Bitcoin Forum

What are the best private key safety tips.

I just learned about the CASA app. But it has a monthly fee.

I recently had a scare with the ledger hardware wallet update and a windows 7 computer.
 Got it sorted but made me plenty nervous.
I will go for months without checking, and generally uninstall the ledger app from my devices.

What other srategies can I consider?

Make a multisig wallat, 2/2
Print out each keys, two copies each.
Key A X 2
Key B X 2

Give the copy of Key A to a group of people, family A
Give the copy of Key B to a group of people, family B

Make sure these two group, family do not know each others, but they are common known to you and close to you of course.

You can have more than 2 copies of each key but it's safer when you have lesser copies. The reason for two copies each is just in case anything happen to one copy then you always have another copy as backup.

What's wrong with Ledger? Hardware wallets are generally the safest that you can get if you're not a very tech-savvy person and it's practically idiot proof if you don't type your seeds into random places.

Hardware wallets are designed to store the keys only within the device itself and you can connect it to compromised computers without much problem (ideally not).

I have just downloaded the Casa App, no private key given, no seed phrase. And being custodial, no 2fa authenticator. It is nothing to be compared with hardware wallet, if I have no enough funds to buy hardware wallet, I will go for airgapped device. For convenience, and having no money to buy hardware wallet, I will go for bitcoin electrum wallet or bitcointalk recommended reputed noncustodial wallets, I will be able to have access to my keys, control my bitcoin by myself and also will be able to recover my bitcoin using my private key which unlock the funds from bitcoin blockchain or through seed phrase that can have access to my private key.

Also that said, Casa also makes use of google cloud for encryption and storage of wallet backup, this is wrong to me, anything that goes to google cloud is not safe for me again because google is a thirdparty. I prefer to have my wallet backup written on laminated paper or on metallic sheet for safety purpose. The backup will be with me, and I trust my self than google cloud.

It really depends on your circumstances and on what you are trying to accomplish. You have not given enough information in order for anyone to give you good relevant advice.

In general,

• It is important to store backups of your seeds and private keys offline with strong physical protection.
• Never store cold wallet seeds anywhere that is accessible to the internet.
• Hot wallet seeds and private keys must remain private and encrypted always.

One of the best private key safety tip:
1) Bitcoin electrum wallet, or bitcointalk,is one of the private key that will enable you have access to your key control.
2) wallet back up, it's important to store back up seed with private key with strong  physical protection.
Casa APP, no private key given, no seed phrase any.you cannot compared hardware wallet with black up wallet.

I can tell you what I used to do and it kept me safe for years.

I had a full node wallet downloaded on a clean computer that I never used to download and install anything but verified software. Then I created an address and did not even open the app ever again. I used the address to store coins but only a blockchain explorer to check the balance. The plan was to never use it until I'm ready to sell my coins.

If you're a holder you won't need anything fancy like a hardware wallet. Nobody is going to steal your coins if your computer and network are free of malware and accessed only by you.

Can relate to the "scare" part: had my Ledger update go wrong once, which resulted in a stressful search on how to fix that and had to fully reset of the device. The scariest part is having to re-introduce the seed and wondering if you have even written down the correct seed upon initialization.

---

A good strategy is to first of all keep using that Ledger but leaving Windows for good. I have more bootable disks and drives for various purposes, one of which is a Tails USB which comes with Electrum preinstalled. I use that for either anonymous browsing or crypto. Using Bitcoin with a HW on an amnesic OS through Tor sounds safe enough imo.

For the private key, most if not all strategies have their own flaws. However, there are so many ways you can store it safely including a crypto seed metal vault. If you purchase a quality non-corrosive one, you can just bury it in your garden and unless you forget where you placed it, it should be fine even if you had a $5 wrench attack and the intruder has plenty of time to steal it.

Regarding CASA, why the hell pay a monthly fee when you have so many fully free, open source and reliable options? Electrum and Wasabi are two options you can easily trust, as long as you don't download them off some fake website. I don't see any advantage paying for something that's supposed to be free. Just makes no sense.

Never handle private keys only handle seed words written on paper with your own hands. No electronic devices near it ever. No pics, no copy, paste, no printing, no cameras, no scanners etc.

The seed words internally recreate the key, but they are NOT the same. You should never handle private keys directly.

We are working according to your topic, what are the strategies? Because everyone wants to learn and hear from you.
Before creating a topic research for the work and understand the paragraph stanza by stanza, because this community is made up lesson's and learning.

