Why is it bad to store 24 words from Ledger hardware wallet in password manager? - page 2.

hypersafe2020

newbie

Activity: 10

Merit: 4

Quote from: hatshepsut93 on April 09, 2020, 04:57:59 PM

If you are storing and using your wallet offline, then there's nothing wrong with using a good open-source password manager. Can you tell me who said that this is wrong, I'd like to hear their reasoning.
If this was done on an online machine, there are inherent risks to it, like malware that somehow pwns the password manager and steals your seed, or a clipboard malware, etc. But since we are talking about cold storage setup, the password manager would just be used as an encryption/decryption tool.

I always read online when it comes to storing your 12 or 24 words, never to store them digitally. I assume this is because most people will put then in an unencrypted file like a TXT or DOCX file and not use a password manager like KeePass.

I was thinking of using Tails OS offline to create a new KeePass file and enter the 24 words in the file, save the file and put it on a USB stick. Turn off the Tails OS. And make copies of the keepass file on top other drives.

samcrypto

sr. member

Activity: 2002

Merit: 314

Vave.com - Crypto Casino

Hackers can get into your computer and you might be lose that seeds and got hack as well, this is why we should protect our seeds at on our code. Ledger have their own sheet to write down your 24 seeds, if you don’t want to use it then its better to write it down on another paper so it looks like a normal words to other people. You can encrypt the excel file, but still hackers can open that and you are risking too much money on that.

traderethereum

hero member

Activity: 2870

Merit: 574

Vave.com - Crypto Casino

You never know if your password becomes online someday so it's better to keep it offline, and only you that will know.
You never know if someone can enter and come to your password manager.
I prefer to write it in my secret book or notepad in some place than to save it in a password manager. But if you still want to do that, go ahead, but you should be careful.

BitMaxz

legendary

Activity: 3304

Merit: 3037

BTC price road to $80k

It is not safe if you are using KeePass on online mode not on offline/airgap PC this should be offline forever to keep your seed safe in your PC.
Any documents or important backups like 24-word seed are always safe to store on the PC which is completely offline(Never connected to the internet).

Since this is related to hardware wallet are you planning to use the ledger hardware wallet on the PC with ledger live? It needs the internet so if you use your PC online it is not safe to save the "24-word seed" on the KeePass even this software is offline. We don't know exactly if this password manager is not sending any data when the PC is connected to the internet.

Unless if you are a programmer and you can verify that it is running completely offline and not sending any data from KeePass to internet when the PC is online. But for us who doesn't know if KeePass is safe while connected to the internet. We will always choose to save it to paper wallets instead or save somewhere safe than KeePass.

hatshepsut93

legendary

Activity: 2954

Merit: 2145

If you are storing and using your wallet offline, then there's nothing wrong with using a good open-source password manager. Can you tell me who said that this is wrong, I'd like to hear their reasoning.
If this was done on an online machine, there are inherent risks to it, like malware that somehow pwns the password manager and steals your seed, or a clipboard malware, etc. But since we are talking about cold storage setup, the password manager would just be used as an encryption/decryption tool.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: hypersafe2020 on April 09, 2020, 04:43:41 PM

It says it is not recommended to store your 24 word seeds digitally and I can see why it is bad to save it in a non encrypted file like a word document, but why is it a bad idea to store your 24 words in a password manager like KeePass which is offline, you can copy the files into other drives for backups, and the file is encrypted? I do not see any security flaws in this except if you have a keylogger.

Hypothetically speaking, if you store your seed in an offline password manager you have to import your seed at some point and have it online.

Some hardware wallets make attempts to get you to type in extra words and import words in different orders or as repeats which makes it harder to decode a seed (but not neccessarily impossible).

Also, if a ledger works liek a trezor, you'd have to show your seed on your computer before you're able to redeem your funds which has huge implicaitons on your security sincec anyone with access to the machine through malware can gain access to the information. If you only use the seed on a live version of an OS that has been signed to be authentic then you may be able to store you information this way but I'd still be wary that you use enough encryption on the password manager...

If you can, use at least 8 random words, there are examples everywhere of how to do this...

hypersafe2020

newbie

Activity: 10

Merit: 4

It says it is not recommended to store your 24 word seeds digitally and I can see why it is bad to save it in a non encrypted file like a word document, but why is it a bad idea to store your 24 words in a password manager like KeePass which is offline, you can copy the files into other drives for backups, and the file is encrypted? I do not see any security flaws in this except if you have a keylogger.

Topic: Why is it bad to store 24 words from Ledger hardware wallet in password manager? - page 2. (Read 259 times)