Bitcoin Forum

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

Just use a paper wallet.  And/or back up your keys to paper, Blockchain makes that pretty easy.

That they don't store the password on their server is a good feature.  I don't see how Blockchain can get that money eventually - unless you used a pretty simple password and they run a brute force against it.
Highly unlikely anyone external could brute force any but the simplest of passwords - as blockchain seems to do IP lockouts  (though perhaps via botnet?)

Also - check your keyboard isn't damaged.

..and - look for keyloggers. Perhaps someone got in via your system and changed the pass.

Number of times I've typed a password again and again and again and SWORE I did it right but it clearly isn't working... only to discover that my keyboard is set in a foreign language, and I'm either typing "ραςςωoρδ", or it's AZERTY and I'm really typing the equivalent of "pqssword" or whatever.

OP, all they store is your public keys/private keys in a encrypted JSON with a linked identifier. That's it. There's no way they can alter it unless they are storing your passwords which would ruin them.

Well, that could be one explanation as to what happened.   I'ld first be worried that my system has been compromised and then only after being able to rule that out would I continue to use it.  From a secure system, then I'ld change my bank passwords after this.  Again -- password reuse is not recommended.



No, they won't.  They don't have access to the unecrypted keys.

Now did you have a previous backup of your wallet from prior to having any trouble?

But if a thief got access to it, even with an older copy of the wallet the funds are likely spent.

The login page shows three backup methods ... Dropbox, Google Drive, and Email.

You can configure it so that a copy of the encrypted wallet is sent to your e-mail after each change.

Also, setting it up with a second password (required for spending) is a good recommendation.

This is good reading:

Caution: Do You Bank Online?
 - http://market-ticker.org/post=212456

by Karl Denninger, Ticker Guy


[Update:
And also:


Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks
 - http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks ]

Wow hopefully it is just something simple like a keyboard error. Hopefully you get access to your cash soon.

If you have a backup of the wallet just open another account and import it to it - or import it into multibit.
I would also just use a watch address for the bulk of your bitcoins with the private key stored offline.


edit - just realised you'd still have the same password problem though. But blockchain do not store any bitcoins they just store an encrypted wallet that is decrypted in the browser. They can't steal these bitcoins.
I suggest you keep trying the same password - perhaps try it on a different computer

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).  I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

Account details -> Secuirty

You can enabled two-factor authentication.  This can be an e-mail, SMS text message, Yubikey, or Google Authenticator.



As long as you have it save backups (or send them to you), you are protected from lost.  You can also set up a second password that is required only for spending.  So even if the phone is stolen and someone tries to send funds, they can't without the second password.

Account details -> Passwords


 - http://www.Blockchain.info/wallet

For the android app - you can put on a second password which is required when spending. (edit:  ^^ what he (Stephen Gornick) said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Try opening notepad or another simple text editor and writing the password in plaintext exactly how you think it should appear. Then copy and paste it into the password field.

Keeping you own paper backup or .aes.json backup is the always recommended. Then you can restore the wallet using a desktop client if need be.

Sounds like your fault for not properly backing up your wallet, both on paper and in encrypted form (it's impossible for blockchain.info or anyone else to change your password on your backups). Plus since you re-use your password, how do you know if your password has not been compromised somewhere else, and the hacker simply went into your blockchain.info account. It can be pretty useless to hack into online banking, so you might not notice your online banking has been hacked. If your coin hasn't been moved, then if you have properly backed up, you would not have lost anything.

Thanks (and thanks to Stephen Gornick as well).  I'll go do that tonight.

Password re-use is never a good idea.

What 'funny feeling'?  That is a pretty strong accusation coming from a low post forum account against piuk.  Something tells me that there would be many more 'interesting' account for them to 'steal' if he were so inclined.

I am pretty sure that you don't understand how the service works given that this is near impossible (as others have pointed out).

Knowing and communicating the password to the server are two entirely different things (also as others have pointed out).  Why would they risk their reputation to steel random piddly accounts?

