Best Online Wallet?

[chrisrico]

but i think its a very good feature of bitcoin to see the addresses money came from. so you have a chance to send funds back.

There's isn't actually a "from" in Bitcoin. On very simple transactions you may be able to make an educated guess, but it should not be relied upon as an address to which you can send a refund. If you need to send a refund, get a refund address from your customer.

[freeAgent]

IMO, it has to be blockchain.info:

high security:
- two factor authentication (yubikey, google authenticator)

Just to clarify that.  The yubikey mode that is supported is for their static password, not the One Time Password (OTP) which protects against a replay attack.

Are you sure about that?  My YubiKey sends OTPs and I use it with Blockchain.info.

EDIT: My YubiKey is not an Mt.Gox key/VIP key.  It appears that at least the Mt.Gox YubiKeys do not use OTP, but I haven't found a definitive answer as to whether or not standard YubiKeys use OTP on blockchain.info.

[Stephen Gornick]

I haven't found a definitive answer as to whether or not standard YubiKeys use OTP on blockchain.info.

And ... ?

[freeAgent]

I haven't found a definitive answer as to whether or not standard YubiKeys use OTP on blockchain.info.

And ... ?

I still don't know the answer.  Mt.Gox YubiKeys definitely don't use OTP, but if someone knows about regular YubiKeys straight from Yubico, please let me know.

[piuk]

I still don't know the answer.  Mt.Gox YubiKeys definitely don't use OTP, but if someone knows about regular YubiKeys straight from Yubico, please let me know.

Yubico yubikeys do full OTP validation, only MT.Gox keys do not (because they are locked to Mt.Gox)

Line 2263: https://github.com/blockchain/My-Wallet/blob/master/WalletServlet.java

[BIGMERVE]

mtgox wallet has the problem that you are unable to play satoshidice like games

Thats not a problem but a benefit!

no its a huge problem
if you only look at satoshidice its ok (as long as you expect ANY new user to be careful enough to not try)

but i think its a very good feature of bitcoin to see the addresses money came from. so you have a chance to send funds back.

with an mtgox wallet this is not possible. if you send back the money mtgox itself gets it (afaik: could also be that you send the funds to a random mtgox user)

You can always go to your transaction history and find the transaction number. Using that you can track who sent it to you easily. If you want proof send me some coins to my mtgox and I'll send it back to the same address.

[freeAgent]

I still don't know the answer.  Mt.Gox YubiKeys definitely don't use OTP, but if someone knows about regular YubiKeys straight from Yubico, please let me know.

Yubico yubikeys do full OTP validation, only MT.Gox keys do not (because they are locked to Mt.Gox)

Line 2263: https://github.com/blockchain/My-Wallet/blob/master/WalletServlet.java

Awesome, thanks!

[oldschool]

Another +1 for blockchain.info

I know we shouldn't trust anyone, but as far as usability goes I think blockchain.info is the best out of any I've tried so far, nice features.

Just keep an offline wallet for the majority of your coin and you'll be good.

[freeAgent]

Another +1 for blockchain.info

I know we shouldn't trust anyone, but as far as usability goes I think blockchain.info is the best out of any I've tried so far, nice features.

Just keep an offline wallet for the majority of your coin and you'll be good.

You can export your Blockchain.info wallet and import it into MultiBit if anything happens to the website.  That's pretty cool

[Jermainé]

minus:
no android app

There is an Android app.

https://play.google.com/store/apps/details?id=piuk.blockchain

This thing is wicked. Helps when your on the road and would rather leave the laptop at home.

[Evolvex]

IMO, it has to be blockchain.info:

cool interface
nice way of tracking transaction and bitcoin adresses
very flexible send options

high security:
- private keys get decrypted only on the client side in a (usually) sandboxed browser
- two factor authentication (yubikey, google authenticator)
- browser addons which check the validity of the javascript code sent from blockchain.info

automatic encrypted wallet backup sent via e-mail, also dropbox support

brain wallet support

iphone app

minus:
no android app

+1

And another +1

[420]

thanks guys. blockchain seems kool. never made an in person transfer or mobile etc. before

don't know what yubikey is...?

[freeAgent]

thanks guys. blockchain seems kool. never made an in person transfer or mobile etc. before

don't know what yubikey is...?

