computer, especially if you are storing it in plain text. Even although you are using a different OS, since you are connecting to the internet with that OS you have no guarantee that it has not been infected with some kind of malware. I would store your seed on paper and not on a flash drive at all, or if you insist on storing it on a flash drive, only ever connect that flash drive to a completely air-gapped machine. 
‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?
Are you overwhelmed with how to manage your crypto and be assured that they are secure?
For instance:
* Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
* If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?
I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.
What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?
Are you overwhelmed with how to manage your crypto and be assured that they are secure?
For instance:
* Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
* If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?
I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.
What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?
Other than my daily driver Windows 10, I dual boot Win7 in another HDD for the sole purpose of wallet sync and transaction. No browsers, no other programs just the wallet. I backed up my wallet.dat file along with my seed on a flashdrive which i never plug on another computer just mine with the Win7 OS. That's how i deal with it.
2. This for me is also the weak point, that most people use 2FA on a device, exposing them to at least the Password axis you mentioned. Myself I use a Google Authenticator for 2FA, as an extension only linked to 1 browser account. Browser and extension are uninstalled quickly after use. And means I could recover all my online accounts quickly from a new device with 2FA and change passwords. I expect this method opens me up to other vulnerabilities... anyone care to share?
Are you using an extension to get the 2FA code? That is not how it is meant to be used. 2 Factor means, it's the second way of proving it is you. THe first way is password. And if you use your 2FA this way, then it's really only 1 factor. The use of the 2fa seed in many places will increas the chance of it being stolen. You could just install a 2fa app on a phone not connected to the internet.
People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures.
Not just software wallets, but also things like 2FA. Many people either don't have back ups for their 2FA, or back up to another electronic device (such as phone and laptop). As OP says, if both are stolen, you can lose access to all your trading accounts (and web wallets if you are silly enough to use them).For 2FA, you have to have a strategy to securely store the backup of your 2FA as well cause you don't want that falling under the wrong hands either.
My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly. For my private key i preface to go the traditional way by writing and keeping it some where safe
This is a reasonable thought process. Also, you can use two password managers - one password - to store passwords that are not risky. Ie for regular accounts and such that will not cause you to lose lot of money. Using a file based offline password manager like Keepass to store sensitive passwords and keys.
My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly.
This is a huge security risk. Using the same password for things like email, social media, forums, and exchanges is just asking to be hacked. There have been some pretty major password leaks from some very reputable companies over the past few years - it is highly likely that less reputable companies like small crypto exchanges will leak your password at some point. If an attacker was to gain access to one of your accounts, you could lose everything.If you are struggling to use different passwords or remember them all, then just use a secure password manager like KeePass.
Does anyone know of any safe storage spaces for this? I know people say never store your seed online. But what if you store it in your computer but encrypt it with say axcrypt. Then upload it to say dropbox or google drive. So let say someone was able to hack your dropbox or google drive.
They still need to Know your password for lastpass or keepass.
Now what if you encrypt lastpass or keepass as well? Now they need to know the password for axcrypt and also lastpass or keepass. A risk of this would be if you forget both passwords.
Thoughts on that? Which of these seem to be the best? I always thought having an online backup was good in case anything physically happened.
For sure. This sounds a reasonable way to go about it. Also, the security doesn't have to be one solution for everything. YOu can have higher level of security for larger amounts. And reasonable security for lower amount of assets.
You could increase the security of the above method by using a client side encrypted storage space instead of dropbox or gdrive - ex: Sync.com or Spideroak
My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly. For my private key i preface to go the traditional way by writing and keeping it some where safe
All the possible technologies that exist today to keep crypto safe is not worth anything if it is not used in the right way. Most agree that hardware wallets are safe way of keeping crypto, and for now it is shown that this is correct. But security of hardware wallet is worth nothing if user is not aware of importance to make backup of seed words, so in case device is broken or stolen coins are lost.
My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.
My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.
This is exactly the problem I want to tackle and educate people on it. It's hard to find relevant guides to security in one place. There are some that offer just generic information but don't discuss the details of how to do it.
Pass code? Do you mean your PIN for accessing the wallet? It should never be stolen or found because you should never write it down. The only thing you should be writing down and storing securely is your seed.
Although the PIN in hardware wallets is important, in case it is forgotten, it is possible to recover wallet by entering 3 times incorrect PIN and then restore wallet from seed. But I can not agree that PIN should not be written down, it is 8 digit number (in my case - Nano S), and can easily be forgotten. If someone finds four digits or eight digits number, without the device itself it will not have any use of it. But if seed is compromised, wallet can be restored in different ways, regardless of PIN. A hardware wallet is great, but what if the pass code is stolen or found? How will funds be transmitted to relatives after death? In my view, these are issues crypto will have to solve in the coming decade. More than likely, we will need some centralization to resolve some of these concerns.
Pass code? Do you mean your PIN for accessing the wallet? It should never be stolen or found because you should never write it down. The only thing you should be writing down and storing securely is your seed.The easiest way to transmit funds after death is to tell your spouse or family member your PIN/location of your seed/paper wallet, etc. or include said instructions in your will or a dead man's switch.
A hardware wallet is great, but what if the pass code is stolen or found? How will funds be transmitted to relatives after death? In my view, these are issues crypto will have to solve in the coming decade. More than likely, we will need some centralization to resolve some of these concerns.
Now if you have 24 word seed, you do write it in 1 piece of 2 piece or 3 pieces? Example 12 words, its only half the seed.
The issue with this is that you all three pieces to restore your seed. If an attacker steals one, you can't restore the seed from the other two. You could of course leave multiple copies of each piece in different locations, but the more locations you use the more chance of someone finding one.There are other ways to securely store your seed on paper. For example, you can use methods like Shamir's Secret Sharing or a modified one-time pad technique to split your seed in to 3 parts, and require any 2 of them to recover your seed (or 3 out of 5, or any other combination you fancy). Each piece on its own is useless.
But what if you store it in your computer but encrypt it with say axcrypt.
To encrypt it on your computer, it must at some point be on your computer unencrypted. This is not safe. You should only be doing this on a permanently airgapped device. 
Now where can you store it where its safe? Bank deposit box? What if thieves drill through it and steal the boxes as i have heard of cases like this? If your seed is in the box with 24 words, well thats it. But if nothing like that happens, couldn't an employee or someone on inside open the boxes up? If its cash, they taking it would mean the person putting it there would know when they check the box. The seed, well they can take picture of it or write it down.
Thieves could get to your seed phrase by robbing the bank but in cases like that they are usually looking for cash, gold, diamonds etc. You would have to be unlucky to get your deposit box robbed by thieves looking for crypto. Bank deposit boxes can't be opened by the bank employee alone. You need two sets of keys. One key belongs to the bank and the other to the person leasing the box. Consider it a 2FA of some sort.
Does anyone know of any safe storage spaces for this? I know people say never store your seed online. But what if you store it in your computer but encrypt it with say axcrypt. Then upload it to say dropbox or google drive. So let say someone was able to hack your dropbox or google drive.
You can store an encrypted seed and keys on a computer but it shouldn't be one that is connected to the Internet. It has to be free of malware and in good condition both hardware and software wise. I wouldn't advice uploading to a cloud/drive. A safer option is to keep an encrypted copy on a password protected USB drive for example. One that is only used for that purpose and not for storing any other files.
Jump to: