Bitcoin Forum

Im gonna buy a ledger but i still want to.spread the risk among some other wallets. Problem is most now apart frrom core uses a 12 word passphrase. Problem is John Mcafee says millions of phones and computers have keyloggers so they can take photo.and send your passphrase quite easily.

Is this a serious risk?

How to use a wallet that solves this?

Everything has risk and most people do really afraid of that keyloggers which they can easy stole up valuable information's which are related on your wallet or even on important emails but somehow this thing can be avoided if you do know how to set up things which would make you secure somehow into these threats.In terms on PC its really always recommended to have an Anti-virus so that pc would be clean on any malware or virus and you should always be prompt on downloading things on internet.

Every time you connect to the internet (using mobile, windows, Linux, Mac, toaster, etc) consider yourself compromised. Never trust nobody and nothing.
You can minimize risks of being hacked, but no one can say for sure they have a 100% safe system.
Try multiple levels of controlling your keys

yeah i agree, now a days you have to be so vigilant about what site you visit or what program you donwload or who you let on your pc to help. there are thieves every where looking to make a quick buck at the expense of others. Just recently i saw a guy get robbed of 14K VIVO coins worth approximately 70K dollars. Simply dont trust no body or anything on the net.

Best bet is to use a clean machine with a wired keyboard.  (Wireless/Bluetooth keyboards have a greater attack surface.)  A simple trick is to not enter your password completely sequentially, but instead to enter some of it, then reposition your cursor using the mouse, and then type the rest of it.  This will likely thwart attacks not targeted specifically at you, at least as long as this technique isn't widely used. 

Just do everything on an offline machine. Who cares about keyloggers.

This is the exact reason why need further encryption, I am trying to build an open source wallet which will use your fingerprint to encrypt the wallet.dat file, along with password and 2FA encryption, that will be one of the solutions. Other than that your current best option is to get a windows copy from microsoft and do a brand new offline installation of windows and never connect that pc to internet, That's the safest you can go. Also Don't use ISO files from the internet, they can be modified quiet easily.

I don't understand what threat model this is protecting against; can you please elaborate?  If your OS is compromised with malware that can steal your encrypted wallet and your password, can't it just as easily steal your plaintext wallet after you decrypt it?  Although hardware keyloggers that sit between the keyboard and the computer do exist, this requires an attacker to have physical access to your machine, and in that case you're basically screwed anyway.

A fresh install of MS Windows is certainly more secure than an OEM install that is potentially compromised with crapware such as Superfish.  But Windows itself still has a huge attack surface.  Personally, I'd recommend a smaller, security-focused OS such as FreeBSD.

Most ISOs have signed hashes that you can verify after downloading (e.g., https://www.freebsd.org/releases/11.1R/CHECKSUM.SHA256-FreeBSD-11.1-RELEASE-amd64.asc).  Of course, this requires you to trust the public key that was used to sign the hash, but the chain of trust must be rooted somewhere.

I would definitely take the dangers of keyloggers seriously.

That's why you get a hardware wallet such as the ledger in the first place. I'm not sure how much sense it makes to spread the risk among other wallets. I know Trezor supports multiple passphrases (leading to multiple accounts), Ledger should be able to do that as well. In the end that should be all the security you'll ever need.

Just don't forget to keep your seed phrase backup offline, on paper. Make a second seed phrase paper backup, stored in another, secure location. Then there's nothing you need to worry about (well, apart from the whole lot of other things that get compromised if you happen to have a keylogger on your system, that is).

According to the little I read from this article, the Wikipedia of keystrokes (keyloggers) I don't think it gives a shit about any antivirus, if I didn't get it right, please anyone should put me through. Here is the link : https://en.m.wikipedia.org/wiki/Keystroke_logging

Anti viruses only protect against known codes so really all they are doing is checking a database for known codes and then alerting you whenever they find a match and sometimes some of these programs will isolate or remove it automatically until you review it.

keyloggers are very much a threat. but is easily avoidable by not trusting external sources which do not have reputation. do not click on any links you dont trust and certainly dont download anything you do not trust.

