Bitcoin Forum
March 29, 2024, 12:34:49 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Storing my seed in Lastpass  (Read 3676 times)
viking02
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


🌟 COMSA ICO: 10/02/17 🌟


View Profile
June 07, 2017, 06:02:54 AM
 #21

Isn't putting your electrum phrase on keepass fine though? 


Also i assume most people have a copy of keepass on dropbox right?  So would that still be fine?  The thing is if you have your electrum phrase on keepass and also on dropbox, then as long as you remember your keepass masterkey password and your dropbox password, then isn't that really all that is needed?  I mean if dropbox gets hacked... has it?  Well they still cannot open your keepass file without your master password right?


Thanks.

Yeah, I would think that should be fine as long as you are using a secure enough master password for KeePass that isn't easily brute forceable. Also, you must be sure that you never reuse your KeePass master password for any other websites which could end up leaking it in a compromise down the road.


Do others agree on this?  Thus as long as you use a strong enough master password for keepass, then typing the 12 word phrase in there would be fine?


Also, keeping a keepass on file on dropbox would allow you to have an online backup?  can someone tell me if this is pretty much good enough so you don't need to keep a piece of paper in your apt with your 12 word phrase there etc?


                               ,,,,╓╖µpp╖╖,,,,
                         ,╓g▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄µ╖          ,╖
                     ,╓@▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓Ñ╖    ,@▓▌
                  ,á▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓µ╫▓▓▓▌
                ╓@▓▓▓▓▓▓▓▓▓█▓▀╜╙            '╙▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
              ╓▓▓▓▓▓▓▓▓█▓▀`                       ╙▀▓▓▓███████▌
             @▓▓▓▓▓▓▓█▀`            ,,,,,         ,g▓███████▀`
           ╓▓▓▓▓▓▓██▀         ,µ▄▓▓▓▓▓▓▓█▓▓▓▄@, ,@▓███████▀
          ]▓▓▓▓███▓`       ╓▄▓█▓▓▓▓▓▓▓▓▓▓▓█████████████▓╜
         ]▓▓▓▓█▓█╝       ╓▓█████▓▓▓▓▓▓▓▓▓████████████▀╜
         ▓▓▓▓███▌       ╙▓███████▓▒       "▀▓██████▀`
        ╫▓▓▓███▌          "▀████████▄        '▓██▀
        ▓█▓███▓▒            `▀████████▄,       `
       ]▓█████▌                ╙████████▓,
       ]▓█████▌                  ╙▓█▓█▓▓▓█▓╖
       ]▓█████▌                    ╙▀█▓▓▓▓▓▓▓╖
        ▓█████▓[            ,,       `▀▓▓▓▓▓▓▓▓▄
        ▓██████[            ╓@        ╙▓▓▓▓▓▓▓▓▓╖
        ╠██████▓          ╓▓▓▓▓m        ╙▓█▓▓▓▓▓█▓@
         ▓█████╜       ,g▓▓▓▓▓▓▓▓▓▄╖╖,,,╓╖▓▓██▓▓▓▓▓▓
         └▓█▓╜       ,@▓▓▓▓▓▓▓▓▓▓▓▓████████████▓▓█▀
          '"       ╓@▓▓▓▓▓▓▓▓▀▓▓▓▓█████████████▀╙        ,
                 ╓▓▓▓▓▓▓▓▓▓╜    ╙▀▀▀▀▓▓▓▀▀▀▀╜          ╓▓▓▓╖
               g▓█▓▓▓▓▓▓▓`                          ,g▓▓▓▓▓▓▓w
            ,g▓██████████▓▄,                    ,╓@▓▓█▓▓▓█▓██╜
            ▓████████████████▓▄▄p╖,,     ,,╓µ▄▄▓██████████▓╜
            ▓█████╜╙▀███████████████████████████████████▀`
            ▓██▓╜     "▀▀███████████████████████████▀╜`
            ▓▀`            ╙▀▀▀███████████████▀▀▀"
. COMSA
ICO: Oct 2 - Nov 6
█████
▄▄▄
███
███
▀▀▀
███
███
███
▀▀▀
███
███
███
█████
█████
▄▄▄▄▄
█████
█████
▀▀▀▀▀
█████
█████
█████
▀▀▀▀▀
█████
█████
█████
█████
1711715689
Hero Member
*
Offline Offline

