Bitcoin Forum

I felt that the Securing Your Wallet (https://en.bitcoin.it/wiki/Securing_your_wallet) article on the Bitcoin Wiki was too hard to digest for a non-technical user so I created this simple, brief list of dos and don't as a starting point:

https://en.bitcoin.it/wiki/Wallet_Security_Dos_and_Don%27ts_%28Windows%29

Any modifications or improvements are appreciated.

Bear in mind that this is not meant to be a comprehensive guide on how to create a 100% secure wallet. I'm just trying to address the most obvious security mistakes made by beginners.

mostly the same.


firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain.

otherwise nice guide / reminder  :)

Uhhhhh, have you SEEN Comodo's software firewall???  Shit is amazing.

1) Keep your big wallet offline
2) Split your big wallet to 15+ small wallets
3) Use one small wallet when you want to spent.
4) Encrypt all wallets when not in use.
5) Scan your computer before copying your wallet to a connected computer.

Done

All words that are attached to the "Do's" and "Don'ts" should be linking to parts of the Wiki discussing those things.

i prefer ESET Smart Security, but i used comodo firewall for ages before this. In both i have them set and recommend people use 'manual mode' so you must allow or block anything trying to send or recieve data via your computer.

great for stopping those pesky apps from checking online for updates / key's

The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)

Dang... I was just about to comment that a properly set-up window 7 x64, using limited privilege user, and efs for private data can be very secure.

Great start. Thank you.
I'm sure that this will help (if only they use it) all users (not just Window users).

I agree with BitcoinPorn, "...should be linking..."
To that, I would add that it links to reliable information, even if it does't link to the Wiki.

I would also suggest you to add/modify/explain the following (possible with a link):

-How to find/use symmetric encryption (asymmetric may be a little much, however it should be mentioned).
-What a keyfile is and how it relates to encryption.
-Don't use an online backup/storage services' encryption unless you have the sole key. Even if that is the case, I suggest you to not use their encryption (use your own). If the service uses encryption, then considered that a plus that is added to your encryption.
-Once your wallet leaves your system (e.g., to an online backup/storage, USB, etc.), it should be encrypted.
-When deleting an unencrypted wallet, that file must be shredded. Of course this will mean explain what shredding is and why it is important.
-Recommend a good password manager to help (I vote for LastPass).

Thanks for your feedback.


It has been pointed out that shredding is not effective on modern operating systems.  I think it's still better than nothing, but does it give people a false sense of security?


Password managers create a single point of failure. Do you think this is secure enough for protecting wallets? I prefer to encrypt my savings wallets with different, independent passwords.

Why so many? 15 seems like a lot of work. Won't about 5 suffice for the average user?

Dang then how do we mine :(

I'll fix that to cater for miners.

Antivirus is pretty mandatory on a windows box, but as for firewall - use a hardware firewall too. Pretty much any consumer DSL router already includes one - use it.

Using the -datadir option to move your wallet.dat file to another location could also help for the current wallet stealers, they all use %AppData%\Bitcoin\wallet.dat hardcoded.

An important one to add:

Don't click on any links from an email or open any attachment, no matter how official looking they are.

Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc.

No, shredding files does not work, because modern file systems don't write the new data for a file to the same place (for performance and recovery reasons).

shredding whole volumes works, but takes weeks.

Oh yeah, I forgot all about journaling filesystems and things of that nature. Doh.

Though shredding entire volumes takes hours or days, not weeks. Unless you have some unusually large volumes.

I wrote the Windows section on securing your wallet, and my only complaint about your article is the title -- it isn't so much security dos and don'ts *for Windows* as for users of any operating system and platform.  For example, I'd point to this URL for my Macintosh-using husband if/when he starts using Bitcoin too.   Ditto people using an iOS or Android tablet. 

Since you wrote this, I'll propose the fix here instead of just doing it -- I propose removing "Windows" from the title and encouraging any new Bitcoin users to read this, especially those who are not highly savvy about computer security.  What does everyone think?

Opposite.  There should be a general Windows and Mac pages now that you mention it.