True, and that's a good system for someone who does not have anyone they can trust. But if you do have someone you can trust, you don't need to do this. It also doesn't help very much in the situation where I suffer memory problems but am still very much alive, which happens to literally millions of people a year, and can be a very long and complex process to gain access to the assets of someone who is still alive.

Handing a sealed envelope to a relative is no different to just telling them how to access your coins in the first place. Both depend 100% on trust.

I would be very careful trusting any third party with any part of my recovery process. A regulated lawyer is maybe acceptable - a service ran by one of the worst offenders when it comes to privacy (Google) definitely is not.

Well, first she couldn't, because my back ups are not in one location, so it would take her time to recover all the necessary pieces in order to gain access to the wallets. Secondly, she's not an idiot so that wouldn't happen. There are literally thousands of questions she could ask to which only I could answer to confirm it was me. And third, if this was a realistic prospect, then there is nothing stopping the same thing happening to all our fiat accounts too.

Correct on all counts. I actually said just this in another thread just a few days ago: https://bitcointalk.org/index.php?topic=5437245.msg61679886#msg61679886. You decoy wallets need to plausibly be your entire stash, and there must be no links (physical, electronic, or blockchain) between your decoy wallets and your main hidden stash.

I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.

But if you are doing this anyway as you should (although you should be checking the whole address and not just a few characters), then what does an automatic tool add to the process? Either your computer is free of malware and so the tool simply confirms what you've already discovered by checking manually, in which case it adds nothing, or you have some malware which results in the tool confirming an incorrect address, in which case it is actively harmful and encourages users to skip the manual check.

Your clipboard can be targeted by malware, which is why it is necessary to manually double check your sending address against the source you received it from (email, website, whatever). Similarly, any such checking tool can be similarly targeted by malware, and does not remove the need to manually double check.

But I don't have anything I want to keep from my family. What good is my money to me after I'm dead? Why would I not want my family to have access to it?

If someone knows enough about you to target you for your bitcoin holdings, they aren't going to care if your spouse does or does not know your wallet passwords, the location of your back ups, etc. They will be quite happy to kidnap and hit either of you until one of you tells them what they want to know.

As I said previously, this is part of the reason I argue so strongly for good privacy. If no else knows you own bitcoin, then you are less of a target. But at the same time I trust my wife not to tell everyone she meets that we hold bitcoin, just as I trust her not to tell everyone she meets our credit card details.

My point being that such a tool doesn't really add any meaningful security. If your machine is not compromised, and you are manually double checking what you are copying and pasting as you should be, then such a tool is unnecessary. If your machine is compromised, then you could have clipboard malware which changes what you copy, but you could equally have some malware which interferes with your tool and returns a false positive, or inserts the attacker's address in to the tool's database, meaning the tool is useless, and you would only pick up the error by manually double checking again.

That's a fair point. But if you check your derivation path, and it is the standard and very common m/84'/0'/0' for example, then I wouldn't feel the need to back that up as well, knowing how ubiquitous such a derivation path is and how easy it will be to recover from it in the future, even if I forget.

Ahh apologies, I misread. I'm still not a fan of splitting up an individual component of a back up, and much prefer that if you want to set a threshold of multiple back ups to recover your wallet then to use multiple components, such as seed phrase plus passphrase, or multi-sig. Having said that, splitting up a passphrase certainly can provide plausible deniability, especially if you then put some decoy coins on the wallets which were generated from both halves of your passphrase being used individually.

As I explained above, now that a significant minority of the network is running full RBF, and at least one mining pool is mining full RBF replacements, then this isn't strictly true anymore.

Note that there is actually "only" around 65 vMB of unconfirmed transaction in the mempool. The 360 MB figure you are quoting is the dynamic memory usage (i.e. the RAM usage) of these transactions after they have been deserialized. If no more transactions were added to the mempool, and assuming an average block size of ~2 vMB, then it would take 33 blocks to clear this backlog, and not 180 blocks.

