Bitcoin Forum

Similar to not keeping your currencies in centralized exchanges, stay away from centralized password managers. One of the centralized password managers was hacked in August 2022,  although they claimed that no customer data was accessed during the incident, you should never trust in them. You cannot rely on the company to keep your seed/recovery phrase secure or prevent unauthorized access to the password vault on the company's end. You can trust them with your email passwords and other personal information, but not with your seed/recovery phrase, which will cause your bitcoin stolen from that address right away if it is compromised.

Additionally, I would advise against saying your seed phrase aloud if you use voice-activated devices like Alexa, Siri, or Cortana. I don't want to sound paranoid in saying this. It's impossible to completely rule out the chance that these gadgets are listening in on our chat and that, in the event of a hack, your seed phrase will be stolen.

What to know how to secure your seed/recovery phrase? I found this post Securing Your Seed Phrase with Washers (https://bitcointalk.org/index.php?topic=5389446.0) by fillippone very helpful.

That's all for now. Thank you for reading.

What do you think about saving your seed/recovery phrase in a centralized password manager?

Refs:
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
https://www.youtube.com/watch?v=9DuvCh6Ql38
https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/

You should only store your seed phrase on a paper or engrave it into a steel, saving it online or in any centralized password manager is unsafe and too dangerous, i don't even know why someone would want to store their seed phrase with a centralized service when they can have custody of it themselves and keep it safe by doing what's right.
Or your neighbors could be listening, ;D :D honestly i don't see why anybody should be reading or saying their seed phrase out loud, what is the purpose? To try and memorize it? That itself is a terrible idea and could cause one to lose their coins. Just simply write the seed phrase on a piece of paper and protect it how best you can.

Seed phrase should be kept offline and never to be exposed online like when you trust a centralized password manager, because you are giving them permission to steal your funds indirectly. Yes, you could have engrave it or write it and keep it inside your vault, but should never rely such centralized exchanges for its safety. And these voice-activated devices will never be helpful at all as it would not be a secret anymore if you are making your voice loudly that any people around might hear it and save it for themselves too.

First of all, I don't see any point in anyone to put their password or seed phrase on a centralized or any decentralized password manager. If anyone struggling to remember their password, they can write it down in several places offline. Seed phrases are hard to memorize but everyone is writing them down offline and keeping them safe outside any digital devices.


No, OP you are right. not only these devices, your mobile or laptop's microphone spies on you. Companies put that to work just to collect data, but hackers can collect them and catch you off guard with your important information.
I have seen many ads popping up related to conversations I had with others while I was near my phone or laptop.

If you truly want to keep your secret phrase safe you should write them on a piece of paper and preferably laminate them to make them water proof and if you feel that just writing on a paper and laminating it isn't secure enough you can also use a sharp objects to write on a piece of metal sheet and then keep them where no one will be able to access or a place where nobody will ever think of going to search for anything.


Laughable but true, you can never be certain of how hacker get access to some of your sensitive information and taking precautions like this can help minimize some potential harm to your system. Hackers might be able to gain access to your system's camera, mouthpiece and other accessories that can help transmit audio or video data in such case they can easily get some of your information if you're the type that read out loud your password when inputting them in your system. 

That’s happened to me more than once. I can imagine how much data some companies have collated from users over the years, I think it’s some sort of side hustle for these companies, they spy on us and sell our data to the highest bidder mostly advertising companies. It gets really bad when this data finds it way to the dark web. I don’t blame the Trump and Biden for banning certain foreign media apps from being used in the US.

This are things a sane person won't try at all... I keep saying it
What's the point of getting registered on a decentralized platform just to end up giving away your earnings on a centralized exchange, knowing too well the unbearable disadvantages? C'monnnn, this is been said over time.
Password managers ain't even an option to choose for something as important as your seed phrase -- I won't even save my forum account info on it, talk more of the keys to your FREEDOM? NO!!