Posts: 1711715689

View Profile Personal Message (Offline)

Ignore
1711715689
Reply with quote  #2

1711715689
Report to moderator
1711715689
Hero Member
*
Offline Offline

Posts: 1711715689

View Profile Personal Message (Offline)

Ignore
1711715689
Reply with quote  #2

1711715689
Report to moderator
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711715689
Hero Member
*
Offline Offline

Posts: 1711715689

View Profile Personal Message (Offline)

Ignore
1711715689
Reply with quote  #2

1711715689
Report to moderator
1711715689
Hero Member
*
Offline Offline

Posts: 1711715689

View Profile Personal Message (Offline)

Ignore
1711715689
Reply with quote  #2

1711715689
Report to moderator
1711715689
Hero Member
*
Offline Offline

Posts: 1711715689

View Profile Personal Message (Offline)

Ignore
1711715689
Reply with quote  #2

1711715689
Report to moderator
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
June 07, 2017, 02:31:12 PM
 #22

Isn't putting your electrum phrase on keepass fine though? 


Also i assume most people have a copy of keepass on dropbox right?  So would that still be fine?  The thing is if you have your electrum phrase on keepass and also on dropbox, then as long as you remember your keepass masterkey password and your dropbox password, then isn't that really all that is needed?  I mean if dropbox gets hacked... has it?  Well they still cannot open your keepass file without your master password right?


Thanks.

Yeah, I would think that should be fine as long as you are using a secure enough master password for KeePass that isn't easily brute forceable. Also, you must be sure that you never reuse your KeePass master password for any other websites which could end up leaking it in a compromise down the road.


Do others agree on this?  Thus as long as you use a strong enough master password for keepass, then typing the 12 word phrase in there would be fine?


Also, keeping a keepass on file on dropbox would allow you to have an online backup?  can someone tell me if this is pretty much good enough so you don't need to keep a piece of paper in your apt with your 12 word phrase there etc?

Dropbox is the last place you want to store a seed, encrypted or not. If you use a non-memorable password, that is at least 22 characters with symbols, you won't be able to memorize it. I think the definition of a secure password should be one that is so random it can not be memorized. You are always better off keeping your seed on paper only, never online.

viking02
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


🌟 COMSA ICO: 10/02/17 🌟


View Profile
June 08, 2017, 06:22:19 AM
 #23

Isn't putting your electrum phrase on keepass fine though? 


Also i assume most people have a copy of keepass on dropbox right?  So would that still be fine?  The thing is if you have your electrum phrase on keepass and also on dropbox, then as long as you remember your keepass masterkey password and your dropbox password, then isn't that really all that is needed?  I mean if dropbox gets hacked... has it?  Well they still cannot open your keepass file without your master password right?


Thanks.

Yeah, I would think that should be fine as long as you are using a secure enough master password for KeePass that isn't easily brute forceable. Also, you must be sure that you never reuse your KeePass master password for any other websites which could end up leaking it in a compromise down the road.


Do others agree on this?  Thus as long as you use a strong enough master password for keepass, then typing the 12 word phrase in there would be fine?


Also, keeping a keepass on file on dropbox would allow you to have an online backup?  can someone tell me if this is pretty much good enough so you don't need to keep a piece of paper in your apt with your 12 word phrase there etc?

Dropbox is the last place you want to store a seed, encrypted or not. If you use a non-memorable password, that is at least 22 characters with symbols, you won't be able to memorize it. I think the definition of a secure password should be one that is so random it can not be memorized. You are always better off keeping your seed on paper only, never online.



I'm confused here.  But don't you want an online copy of your keepass as well?  I mean if you only store keepass on your computer and say external hard drive and usb... say something happens to all of these, then you have no keepass file anymore.  Thus wouldn't it be a must to have keepass file stored online as an online backup?


