Topic: What are your biggest challenges around securing your crypto? - page 2. (Read 548 times)

Well if you want to sell any significant amount of bitcoin you are pretty much forced to give you perosnal info to an exchange.  These exchanges are run by humans and all it takes is one bad employee or a data hack and your information is out there.

It must be a constant worry of crypto celebrities like Roger Ver, Vitalik, John Mcafee.  I'm sure they are worried about being kidnapped and torture for their coins.

What about where to store your seed?  You put it in your house, well a fire, theft or something like that could destroy it.  So you put it in 2 or 3 different locations?  Of course doing that exposes it even more.


Now if you have 24 word seed, you do write it in 1 piece of 2 piece or 3 pieces?  Example 12 words, its only half the seed.


Now where can you store it where its safe?  Bank deposit box?  What if thieves drill through it and steal the boxes as i have heard of cases like this?  If your seed is in the box with 24 words, well thats it.  But if nothing like that happens, couldn't an employee or someone on inside open the boxes up?  If its cash, they taking it would mean the person putting it there would know when they check the box.  The seed, well they can take picture of it or write it down.




Now what about making your seed look like something not noticeable?  Example you write the words and say 3rd grade spelling words or something like that?  What about you writing the 24 word seed but you do it as a code.  Like A = Z  B = Y etc.  Or something like A = E etc.  Then if someone gets access to it, they won't have a clue what that is because those are not words.  Of course if you do this, you need to remember what the letters a mean such as does it mean a is e or z etc.



Does anyone know of any safe storage spaces for this?  I know people say never store your seed online.  But what if you store it in your computer but encrypt it with say axcrypt.  Then upload it to say dropbox or google drive.  So let say someone was able to hack your dropbox or google drive. 


They still need to



Know your password for lastpass or keepass.




Now what if you encrypt lastpass or keepass as well?  Now they need to know the password for axcrypt and also lastpass or keepass.  A risk of this would be if you forget both passwords.


Thoughts on that?  Which of these seem to be the best?  I always thought having an online backup was good in case anything physically happened.

I like that question also (on are your prepared for loss and recovery if devices all stolen) and I've asked myself and others a few times in the past.

1. Most people would probably not be able to recover a lot of things, browser accounts, email accounts, much less a Bitcoin wallet. I know I could recover several of those at least from memory alone.

2. This for me is also the weak point, that most people use 2FA on a device, exposing them to at least the Password axis you mentioned. Myself I use a Google Authenticator for 2FA, as an extension only linked to 1 browser account. Browser and extension are uninstalled quickly after use. And means I could recover all my online accounts quickly from a new device with 2FA and change passwords. I expect this method opens me up to other vulnerabilities... anyone care to share?

All the possible technologies that exist today to keep crypto safe is not worth anything if it is not used in the right way. Most agree that hardware wallets are safe way of keeping crypto, and for now it is shown that this is correct. But security of hardware wallet is worth nothing if user is not aware of importance to make backup of seed words, so in case device is broken or stolen coins are lost.

My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.



Why you use only your memory for passwords? Nobody is so perfect to remember hundreds of passwords, and the simplest solution is to write them down of paper. Then you only need to store that paper in the best possible way, there is no great wisdom in that.

Nobody knows that you have bitcoin if you don't tell people you own bitcoin. Bitcoin is semi-anonymous and their users should stay that way as well. Only your circle of trust should know what you are doing and nobody else.

4 of them (Browser, network, software, email) are circumvented by storing your coins offline.

A strong password is necessary to be secure against physical access (e.g. hardware wallet / cold wallet on a computer).
Regarding the hardware wallet: Most do wipe the data after X wrong attempts to enter the pin (e.g. ledger nano after 3 times).
Regarding the cold wallet on a PC: You could use an encryption algorithm with tons of iterations to slow down the decryption process -> Bruteforcing no longer possible even with only a 6-8 char alpha numerical password.




Simple question.

If your coins are stored on a hardware wallet: Nothing lost, you still have full access as the only person.

If your coins are stored on a desktop- / mobile wallet:

• One should always have his wallet protected (encrypted private keys trough password / android mobile always encrypted (which is default with android 7+) + no developer mode + not rooted + locked with a pin)
• One should always have a backup of the seed used

If both points apply, it is not a problem within the next few hours / days / weeks in which you should recover your coins with your backup and send them to a freshly created wallet.

This is a complex topic, because each system has its own vulnerabilities and if the engine is perfect the vulnerability is the human factor. That's how the technology works, we can create complex encryption systems but we can not make a perfect human who doesn't make mistakes.

I think the best way to secure our coins, is in paper wallets in txt files inside zip folders with passwords. That's it, but this is the way i feel secure, for sure other people has it's own way.

I would say the biggest challenge is physical security.  I've read the horror stories of people being tortured for their bitcoin.  There are people in the world will kill for a few dollars, no matter how good your computer security is you are always vulnerable. 

Not just software wallets, but also things like 2FA. Many people either don't have back ups for their 2FA, or back up to another electronic device (such as phone and laptop). As OP says, if both are stolen, you can lose access to all your trading accounts (and web wallets if you are silly enough to use them).

On internet accessible computers, at least. It is perfectly reasonable to store your wallets on an airgapped computer, provided you take appropriate precautions to ensure the device is not infected with anything when setting it up, and securing it from physical attacks as well (whole drive encryption and storing it securely, for example).

This is one of the bigger problems when it comes to crypto. People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures. 

Sensitive and financial information shouldn't be stored on computers. We have hardware and paper wallets for long term storage. If for some reason you do end up doing it at least password protect the sensitive files. Hide it from plain sight and don't make it easy for a hacker to find it by calling it All my BTC private keys.txt

i think these are probably the most asked questions that i found in this forum:
- what wallet that i should use?
- how to store my backup?
- how to keep me protected if i connected to the network?
- how can i make sure that nobody steal my seed/private key?
- what happen if i lose my backup, how to recover my bitcoin securely?
etc.

The only way to secure bitcoin wallet is to create the private keys within a safe environment (a computer that has never connected to the internet, or at least, formatted the HDD and then installing an OS that never seen the internet). It's the only way. Then you must learn how to pass a transaction made on the offline computer within the online node. What can you do? it's the only way to go. Many find it annoying but it's what it is.

The main problem for me is passwords. I have bad memory, I always lose my passwords. I have lost access to all encrypted stuff because I lost the passwords.

As far as backups, im not sure about that. Putting your wallet on the internet doesn't seem like a good idea, even if encrypted... too paranoid. But also too paranoid to trust electrum seed's model. So what's the solution? Be careful to not burn your house or have thieves... I can't tell you anything else right now.

‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?

Are you overwhelmed with how to manage your crypto and be assured that they are secure?  
For instance:

 * Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
 * If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.


What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?