Dont like this solutions, because it base on people and trust in a way. Bitcoin was made in a way that no trust is needed.
I would use different methods but to secure keys is almost impossible, almost always prone to human errors.
I hope in future there will be more reliable methods including hardware wallets that cant be fooled easily.

You should consider the paper wallets as a secure way to save your private keys, Once you generate the private keys on vanity gen there are multiple ways to save them. You can print them and put it on a safe box, or you can save it on a text file inside a zip with with password.

I am ok with printing the keys (or writing it manually) but I do not recommend saving it in your laptop nor in a usb device, because it simply may be hacked and cracking the password of zip/rar archive shouldn't be a big problem for the hackers.. About the usb device, it is risky since it can be infected or broken easily and you will lose everything.

If you are not afraid to tinker with software a little bit, I'd suggest trying to make your own cold storage setup. You will need an old PC or laptop that will be used to access your wallet, and this device must be kept offline forever. You'll need to just get a USB stick, install Tails on it and run an offline Electrum wallet to create your wallet and then sign transactions when needed. Detailed guide here (https://electrum.readthedocs.io/en/latest/coldstorage.html?highlight=usbl). Also make sure to verify the signatures on each software in this setup - the OS, the wallet, etc.

Hmm. You're supposed to check the seed a few times after writing down, to be fair. Doesn't Ledger prompt you to read the seeds again to verify if you've written it down correctly? It shouldn't be that big of a problem if you're supposed to verify it again in the first place.

Wow, it sounds so interesting and sophisticated. IMO the easiest way: try to learn your key by heart and keep the printed  out copy in a wall safe.

but Tails comes with Electrum pre-installed on it so you can't verify Electrum's signature anymore as far as i know because it is already extracted.
besides isn't it harder to use persistence with Tails that is designed by default not to leave anything behind? and if you want to use it installed on a USB to be used as the cold storage then you need persistence.
i personally find it better to use a general purpose OS (like Ubuntu) for this purpose rather than a specialized one.

What do you mean by learn your key by heart? Memorizing the seed(s)? That's not a good choice. Even if you can remember the mnemonics with some tricks, nothing guarantee that you can remember it tomorrow. Printing the copy is better as you mentioned, as long as you store it securely. Buying a wall safe is probably a good idea but I won't put it open where people can see it as if you tell people "hey, there is something valuable here".

After you've written down your seed, the Ledger device will make you input each word in order from a multiple choice selection to ensure you have it correct.

Correct. The best you can do is to verify Tails and to trust that they verified the version of Electrum which is bundled with it, or to download and verify the Linux Appimage from https://electrum.org/#download and use that one instead.

It's not too difficult. There are instructions on how to turn on Persistent Storage for Electrum here: https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html#bitcoin
Bear in mind that although the persistent storage is encrypted, it will be only be as secure as your encryption phrase, so if your USB stick is lost or stolen then your coins may be at risk.

I agree. Since my cold storage device will never connect to the internet, then I do not need most of the things that Tails provides. A general OS with full disk encryption provides better usability and better security.

My strategies you might consider. I wrote it down in my small notebook, and keep it in a safe place. Even if somebody found this, it's safe here because in our place I'm the only one who knows how to use it. If you want extra safety, create many seeds, shuffle other seeds in your main seed and remember the pattern of your main wallet seed.
 

It's been a long time since Ledger doesn't support Windows 7, and it's no wonder you've had problems with the firmware update - you're happy if you've managed to complete it successfully. What you should do is leave that now obsolete OS, it has become a thing of the past and will only create problems for you with Ledger. If you want to continue using Windows I suggest you do an update to W10. Your private keys will be safe in your hardware wallet as long as you keep your backup safe.

---

Ledger has something called Recovery Check app (https://support.ledger.com/hc/en-us/articles/360007223753-Recovery-Check), but it is always desirable to perform a good old method to reset the device after the initial setup, and check if the same addresses are created after recovery.

You can download Electrum, put it on a USB and run this version instead of the one that is pre-installed. Or you can put it in Tails' persistent storage if you use it.


To me the amnesia feature is actually the biggest appeal of Tails, because it helps mitigate a theoretical airgap-jumping malware. I always transfer the unsigned transactions first, then I insert my USB with Electrum and wallet files and sign the transaction. After that I broadcast a transaction with mobile version of Electrum by scanning its QR code. This way, my keys are even less exposed than with persistent storage.