A YubiKey is a small USB device which is essentially a keyboard that types in a whole lot of characters when activated.  Those characters are different every time you activate it and are known as a one-time password (OTP).  After you have associated a specific YubiKey with your account, all the passwords your key generates will be recognized as coming from your specific YubiKey.  The website you do the authentication on actually has no idea whether or not your OTP is valid or not by itself.  It has to request verification from Yubico's servers.  So, it's basically a way to use very simple two-factor authentication which is very, very secure.  YubiKeys themselves are very small (I keep mine in my wallet) and rugged.  There aren't a ton of services which use them currently, but I seek those services out.  LastPass is an example of a service where the use of a YubiKey is an extremely good idea, but you can also use it with Gmail/Google's two-factor authentication (with some additional software) and various other sites and services.

[420]

thanks guys. blockchain seems kool. never made an in person transfer or mobile etc. before

don't know what yubikey is...?

A YubiKey is a small USB device which is essentially a keyboard that types in a whole lot of characters when activated.  Those characters are different every time you activate it and are known as a one-time password (OTP).  After you have associated a specific YubiKey with your account, all the passwords your key generates will be recognized as coming from your specific YubiKey.  The website you do the authentication on actually has no idea whether or not your OTP is valid or not by itself.  It has to request verification from Yubico's servers.  So, it's basically a way to use very simple two-factor authentication which is very, very secure.  YubiKeys themselves are very small (I keep mine in my wallet) and rugged.  There aren't a ton of services which use them currently, but I seek those services out.  LastPass is an example of a service where the use of a YubiKey is an extremely good idea, but you can also use it with Gmail/Google's two-factor authentication (with some additional software) and various other sites and services.

shooting in the wild here...do you know what can be done after you accidentally hit your yubikey with a hammer rendering it disfunctional

[freeAgent]

thanks guys. blockchain seems kool. never made an in person transfer or mobile etc. before

don't know what yubikey is...?

A YubiKey is a small USB device which is essentially a keyboard that types in a whole lot of characters when activated.  Those characters are different every time you activate it and are known as a one-time password (OTP).  After you have associated a specific YubiKey with your account, all the passwords your key generates will be recognized as coming from your specific YubiKey.  The website you do the authentication on actually has no idea whether or not your OTP is valid or not by itself.  It has to request verification from Yubico's servers.  So, it's basically a way to use very simple two-factor authentication which is very, very secure.  YubiKeys themselves are very small (I keep mine in my wallet) and rugged.  There aren't a ton of services which use them currently, but I seek those services out.  LastPass is an example of a service where the use of a YubiKey is an extremely good idea, but you can also use it with Gmail/Google's two-factor authentication (with some additional software) and various other sites and services.

shooting in the wild here...do you know what can be done after you accidentally hit your yubikey with a hammer rendering it disfunctional

It's quite sturdy and has no battery or moving parts, so it may not do anything depending on how hard you hit it and the angle (they've survived being run over by cars apparently).  Anyway, if that happens, you can just request whatever service you're using cancel your 2-factor authentication, which they usually do by confirming via an email address associated with your now-locked account.

[aqrulesms]

As long as you have your private key saved away safe and sound you're all good, am I correct?

[btctrade5500]

...encrypted and saved away

As long as you have your private key saved away safe and sound you're all good, am I correct?

[420]

...encrypted and saved away

As long as you have your private key saved away safe and sound you're all good, am I correct?

how to use private key to get wallet coins when you dont have the wallet file?

[Stephen Gornick]

...encrypted and saved away

As long as you have your private key saved away safe and sound you're all good, am I correct?

how to use private key to get wallet coins when you dont have the wallet file?

I think this thread is getting to be like one of those IRC conversation where people see answers to other people's questions and get confused thinking those answers were to their own questions.


Blockchain.info, can use yubikey.  If you lose the yubikey Blockchain.info can remove that restriction after you verify that you are truly the account owner (not sure how,... same IP as last, and sent to same e-mail address maybe?)  

As far as blockchain.info backup, that can be sent to your e-mail or to your dropbox each time it changes.   It is encrypted,. You can use that backup to spend your funds, but it isn't necessarily convenient.   Multibit will import a wallet backup from Blockchain.info I believe.  That backup does not require Yubikey, regardless if you had OTP/Yubikey protection enabled for login.

[I'm pretty sure on all this, not 100%]

[Jermainé]

just use mtgox. its the trendy thing to do