Sandra 🧑‍🦰

At least I never store my personal wallet seed Phrase (long term investment only wallet) in a centralized password manager. Because if we think logically then what is the reason we trust a centralized password keeper more than our family or ourselves. I didn't even tell my family. then there's no reason for me to trust a centralized password manager. but that's just for my long term investment wallet seed phrase. whereas for personal wallets that are used daily and there are not many assets in them. because I keep doing transactions on it I don't overly complicate myself to save the seed Phrase.

Don't store all your valuable credentials, which can be accessible by the internet because there's a chance of getting hacked, just like a password manager, this isn't a necessary tool for keeping passwords or any credentials that are valuable to you.

As long as it's possible can access the internet your seed phrase is vulnerable or prone to hacking.
Writing it down on a piece of paper or engraving it into a piece of metal is the best way to protect your privacy, stay offline and you're just fine not unless if someone steals it personally.

Why would you save the seed phrase backup into a centralized password manager or any password manager this software was just created for passwords not for very important backups like private keys or seed phrases.
Backup seed phrases shouldn't be shared with anyone for the safety of these back-ups you need to manually rewrite them into a piece of paper or save it to any device offline so that you are far from leaks.

If you are going to use any software that has a cloud server like a password manager then that's risky there are many people being hacked because of sharing and using weak passwords, leaks, malware, virus, phishing, and many attacks online to protect from harmful online activity always backup your important data to the offline device(That you know you will never connect it to the internet forever). I have a laptop with broken LCD but all my backup I can still open it and connect laptop to external monitor so that I can still access it and all my backup are there and safe the only problem is that it is still Windows 7 I disable/remove wifi/internet connection of this laptop to make sure I never use it to any online activity.

Yeah, I heard about what happened to LastPass but to be honest we still need a password manager, and most of a password manager is centralized, why we need password manager because I personally keep changing the password on every account which is good since using the same password will get you hacked when one of your accounts got hacked.

Right now I'm using google chrome default password manager but my brother doesn't recommend it so they take me to Bitwarden that they say this was open source

I think your peace of mind about the safety of your passwords in the browser is just a matter of time. Even here on the forum, it has been written a thousand times that simply trusting the Chrome browser is the same as walking naked in front of an open window, so you also trust him with something that should be stored very carefully.
I will explain more clearly. Hackers need a little. You just need to follow the link they need, and it can be disguised as a completely decent and useful site. By clicking on the link, you will get something similar to an error; you will be informed that you did something wrong, then you calmly press the "OK" button and think that you have calmly left. But you have already sent the hackers all the passwords that were saved in the browser.

https://www.doyler.net/security-not-included/xss-password-stealing

Open-source password managers like Bitwarden, KeePass (for Windows), and KeePassX (for Mac and Linux) allow you to generate very robust passwords and passphrases using a system source of random data. Unlike browsers' in-built password managers, they store sensitive information in encrypted containers, which is decent protection in case of physical access to your device. If someone were to find your phone with the google chrome browser installed, he would extract all your passwords by clicking two buttons, but he would have a hard time trying to hack your encrypted password manager application. However, all this doesn't mean that password managers are the right place to store seed phrases because there is no such thing as an unhackable application.

I've lost some passwords to hackers through google password manager and the reason why they still don't have access is Gmail code and 2Fa code, most times I get message alert that someone is trying to log into my twitter account and other platforms until I changed the password to something stronger...

Imagine keeping crypto wallet recovery seeds this same way, it's complete stupidity of anyone to do such.

If you don't want to use Lastpass, keepass because of security concerns, I am so surprised to see you're ready to store your password on your browser, Google Chrome and use Google Password manager.

Do you think something is wrong? Google don't have good reputation about their data protection for users. They even proactively collected data from users and sold it somewhere to convert free data to their income like Facebook.

If you have ever saved your passwords on Google Chrome, Google password manager, it's time to change all your passwords and never repeat it.

If you use gmail, you can check [Guide] How to know if your email address was part of any data breach. (https://bitcointalk.org/index.php?topic=5201569.0)

If there are significant funds in discussion, the seed phrase should not touch even the computer or smartphone that will ever be connected to the internet. This supersedes the use of password managers, e-mail, cloud or whatever.
I don't understand, people no longer have paper and a ball pen in their homes?! Is it so difficult to actually write down (a couple of times) 12 or 24 English words? They have to put everything onto the internet? WTF?!