With my first cold storage setups I tried Ubuntu and Mint, and I've ran into issues with drivers and lack of a Python installation on the latter. Tails worked out of the box, and pre-installed Electrum is a bonus. It's true that you have to trust them with it, but you have to trust them on a bigger scale anyway - if OS authors wanted to steal coins, they would do it with or without malicious wallet software.

With this method, an attacker who gets their hands on your USB can do two things. First of all, they can deduce from the Electrum files and data that you are storing bitcoin, and execute a $5 wrench attack to access it. Or they can replace the Electrum files with malicious ones (I doubt very much you would verify the Electrum files each and every time you open Electrum) and steal your coins. Neither of these attacks are possible with a permanent OS which is fully encrypted.

Yeah, I'm not a big fan of Mint, but I've never had a problem with Ubuntu. You could always try Debian if you really like Tails, since that's what Tails is built on.

According to my personal opinion, the best advice that you can follow to protect your keys is to create backup copies of these keys, print more than one copy on the papers, and hide these papers in different places that only you can access, in addition to that you should stay away from storing your keys inside browsers and the Internet In addition to staying away from storing it inside a computer or mobile phone

Totally agree, if we are talking about storing keys hardware wallets would be the topmost in the list. I like what you called it "idiot-proof" lol. But this thing might costs you around $100 to $200, if you don't have this you better storing your keys offline.

And also don't be an idiot acquiring hardware wallet on a random seller in the internet, they will sell you in a lower price but the hardware wallet is tampered or worst has a malware use in stealing funds. Either you have it or not, the safest way is to have a common sense.

Got some good tips, thanks.

I like how easy the Electrum wallet works.
 
I quiit using win7 and now win10.
But windows is becoming more annoying with the increasing intrusiveness.

I'll probably got back to using a Linux only machine, which I havent used for a while. The learning curve was kinda tough for a younger boomer like me.
I've read how the newer Linux versions are easier to use nowadays.

are applications like casa convincing ?? use hardware wallets such as nano ledgers or trezzors as the safest storage media. because currently both types of wallets are proven to provide the best and most relevant storage. so the safest is a hardware wallet at this time

USB with wallet files and Electrum can be encrypted too. It's pretty much the same, in both cases the attacker will see some encrypted files, and in both cases it might rise their interest, so a $5 wrench attack is equally likely. Steganography can be used to get deniability in case of these attacks, but if the attacker is good with technology, this might not work.

You are just risking your keys to losing when you are using any third party. To keep your keeps much better to have saved it offline or just print it. I'd never think how you confidence using ledger wallet because a lot of people using that.

All the safety of your wallet and private keys will depend on you, in fact, I only use an online wallet but having 2FA factors will be good enough for me to secure my fund on there. If you are too careless with your keys, letting your computer used by another person or being bold enough to others, the possibility that you might lose control of your wallet. You don't need to spend more about keeping your keys, enough to start how you handle them.

there's nothing to fear with hardware wallet updates. Even updating the device wallet firmware will be safer with even better security updates.
The main security wallet any other hardware device or wallet you have depends on how you use it. Do not enter your private key on phishing websites which will easily retrieve your private key.
Storing private keys must be done properly and safely, do not let them connect to the internet that you do not monitor.
You also need to have a secure and offline backup of the private key, which is especially necessary when you lose the primary private key.

You also have to always be vigilant and don't get caught with phishing websites or fake websites that will take over your wallet.

2FA only protects your account from being directly accessed by an attacker, and even then it's not infallible and can be bypassed, reset, transferred, or phished. 2FA does absolutely nothing to protect your coins from the third party shutting down, going bankrupt, exit scamming, freezing your account, seizing your coins, implementing sudden KYC or other privacy invading policies, and so on. Do yourself a favor and withdraw your coins to your own wallet.

Provided you have your seed phrase backed up. There have been instances of wallets resetting themselves when being updated.

Fixed that for you. Do not enter your private key on any website, ever.

Hi,
Probably the perfect solution doesn't exist. There are a number of threats that could compromise your keys:
- Malicious people/software/devices: Hackers could steal your keys stored on any software or third party, Burglers could steal the piece of paper where you wrote down your keys. Ok, splitting your keys in several copies could work
- Yourself: After the years you could forget where did you hide your keys. How to recompound a sophisticated method. Who remember the password that open the magic box that stores the instructions to recover the seed?
- Death! Let's assume that you find the strategy to preserve the keys that best suits you. When you die, who will recover your bitcoins?? You need to allow easy access to your keys for the day you pass away, otherwise these would be buried and forgotten forever

I can't remember if it did the last time I had to reset it, to be honest.. yet, the moment is still kinda stressful and puts me into some kind of paranoia mode until I get back to my wallets, lol.

