Bitcoin Forum

1.Disable Flash on everything but youtube(or anything you deem safe)
2. Disable or delete Java.
3. Don't download cracked programs OR download only those older than 2012 or older.
4. Don't store your wallet on Dropbox.

Follow above steps, and you don't even need to run an anti-virus, which is btw, recommended. You can thank me when your 1btc you kept safe is worth $100k.

I would say that the best advice is to simply don't make it known that you have a lot of bitcoin personally.

You should also keep your bitcoin stored on a computer that you use only for bitcoin, and you send yourself an email whenever you need to send bitcoin to a specific address.

You can encrypt your wallet.

Most important thing is not visiting suspicious sites/downloading suspicious files.

Encrypt your wallet and keep it in cold storage.

No stealing, FTW

Not the best advice.  Most of the people losing coins of their own local machine lose them through malware/trojans.  They don't have to type a single thing on these forums but if they click and download too much stuff their coins are gone.

Email is horribly insecure.  And most people don't have the option to have a second machine.  For those that do you can make a cold wallet that will never see the light of day (no internet connection whatsoever) and you can send coins there and they can never be stolen short of somebody stealing your paper wallet at home.  Even that you can protect with an M of N wallet - the knowledge is there on these forums, you need to read.

Encrypting the wallet is good - but only if you can remember the password.  The problem with this is that so many users come back 6 months later stating they forgot their password and need help brute forcing it.

Encryption via passphrase is also only safe if there are no keyloggers on the machine.  If you have a high entropy 40 symbol passphrase and the keylogger captured all that - as simple wallet.dat stealing trojan can take all your coins.

To be safe the keys need to be kept offline --> cold storage.

Dumb as it sounds, this is right. Got to be careful wit dem bitcorns.

5. Encrypt your wallet with a strong password, 10 - 15 chars in length with random characters. Do not store your wallet and password in the same storage
6. Install no-script addon to protect our computer from malicious scripts when visiting untrusted site

Indeed the email subsystem needs a total replacement. It is just utterly done for, finished! Seemingly the Idea behind Bitcoins was about inventing some sort of Postamps, to cool down SPAM delivery a bit.

On the second machine, you can use an USB stick with a tiny install of linux. One of the biggest flaws of Windows is it's strong ties into your harddisk. An operation system should not clink that much on a platform.

While I have some experience with Linux, the sheer majority of Bitcoin users (I'm not talking about miners where 1/2 know Linux) will only know Windows.  Asking somebody to learn a foreign OS just to obtain security is asking too much.

There are Windows based alternatives that are well polished and more secure and versatile than the default Windows-QT.  Windows-QT is still needed for people to run the nodes.

New users should spend a couple hours in here:
https://bitcointalk.org/index.php?board=37.0 (https://bitcointalk.org/index.php?board=37.0)

This thread has helped me a lot, so I suggest reading this if you have any doubts.

1. Checked, flashblock installed.
2. Checked.
3. Checked.
4. I used truecrypt to first encrypt my wallet file before putting it on dropbox.
5. Checked. Plus, my entire HDD is encrypted with truecrypt.
6. Checked.

 ;D

Think the easiest solution is to have a dedicated (clean) pc for storing your coin that's never used for browsing the internet or downloading software. Best to store large amounts of bitcoin in paper wallets, just make sure you've printed them securely and be aware that certain printers store info of the documents they've printed.

Put a really really long password for your bitcoin wallet (make sure you don't forget it).

When do you think 1btc will go to 100k?   ???

Is truecrypt still safe? the website says its not :S

Best bet, Create Paper wallets on a computer not connected to the internet. {Even a old computer, when you upgrade} But it must never be connected to the internet again.

Then create loads of "dummy" wallets. {These are used for confusion and frustration and to serve as honey traps}

Dump all coins not being used on a daily basis into Paper wallets {Spread them across many wallets} So if you need to import coins, you would not need to import everything you have.

