Be careful using Blockchain as your wallet...

[opentoe]

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

[1714776780]

1714776780

[1714776780]

1714776780

[casascius]

Just use a paper wallet.  And/or back up your keys to paper, Blockchain makes that pretty easy.

[julz]

That they don't store the password on their server is a good feature.  I don't see how Blockchain can get that money eventually - unless you used a pretty simple password and they run a brute force against it.
Highly unlikely anyone external could brute force any but the simplest of passwords - as blockchain seems to do IP lockouts  (though perhaps via botnet?)

Also - check your keyboard isn't damaged.

..and - look for keyloggers. Perhaps someone got in via your system and changed the pass.

[casascius]

Number of times I've typed a password again and again and again and SWORE I did it right but it clearly isn't working... only to discover that my keyboard is set in a foreign language, and I'm either typing "ραςςωoρδ", or it's AZERTY and I'm really typing the equivalent of "pqssword" or whatever.

[Atlas]

OP, all they store is your public keys/private keys in a encrypted JSON with a linked identifier. That's it. There's no way they can alter it unless they are storing your passwords which would ruin them.

[Stephen Gornick]

It is the same password I use on several of my banking sites, so I know the password well.

Well, that could be one explanation as to what happened.   I'ld first be worried that my system has been compromised and then only after being able to rule that out would I continue to use it.  From a secure system, then I'ld change my bank passwords after this.  Again -- password reuse is not recommended.

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

No, they won't.  They don't have access to the unecrypted keys.

Now did you have a previous backup of your wallet from prior to having any trouble?

But if a thief got access to it, even with an older copy of the wallet the funds are likely spent.

The login page shows three backup methods ... Dropbox, Google Drive, and Email.

You can configure it so that a copy of the encrypted wallet is sent to your e-mail after each change.

Also, setting it up with a second password (required for spending) is a good recommendation.

[Stephen Gornick]

This is good reading:

Caution: Do You Bank Online?
 - http://market-ticker.org/post=212456

by Karl Denninger, Ticker Guy


[Update:
And also:

[Project Blitzkrieg is] a collaborative effort designed to exploit the U.S. banking industry’s lack of anti-fraud mechanisms relative to European financial institutions, which generally require two-factor authentication for all wire transfers.

Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks
 - http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks ]

[allthingsluxury]

Wow hopefully it is just something simple like a keyboard error. Hopefully you get access to your cash soon.

[dancupid]

If you have a backup of the wallet just open another account and import it to it - or import it into multibit.
I would also just use a watch address for the bulk of your bitcoins with the private key stored offline.


edit - just realised you'd still have the same password problem though. But blockchain do not store any bitcoins they just store an encrypted wallet that is decrypted in the browser. They can't steal these bitcoins.
I suggest you keep trying the same password - perhaps try it on a different computer

[ralree]

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).  I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

[Stephen Gornick]

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).

Account details -> Secuirty

You can enabled two-factor authentication.  This can be an e-mail, SMS text message, Yubikey, or Google Authenticator.

no reason to risk losing it if I lose my phone.

As long as you have it save backups (or send them to you), you are protected from lost.  You can also set up a second password that is required only for spending.  So even if the phone is stolen and someone tries to send funds, they can't without the second password.

Account details -> Passwords


 - http://www.Blockchain.info/wallet

[julz]

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).  I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit:  ^^ what he (Stephen Gornick) said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

[piuk]

I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe.

Try opening notepad or another simple text editor and writing the password in plaintext exactly how you think it should appear. Then copy and paste it into the password field.

Keeping you own paper backup or .aes.json backup is the always recommended. Then you can restore the wallet using a desktop client if need be.

[kokojie]

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

Sounds like your fault for not properly backing up your wallet, both on paper and in encrypted form (it's impossible for blockchain.info or anyone else to change your password on your backups). Plus since you re-use your password, how do you know if your password has not been compromised somewhere else, and the hacker simply went into your blockchain.info account. It can be pretty useless to hack into online banking, so you might not notice your online banking has been hacked. If your coin hasn't been moved, then if you have properly backed up, you would not have lost anything.

[ralree]

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).  I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit:  ^^ what he said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Thanks (and thanks to Stephen Gornick as well).  I'll go do that tonight.

[ErebusBat]

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well.

Password re-use is never a good idea.

For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this.

What 'funny feeling'?  That is a pretty strong accusation coming from a low post forum account against piuk.  Something tells me that there would be many more 'interesting' account for them to 'steal' if he were so inclined.

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

I am pretty sure that you don't understand how the service works given that this is near impossible (as others have pointed out).

Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password.

Knowing and communicating the password to the server are two entirely different things (also as others have pointed out).  Why would they risk their reputation to steel random piddly accounts?

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

This is of course a personal decision and there is no right way for 100% of the people.  Personally I have like BCI because an un-encrypted version of my wallet never hits my disk.

Sorry to be so negative, but attacks on long standing services / members irritate the hell out of me, especially when done from sock/low count accounts. 

[Come-from-Beyond]

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

[ErebusBat]

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

[Come-from-Beyond]

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

[ErebusBat]

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

Agreeded.  Are you using another wallet? Or perhaps a service like one of the dice?  You normally shouldn't get double spends unless something out of the ordinary is going on.