To be honest, this one sucks the most. I mean, methods that require a good remembering mind suck and could go wrong for example if you suddenly have an unfortunate loss of memory.

I created a very complicated method to hide my keys (not very safe, but takes hella lot to find out what the pattern is) on a paper years ago and recently found the paper containing just the hidden key. I have no idea anymore what the method I have used was. Fortunately, it's empty though..

I recommend having a hardware wallet instead. That's the safest of all your wallet options. That is if that's what you meant by "key safety". The thing about private key is that no one must know or have a copy of it apart from you. If it's inputted in a wallet that's owned and run by a third-party provider, access to your private key isn't exclusive to you. The third-party provider has access to it, too. Some of them are reputable though.

That said, hardware wallets aren't totally safe, so you must be careful when buying one. Some sellers will try to trick you into using a set of codes and tell you that it's supposed to be the key to your account. The seller has a copy of this key and can freely use it to steal your coins. Make sure that your hardware wallet is fully formated or free of any suspicious data. Experts advise writing down your private key on a piece of paper instead of saving it in a digital file. This way, if your computer gets infected or hacked, the hacker won't have your key.

Seed phrases are meant to be memorized especially in emergency situations. For example, if a person is trying to escape from authoritarian regime or bitcoin-unfriendly country or simply wants to transfer wealth to another country he has to memorize his seed phrase and write it down again when he successfully crossed the border. Hardware wallets, paper wallets, seed plates are all good for safe storing and holding, but it is almost impossible to transfer those across borders. All your physical backups will suddenly become irrelevant and unsafe, because you obviously can't leave them behind and can't risk transfer them since they can and will likely be confiscated by evil government.

In order to be sure that you have a not compromised private key you could do a couple of things like

• Create your wallet in an air-gapped computer
• Use Hardware wallets (that's what you used already and you are pretty much protected already with that)
• Make sure that you only use a computer that isn’t infected with malicious content
• Update as much as possible to prevent possible vulnerability attacks
• Don’t Trust, Verify

With that, I think you are pretty safe with your keys. Don't ever lose your backup phrases and never input them to anything unless it's secure.

yes i am aware of that. Having a backup seed phrase is essential to avoid unexpected occurrences. I don't really know about hardware wallets, but when the firmware update fails it might be fatal too.
However, backing up the wallet's seed phrase is the most important and must be done.

Exactly. It is important to have a secure physical storage for your keys.
Although, I acknowledge the point that these seed phrases are meant to be memorized as well.
The best and safest storage in your mind, just don't forget to constantly remind yourself about these.

This key safety is among the many struggle of crypto enthusiasts. It is important to choose storage that are surely trusted but never get too assured and comfortable about these storage because it is also better if you know it by yourself.

I have very simple examples that I commonly do.
1. Store the private key with specific code on several devices such as laptops, computers, and also mobile phones. I store it offline, not online one because it will be very risky moreover when the application is not a paid-app.
2. Write down them on certain books, be sure that you really save the book securely. If needed, you can notice someone else about the private key, but ensure that he//she is trusted enough. It may be your wife/husband or trusted family.

And of course, never give other people who you don't believe the private keys, whatever the reasons, moreover when they have reasons to help you recover something. Never believe them.

No, they aren't.

No, it isn't.

Memorizing your seed phrase is probably the worst back up method you can choose. It is incredibly fragile and fallible - far more so than a paper back up - and even a minor blow to the head or fever can make you forget your back up. In fact, you don't even need that, and can simply forget it over time without any obvious cause or intervention by another party. It is susceptible to a $5 wrench attack. It makes no provision for passing your bitcoin on should you die.

When you say you store it offline, do you mean that the multiple laptops, computers, and mobile phones you use are all permanently airgapped, never connected to WiFi or other wireless connectivity methods (e.g. Bluetooth), and are never physically connected to an internet source (e.g. ethernet)? Anything stored on a device with an internet connection is not "offline".

Hardware wallets are nice but like you I don't use mine all that often and I worry that something could happen to it or one day they'll be hacked.  Personally I think paper wallets are the only way to go. Everything is offline and is definitely the safest way of storing bitcoin.  After that, hide your keys somewhere no one would ever be able to find them, or maybe use a safety deposit box at a bank.