When you say dropbox is last place to store the seed, you mean typing the seed on keepass counts as that?  Obviously i dont mean typing the 12 word phrase on microsoft word and then putting that document on dropbox if thats what you mean?  But is there really an issue with putting the phrase on keepass and then uploading it to dropbox or any other online place like google drive etc?




                               ,,,,╓╖µpp╖╖,,,,
                         ,╓g▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄µ╖          ,╖
                     ,╓@▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓Ñ╖    ,@▓▌
                  ,á▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓µ╫▓▓▓▌
                ╓@▓▓▓▓▓▓▓▓▓█▓▀╜╙            '╙▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
              ╓▓▓▓▓▓▓▓▓█▓▀`                       ╙▀▓▓▓███████▌
             @▓▓▓▓▓▓▓█▀`            ,,,,,         ,g▓███████▀`
           ╓▓▓▓▓▓▓██▀         ,µ▄▓▓▓▓▓▓▓█▓▓▓▄@, ,@▓███████▀
          ]▓▓▓▓███▓`       ╓▄▓█▓▓▓▓▓▓▓▓▓▓▓█████████████▓╜
         ]▓▓▓▓█▓█╝       ╓▓█████▓▓▓▓▓▓▓▓▓████████████▀╜
         ▓▓▓▓███▌       ╙▓███████▓▒       "▀▓██████▀`
        ╫▓▓▓███▌          "▀████████▄        '▓██▀
        ▓█▓███▓▒            `▀████████▄,       `
       ]▓█████▌                ╙████████▓,
       ]▓█████▌                  ╙▓█▓█▓▓▓█▓╖
       ]▓█████▌                    ╙▀█▓▓▓▓▓▓▓╖
        ▓█████▓[            ,,       `▀▓▓▓▓▓▓▓▓▄
        ▓██████[            ╓@        ╙▓▓▓▓▓▓▓▓▓╖
        ╠██████▓          ╓▓▓▓▓m        ╙▓█▓▓▓▓▓█▓@
         ▓█████╜       ,g▓▓▓▓▓▓▓▓▓▄╖╖,,,╓╖▓▓██▓▓▓▓▓▓
         └▓█▓╜       ,@▓▓▓▓▓▓▓▓▓▓▓▓████████████▓▓█▀
          '"       ╓@▓▓▓▓▓▓▓▓▀▓▓▓▓█████████████▀╙        ,
                 ╓▓▓▓▓▓▓▓▓▓╜    ╙▀▀▀▀▓▓▓▀▀▀▀╜          ╓▓▓▓╖
               g▓█▓▓▓▓▓▓▓`                          ,g▓▓▓▓▓▓▓w
            ,g▓██████████▓▄,                    ,╓@▓▓█▓▓▓█▓██╜
            ▓████████████████▓▄▄p╖,,     ,,╓µ▄▄▓██████████▓╜
            ▓█████╜╙▀███████████████████████████████████▀`
            ▓██▓╜     "▀▀███████████████████████████▀╜`
            ▓▀`            ╙▀▀▀███████████████▀▀▀"
. COMSA
ICO: Oct 2 - Nov 6
█████
▄▄▄
███
███
▀▀▀
███
███
███
▀▀▀
███
███
███
█████
█████
▄▄▄▄▄
█████
█████
▀▀▀▀▀
█████
█████
█████
▀▀▀▀▀
█████
█████
█████
█████
SimmonenY
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
June 08, 2017, 08:32:48 AM
 #24

One of my friends had a Google Authenticator for his LP and one day his phone was stolen and he couldn't log in to his LP account without the GA code. He was in panic but everything ended well.
MessageSafe
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
July 25, 2017, 09:14:27 PM
 #25

Storing encrypted seed in LastPass is OK. The question is: how and where do you encrypt it?  I would not trust my PC, even though it has all the antivirus software one can get.