Because the human brain is incredibly fragile, and you can easily forget your seed phrase through no fault of your own with zero warning.

Then all the more reason to use multi-sig and split up your back ups, which protects against this particular threat.

You can simply print out your master public keys with a dumb printer, but you don't have to. As sad-error has explained above, his multi-sig setup does not require backing up the master public keys alongside the seed phrases, although personally I wouldn't choose this method.

So if you've been with someone for years or even decades, you've got kids or even grand-kids together, you still think you should hide your bitcoin activities from them? Maybe a new partner or spouse you've been with for only a few months, sure, but at some point when you build a life with someone, you share your finances with them.

I'm one of the strongest privacy advocates on this forum, but at some point, this just becomes common sense to let your spouse know. Why would I want to risk me suffering from memory loss or dying and none of my family being able to access or benefit from my bitcoin? My wife is fully aware of all my wallets, all my back ups, all my security, etc. Why would I want to keep that from her? If you are having so many doubts about your relationship that you think you need to keep a large part of your finances completely hidden, then you should have signed a prenup.

As nc50lc has explained the fee is only paid once, but yes, the total transaction fee for a multi-sig transaction will be higher than from a single-sig transaction. This is because your transaction has to include multiple signature instead of just one, and each additional signatures adds more size (in bytes) to the transaction. The larger the transaction size, then the higher fee you have to pay.

Not just the derivation path, but also the type of master public key it generates. A single-sig P2WPKH wallet will be a zpub (at m/0'), while a multi-sig P2WSH will be a Zpub (at m/1'). The lower/uppercase switch is significant, as they are completely different keys and one cannot be used to generate the same addresses as the other, even if you were using the same derivation path. There's more info here: https://github.com/satoshilabs/slips/blob/master/slip-0132.md

I don't think you can reach conclusions about bitcoin based on what some random altcoin is doing. Any worthless altcoin can decide to use completely moronic derivation paths if they want, as can any random piece of terrible wallet software. If you stick to reputable software using known processes, then the derivation paths are largely standardized.

As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.

When there are standardized methods of doing something, which are tried and tested and provably more secure, then coming up with your own ad hoc system is almost always a recipe for disaster.

If you want safety, privacy, or reasonable fees, then Binance shouldn't even be on your list, and certainly nowhere near the top. Binance P2P is completely centralized and simply uses the P2P tag as marketing slogan. It is about as far from true P2P as you can get.

My account status is irrelevant. There are plenty of actually decentralized exchanges out there which never request KYC and do not require that you hand over control of your coins by depositing them in a centralized wallet under control of the exchange, such as Bisq, AgoraDesk, RoboSats. The site you are shilling is completely centralized and therefore a very poor choice.

You can see from OP's post history that he heavily shills that site. He is most likely affiliated with it.

I have not used it, and I would recommend avoiding it. It requires that you deposit your coins to a wallet that they control, so is completely centralized and your coins are not yours. Their Terms of Service say they require full KYC, and reserve the right to freeze your account and your funds while they demand "upgraded" KYC, for any reason. And of course their Privacy Policy gives them the right to share all your data with anyone they want.

So pretty much all the worst parts of a centralized exchange.

That's irrelevant.

Unless you own the receiving address, then you have no idea which wallet software the recipient is using. Even if the address was generated in Atomic wallet, there is nothing stopping the owner taking the seed phrase of the wallet or the private key of that address and importing it in to any other wallet software which does support spending unconfirmed outputs. Or even just creating a transaction manually and then importing the private key to a tool like coinb.in to sign it.

Another option is to go through the multi-sig wallet creation process, ask it to create a new seed phrase, and then copy down the seed phrase and the Zpub it gives you. This is cosigner 1. You can then exit everything and start the process from scratch to create a seed phrase and Zpub for cosigner 2. And again for as many cosigners as you want.