Removing you seed phrase from a password manager is not enough. If the seed phrase is in the password manager in the first place, then it has been stored electronically on a computer with an internet connection. You should therefore assume it is already compromised. Instead you should set up a brand new wallet with its seed phrase only backed up via pen and paper and move all your coins over to this new wallet.

Rather than it being impossible to rule out that these devices are listening to you, it has been widely confirmed multiple times that they are listening to you at all times, and what you say is being transferred to centralized servers for storage and analysis. Anything you say in the vicinity of one of these devices is on a third party server somewhere, and you have no idea who has access to it.

Google were caught storing users' password in plain text for over a decade. I wouldn't trust them with a single satoshi.

I would suggest using KeePassXC or Bitwarden.

Every Chrome browser users automatically have their password saved by the browser for easier log in later, since all the websites I am engaging with are not money saving platforms I am fine with google password manager, when it comes to my online bank account for example or exchange account my password and security level is crazy..

My password alone is over 20 alphabet with a mixture of signs and other things I don't want to say.

Then turn it off. Or better yet, stop using Chrome since it is literally spyware.

You can go to Settings > Autofill > Password Manager and uncheck "Offer to save passwords".
Take note that even if "Offer to save passwords" is checked, it doesn't save your passwords automatically and it always ask you whether you want the password to be saved or not.

I agree with some points but I do not recommend using such tools to save passwords to any accounts that involve money. I'm fine with social media accounts and forum accounts but for exchange sites, wallets, or bank accounts storing your password to any password manager is too risky and it can be targeted by hackers soon all user's passwords are leaked. I am more safe writing them all on a piece of paper than storing them to any password manager even it is opensource there are still possibilities that it can be hacked.

Instead of Chrome, use Firefox or Tor browsers. Avoid Brave browser that is a copy of Chrome and spyware too.

https://nordvpn.com/blog/best-privacy-browser/

We should avoid saving passwords in the password manager on any browser except for social media accounts or other accounts that do not require second screen security, but for the security of exchange accounts and other important accounts we must add the security feature 2fa to increase the security of account access, because even though we save passwords on manual paper but without activating 2fa then account security will not be guaranteed to be hacked, so always increase the security features available for every use of the account.

Centralized password managers can never be reliable at all since they can be a source of losing our privacy by allowing them to access to our own funds and steal them in the process. Seed phrase should always be kept to yourself and not to any other group or entity, otherwise you are giving them the freedom to control you and your funds, rather than having the freedom all by yourself. That is why decentralized wallets are made, to help us more responsible with our own coins and our hard-earned funds.

Yeah I'm right now moving to bitwarden after advice from you guys

and i found useful website that called https://haveibeenpwned.com/ basically to check my email or password has been compromised and you guys should check it too

But the lucky me I'm never save sensitive password like bank or keyphrases to my google  ;D

So thanks yall

Check my mail, and this statement was given: "Oh no—pwned!"pwned in six data breaches and found no leaks (subscribe to "search sensitive breaches"). This "subscribe to search for sensitive breaches" simply means they are also seeking traffic and email data. 

Other ways of password protection were suggested, which are some form of random sites too; they might be active and protective, but I can't use them if my saved passwords on Google are already breached, which means the safest way is to go old school, like I do with my wallet security, and write down everything on paper and take charge of my own security. Thanks to this thread left to me alone I could have not known of my password being leaked.  

Great it can help you, I have found my email and password and leaked in other place as well because I'm recycling my password on every site back year ago but now I'm using password generator and save it on bitwarden.

Using old school way is good but I think you should using password manager too

It's not only that it is easily opened and stolen, but if anything happens to your chrome installation, you will lose your passwords (unless you chose to sync them with your Google account) as the user_data folder will be trashed and replaced with a clean one.

But let's be honest. Built-in browser password managers do not help. Most of us use multiple browsers, so even if your browser can sync passwords, it can't sync them to other browsers.