Only put coins online, for small DAILY transactions. {Paying for cofee etc.}

This just lower your risk, too loose massive amounts at any given time. {Example : Klee Hack} Keep some "dummy" wallets around the house too. {If they get "picked" up, you know someone is trying to steal from you}

Cover your WEBCAM! / Use AV / Firewalls / ToR / 2FA etc.. etc.

I do all this and more for VERY little satoshi's, but you need to do more than this if you have loads of coins. {If someone hacked me, he would have been better off working for a day at Mc Donalds}

But that seem very inconvenient. If bitcoin goes mainstream, will people do this? how many coins will be lost forever if they lose their wallets?  ???

If you have a lot of coins and it's distributed and stored at different locations, you would not loose a lot, if say your house burned down. Why would you keep them all together?
You could even have "backup" copies stored at different locations. {Bank safe deposit box / Friends house etc.} Just keep the private key, seperate from the Public key, assosiated with it, if you store it
at a friends house or parents.  ;) And write some sort of code on both, only you know, to identify what joins the 2 together.

And laminate the paper wallets. {Very important} To keep it safe from water damage or insects. 

Would you trust storing it into the cloud or in some email provider like gmai?

Basic steps but something which not a lot of people listen too.

Definitely not, unless you have encrypted the file with good strong password. :)

Encrypting the wallet does nothing if you install a keylogger. I will let you on a secret. These 3 years, I've never encrypted my wallet, don't even have an anti-virus but my computer is squeaky clean. I just follow those three steps above.
I've also gained the skill of reverse engineering allowing me to peek into the assembly of potentially malicious exes before I run them. I've also thought of implementing custom software to specifically protect from suspicious programs reading wallet.dat or installing keyloggers.

This software would be nice, I don't think there's a program like this on the market / on the web.

I keep my coins in my android wallet and back everything up! ;)

Your android phone is much more vulnerable than you think. There are many apps out there that are malicious and can potentially steal your coins.

Understood on that account. I develop for Android. I remove all coding that has to do with location and data storing. I only have a total of 10 apps that I install nothing more. Phone is rooted and running a program called "Logging Remover" made by Trev-E @ xda developers. Linux is much harder to crack than windows :)

http://www.xda-developers.com/android/carrier-iq-sues-treve/
http://www.xda-developers.com/android/logging-test-by-treve-sassibob-review/

Here is somebody that had his Android phone compromised https://bitcointalk.org/index.php?topic=704041.msg7960933#msg7960933

Also, Linux is not inherently harder to crack, it's just that hackers have not shifted focus on it.

I would probably use xapo.com. Their vault is fully insured and I don't have to worry about encryption and losing paper wallets and stuff like that.

IMO the log out time is way too messed up, for some random reason I always log out lol.  And now I can't log back it, whenever I enter my username and PIN, it just clears and refreshes the page :-/

What would u call a suspicious site?

Just be careful. Anything seeming too good to be true probably is not legitimate, and don't click the green download buttons. Ever. 

I would not trust any cloud.  Use cold storage for it.  Any online use 2factor. 

Some offer SMS/google authenticator which add another level.  Also use decent passwords, and DO NOT use the same passwords.  If you use different passwords for different places chances are less of worst case scenario. 

If you use a deterministic wallet you don't need to store the keys anywhere as long as you can reseed the wallet.  In the case of Armory, for example, you can make an M of N wallet where you would need M of N pieces to restore the wallet.  You can make it so you need 3 out of 8 pieces and scatter the 8 pieces around the world - most people can't break into 3 locations to get your coins.  You can even put one of the 8 pieces on the cloud - it would be meaningless for anybody unless they were hellbent on targeting just you.  So cloud/online can be safe as long as it's not able to recreate a wallet in its entirety.

I can't see a justifiable reason for spreading out your coins into multiple wallets unless you're so well off you don't want people to know you have 10K coins, and in that case you can have your Butler do it  :D