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

This is of course a personal decision and there is no right way for 100% of the people.  Personally I have like BCI because an un-encrypted version of my wallet never hits my disk.

Sorry to be so negative, but attacks on long standing services / members irritate the hell out of me, especially when done from sock/low count accounts. 

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

Agreeded.  Are you using another wallet? Or perhaps a service like one of the dice?  You normally shouldn't get double spends unless something out of the ordinary is going on.

Aye. I was playing SatoshiDice with the coins in Blockchain wallet.

Ironic or not?:

While your link provides a ready means of buying your new book, it lists no option to do so in bitcoin.

(sorry for the thread derail)

Especially considering the author is a bitcoiner.

Anyone using a 3rd party wallet host will get all their coins stolen, confiscated, or magically disappeared at some point.  Nobody should use them, ever. It's safer, faster, and infinitely smarter to secure your own wallet file yourself.

They only host an encrypted wallet that is decrypted in the browser. They do not store any bitcoins.
There is no difference in me using this service than using the official client - except it is much more functional and can be accessed from any computer.
The same vigilance is necessary (key loggers etc) but blockchain wallet is worlds apart from the mybitcoin like websites that you have to trust to hold bitcoins for you.
You remain in control - you hold all the private keys.
How is using a browser interface any different than using a stand alone piece of software? - it's just a program running in the browser. You can even use it offline.
It's open source and you can examine the code: https://github.com/blockchain

Blockchain.Info definitely has a problem - https://bitcointalk.org/index.php?topic=120199.msg1297566#msg1297566

This:

http://i129.photobucket.com/albums/p227/wizzerd911/bars.jpg

I wish I had 1 BTC for every time I saw a browser just like that one on someone elses' computer, mainly computers used by females lol

If your browser looks like that, the rest of your OS isn't likely to be very secure, either.

I run a PC repair shop so I'm starting to feel like EVERYONE has MyWebSearch and Freeze and iLivid and Freeze.  How fucking stupid are people?!

You would not have as much business without their ineptness.

I am the original poster and pretty much lost all the funds that were in that blockchain wallet. I'm in my 40's and have worked my way up through the IT world and I'm very familiar with how things work and how important it is to have good, secure passwords. I have two factor authentication on all my banking sites and have "similar" passwords on all the sites with different variables. Lets just say the variables alone are more strong then most users regular passwords. It is very unlikely I lost or forgot my password. I've never done that in the 20+ years I've used passwords. Anyway, there wasn't much money in there to begin with, but it does make me wonder how it happened. Since then I've strictly used the old original bitcoin local wallet. Backup my wallet to several places, encrypt it the wallet itself, again and I've been safe ever since. Oh well, what can you do.

I've been in the IT industry for 15 years and nowadays I use LastPass to generate random secure passwords.

The only thing that would make LastPass better is if they would accept bitcoin for their premium subscriptions.

I find it quite impressive they are able to use such browsers. I doubt I would not be able to...

I use last pass that ensures my password is right

Why use an online password manager when you can use http://keepass.info (Open source and free) and backup the encrypted password database on DropBox or GoogleDrive?

Because keepass doesn't work as well as LastPass when it comes to automatically and seamlessly keeping everything in sync between multiple desktop machines and a mobile device.

DropBox and :
https://i.imgur.com/xiHSm4I.jpg

They dont store the password for security purposes. This means that anyone that infiltrates their DB's can get all the identifiers they want but wont be able to do a damn thing with them other than look at them and wish they had a password

I have used Blockchain for some time without any problems. They had a hic-up earlier - last week, but seem to be fixed. On the login problem, make sure you are not mixing up passwords if you have several wallets to log into. Check your wallet identifier and make sure it matches your pw.

how?

have the private key backed up

[2] My online wallet (blockchain.info) is encrypted with about 20 wordletter password and the sending of info is all opensource crypto

the worst that can happen is the online wallet service gets shut down, and they get a load of hashedupcryptobabble, and so I fire up bitcoin qt, elctum or whatever and carry on.