That's the freaky part. If the attacker knows what they are doing and is only targeting a small group of people -- say, bitcointalk users -- they are likely able to infect you with a keylogger that doesn't trigger any common anti virus software as it's either hard to detect or has a yet unknown signature.

So in that regard not trusting external sources and suspicious links is probably an even better and more important defense than any anti virus software out there.

There are some statement that their fund are got stolen after they have transaction using their wallet who has a bitcoin inside, i think key logger is one of the reason why they got hacked. That is why i feel worried if i would be one of the victim of this kind of scam. Hoping that some developer could find a ways how to eliminate this thing to avoid increasing victim of hackers around the world.

Keyloggers? well they're really very dangerous dude, with the help of keyloggers hackers can easily get to know any of the information on you computer. One should just not click on any suspicious links to prevent downloading any keyloggers, also keeping a good antivirus would help alot to protect from keyloggers

Not a bit. Every keylogger is the direct result of a user doing something stupid. It is the one viral attack exploit that is always user installed or downloaded. I think it is just too simple for the hackers to deploy any other way, and it is used as a catch the bottom feeders last resort after the real hacking.

Actually, if your computer is infected, there is not much a wallet itself can do to solve it. The malware could hide on the system driver level, so the application in user space has no chance to detect it. If there are wallets that claim to be able to cope with it, it sounds suspicious to me.
The risk itself is quite serious, as there are many versions of malware around that are crypted by non widely known algorithms and by that they bypass a lot of AV scanners.
Problem is that a lot of this malware has special functionality to detect if a cryptocurrency wallet is installed and it filters the data to only capture this part.

In general, linux operating systems are not targeted that often. For high-volume transfer handling, I generally recommend using a dedicated machine that is set up from scratch, where only required software gets installed. Then, you can setup a firewall to only allow a specific process to communicate out of your machine. This should give you maximum security.

Better safe than sorry...

The key logger is a serious problem that really needs to be resolved. But how can it be solved now that anti-viruses are capable of overtaking and escape? Nothing is really safe now in the world and when you do not even know the computer you can definitely be robbed. So please do not download anything if you do not have enough knowledge about that because your download might be malware.

there are many tools to protect you data...
here some review about keylogger finder
https://www.geckoandfly.com/17868/best-free-keylogger-for-windows-mac-android-ios-to-monitor-your-kids-facebook/
https://www.raymond.cc/blog/free-and-simple-keylogger-to-monitor-keystrokes-in-windows/

The best way of solving the problem is use the wallet on the machine where you dont use another things only use the wallet for it. So that if you got get any problem of key loggers as you wont be using any type of files and browser service.

this is exactly my approach
i setup a virtual machine when i have my wallets and i connect to network just when i need to send transaction or sync chain.
when i don't needt it, the VM is powered off..

The fact that security is a hoax is true and that one can always try everything to secure their stuff but still they will end up with losses from hackers. It is true that a hardware wallet is safer than a desktop or a web wallet. Again it is also true that keyloggers are there in your PC and mobile if you dont keep a proper antivirus and download stuff from every source in the web. What I have learnt from ethical hackers is that to keep the bitcoins safe the best thing to do is to create a paper wallet in an Arch Linux boot or CentOS boot which has been just created and never connected to the internet. That way the keys will be safe - but that is not userfriendly as well.

i always do my private work on a separate machine on which i do not install or click any link and unknown software.
and yes i fear key loggers very much not just that trojans and viruses are also danger you can face.

This is not a real worry of mine, as I already do everything possible to avoid installing malware.
Usually it's through fault of the user that their computer gets infected, although a targeted attack is also possible, it's pretty unlikely.

Be wary of everything you download and never download something from an untrusted source.
Even Word or PDF documents can be infected, so also watch out for those.

If you really have to download something that could contain malware, run it in a sandbox or on a virtual machine.

It's also a good idea to install the NoScript plugin on your webbrowser and disable javascript.
I also never run Flash.

As long as you do not download anything fishy and don't visit suspicious links then you can protect against them without the use of antivirus.

If you have a keylogger, you would most likely also have some kind of malware, given that a lot of keylogger nowadays are now considered RAT. It is not secure to be using a VM with the wallet inside of it. A malware from your host machine could easily capture any keys or files from your VM.