Every one should save their all types of secret key in off line. Any online storing system is highly risky. I suggest you to write down in a secret sheet and save it to different private places. I think this is the best key safety strategy.

CASA app ? I just heard it now from you, I dont' think it's reputable upon checking on playstore it has very low ratings, not recommended. About private keys I am using non custodial wallet which has only seed or recovery phrase but those are equal to our private keys. I guess next to hardware wallet, non custodial is the best option. Same as you I am hesitant to store on ledger too but with different reason, ledger is just like a Flash Drive is size, it can be misplaced somewhere if you lost the device goodbye to your coins. Unlike with private keys if you made some copies you can recover it anytime, now how should we store it? For me, I put some on flashdrive and keep it on the safe place like vault or similar and print some copies on paper. Never save your keys on a device which keeps online often.

private key but pay a monthly fee?
I think it's not the best, maybe you can try to choose a hardware device wallet for storage instead of having to pay for storage keys that are not strategic yet

I have not heard of this CASA app before, so I just went through Google and skimmed through a few articles to understand what it’s all about, and from what I have seen, if they can really provide the services they claimed on their website, then it might be a good option.

Some people do say that paper wallet is the best, and others would say paper wallet won’t protect your funds from things like natural disaster and similar events, and this CASA you have mentioned claims to protect users from such things, and other things they have mentioned such as hacking, supply chain attacks, and other cases. But anyone that’s going for this option should know that there are fees, and their Diamond account is for $420 monthly? ???

I bought some small thin metal sheets and a punch set from Amazon. Made a couple of copies of my ledger recovery phrase and then split them into 2 pieces which I keep in different locations. Having the words punched into metal makes me feel a lot safer than having them written on paper!

others engrave it on solid objects but what you did is  simillar to them , yours are just handy and easy to carry but dividing them and hiding the other part on another storage sounds risky because you can forgot them or other people will find it out and do unwanted things with it .

for me i dont divide my keys or phrases but i make more than one copies instead and store on differrent locations .

Mine is just an idea of how I do it. I am pretty sure everyone has their own custom idea. Here the key was combined with Seed + Master key of the 2nd wallet.

I also have another way to store my key:
The wallet has extended seed and few words of the extended seed are in my memory and shared with one person who only knows the missing words but do not know the use of the words.

The seeds (regular and extended) are printed without the words are in my memory and sent to two people who do not have much connection with the one knows only the words but if something happens to me then they will surely meet and will talk about it. And this way the person who knows only few random words will connect that this was a part of the seed.

Yes and no. Splitting your seed phrase and hiding it in multiple places obviously increases the risk that someone discovers one of your back ups, but if they do discover one then they only have half (or less) of your seed phrase, which is significantly better than them having it all.

You should make sure to have at least two back ups of every piece though. Having a single back up, and then only discovering it has been stolen or damaged when you need to restore from it could result in the complete loss of your coins.

I would be careful about assuming this. If one of my friends left me a couple of words that I did not know the significance of, I'm not going to go around all their friends and family after they died and ask if anyone knows the significance of them. More likely I'll assume they were a password to something that is no longer needed now they are dead. Different if it's someone familiar with bitcoin, but with someone who has no idea what seed phrase are, your coins may end up irretrievable.

I understand your breakout and it perfectly makes sense. However, in this case, they know the significance.
They know what I do and what I deal with. They are not tech-savvy and don't have interest in real bitcoining. But they know the money in their. It's basically in the family.

You could memorize it but it is not meant to be done that way lol

I'm literally laughing at this idea why would you memorize a seed phrase when you could just write it down on a paper, I'm imagine a person who memorized his phrases being thrown by a small brick in the head forgetting all about that stuff. Besides, our mind is messing with us sometimes you may memorize the words but it jumbles by your brain. Brain is freaking tricky and messy sometimes, ask a neurosurgeon.

That was pretty creative indeed but splitting it into two, and hiding them from different places is not ideal for me since you got a lot of chance in losing one of them or worst both of them. I'd rather do it on a single metal sheet, leave a blank character which I will memorize for my whole life so if it was found by someone else he cannot access it immediately  ;D

Safer than writing them on a paper until it gets rusty and you can barely see what you punched in there haha. I hope you did not use an ordinary metal for that, a stainless steel is preferable.