If you were to use a live OS such as Tails, disconnect your internet, and shut down and reboot the computer to the live OS in between generating each cosigner's seed phrase/Zpub, then that would be a much safer way of generating a multi-sig wallet using a single device. You still have to figure out how you are going to spend from this wallet without bringing the threshold number of seed phrases together in the same wallet, however. It would be a very time consuming process to boot to Tails, restore the multi-sig with one seed phrase, sign and export a transaction, and then repeat the whole process for each other cosigner too.

So the real question is what are you trying to achieve? If you only have a single device to use, then a properly airgapped wallet is a better solution than a multi-sig wallet.

You keep talking about convenience, but I disagree that electronic fiat transactions are any more convenient that bitcoin transactions. It might seem that way only because fiat is what you are used to.

To pay anyone with fiat electronic, you first need a bank account of some description, which usually means visiting a bank in person and taking a bunch of personal documents along with you, or scanning in a bunch of personal documents and sending them off to the bank. Then you'll have to wait a number of days for it all to be approved. Then you'll have to deposit some fiat, which again will take a number of days to clear. Maybe you then need to open a credit card account on top of that bank account, or similar. More KYC and more delays. With bitcoin, you can open a wallet and load it with coins in the comfort of your own home without risking any of your personal information in 10-20 minutes.

To pay via fiat electronically, you tap your card or your phone. To pay via bitcoin, you scan a QR code with your phone. No real difference here.

Then from the merchant's point of view. With fiat it can take days before the money actually arrives in their account and they can spend it. With bitcoin, the money actually arrives in usually somewhere around 10-30 minutes, although the merchant can spend it immediately with a CPFP transaction if they wish. Or they can use Lightning, in which case it does arrive instantly.

When you compare similar metrics, bitcoin is far more convenient than fiat. Not to mention all the other benefits that bitcoin brings which we've already discussed - security, privacy, censorship resistance, and immune to being arbitrarily printed and inflated by your government.

If you stick to the standard BIP44/49/84 derivation paths, then this step is unnecessary in my opinion. Those paths are so ingrained in the wider bitcoin ecosystem that even if you forget them you will have no problem recovering from them in the future. Hell, I would bet the majority of users don't even know what derivation path they use, because if they import their seed phrase in to some other piece of software it will almost certainly find their coins on these standard paths. And then you've got software like Electrum, which will scan a bunch of commonly used derivation paths for you if you forget.

It would only be if I were using a non-standard and custom derivation path for some specific reason that I would also back it up.

I'm not denying that, but it is still a mistake to think you are immune to human error.

No, but...

If you look at Paxos' Terms and Conditions, you'll find the following:
So in other words, any fiat you hand over will be invested or loaned out in order to generate interest or earnings, and Paxos will keep 100% of the profits for themselves. And if they are doing it for fiat, it wouldn't surprise me in the slightest if they were doing the same for crypto, too. This is exactly the kind of irresponsible behavior which resulted in the collapse of dozens of other exchanges in the past few months. 100% of the profits to the exchange, 100% of the risks to the user.

Nah, it's super simple. You deposit money to your PayPal account, PayPal deem that as sufficient collateral to print an equal number of their new unstablecoin, and then they can use that unstablecoin to buy bitcoin for themselves, pay interest to entice more deposits, the usual shenanigans.

I think stablecoins are scams as well. Centralized, not fully backed up or collateralized, printed out of thin air, can be arbitrarily frozen or seized, have collapsed literally overnight... Worse than fiat!

Something like the following:
This will try every combination of between 1 and 3 characters from the set "qweasd", followed by between 0 and 3 lowercase letters or digits. At 8 kP/s, you should be able to search that in around 30 minutes.

---

Your story makes no sense, though. To change a password in Electrum, you have to first enter the current password, then enter the new password twice. This cannot be achieved by someone randomly hitting the keyboard, nor can it be achieved by someone who does not already know your password. Are you sure this is your wallet file?