I went further and created a simple encryption program which runs as a web page and can be opened in any old smart phone.  The phone should be put in 'airplane mode', encryption done, and the resulting codes photographed from the screen by another device.  The phone should be then factory-reset (or destroyed).  As a result you get a picture of encrypted codes on the other device, and your secret never touches the web even if the phone was swarming with viruses.

So, this is the idea, please, take a look at  https://messagesafe.github.io/ . At this point I need feedback, may be I missed something. If there is any interest, I will start a thread to discuss any issues.
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
July 25, 2017, 09:23:29 PM
 #26

LastPass Password Manager is made to do this.
Do not forget to make backups and use a strong password.

The problem is you cannot make a truly random strong password that you can remember reliably, so you wind up writing the password down. Can you remember a random string of numbers, letters and symbols longer than 20 characters? I sure can't. If you allow a password manager to remember your password you have an attack vector. Hardware wallet manufacturers recommend you write your seed on paper and store in a safe place for legitimate reasons.

NUFCrichard (OP)
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


View Profile
July 26, 2017, 12:13:13 PM
 #27

LastPass Password Manager is made to do this.
Do not forget to make backups and use a strong password.

The problem is you cannot make a truly random strong password that you can remember reliably, so you wind up writing the password down. Can you remember a random string of numbers, letters and symbols longer than 20 characters? I sure can't. If you allow a password manager to remember your password you have an attack vector. Hardware wallet manufacturers recommend you write your seed on paper and store in a safe place for legitimate reasons.
The thing is, there is almost no perfect way to store your Bitcoin in a 100% safe way, whilst still being able to access it yourself.
You can write down your very strong password, but there is always the chance that you lose your note. So you could save it somewhere or photograph it, but both aren't safe!

So you could use a password manager, but then you have your attack vector as you said. I personally see my very strong password hidden in my strong password/2FA protected password manager as a pretty good solution.

Could it be better? Yes probably. But if it were safer, it would probably be difficult for me to access. Another thing is to not keep all your eggs in one basket. I mean losing some of your bitcoins is obviously a nightmare, but that is preferable to losing all of your bitcoins!

Paper wallets are good, but nowadays with stuff like BCC and Byteball around, it is necessary to sign messages or split your coins, so just leaving your Bitcoin in an offline paper wallet is actually missing earnings opportunities.
vcavallo
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 20, 2017, 03:42:07 PM
 #28

Reviving this a bit.

how is encrypted keepass on dropbox any different than lastpass? you're talking about client-side encryption being stored on a 3rd party service in both cases.
i realize there is a difference in relying on the lastpass client to perform the encryption vs handling that all yourself on an air-gapped machine, but there is always going to be some trade-off between usability, recoverability, memorability, and security. memorability being the biggest one there. which brings me to:

it is definitely possible to have a secure and memorable pass phrase to decrypt your secrets - contrary to what some people have said here. I have a few 8-10 word phrases that I've trained myself to remember and haven't written down anywhere (at least not altogether... I've left a few hints and fragments for myself just in case).

But the issue, as NUFCrichard said, is that there is always going to be a weakest link in your security - and if not there's a good chance it's so safe that you are at risk of losing access yourself. People say "just write it down and keep the paper safe" -- that's a huge understatement/misdirection! how do you keep a piece of paper safe?! in a literal safe? then how do you prevent someone from walking away with it? how to you keep the combination or physical key secure? what if there's a fire? The only truly safe place to store a piece of data is in your brain (torture notwithstanding) but then you're really talking about irrecoverable data loss if you happen to forget it...
jerry0
Full Member
***
Offline Offline

Activity: 1736
Merit: 186


View Profile
January 10, 2018, 07:23:56 PM
 #29

So if you had to choose, its better to type it in on keepass as opposed to lastpass right? 

So if you upload your keepass or lastpass file on dropbox... well you still need to get the password of keepass or lastpass in order to access it.  So wouldn't that be the best way so that you would have a keepass or lastpass file backup on the internet such as dropbox in case you dont have your copy on your computer or usb etc?

Like the other mentioned... people say write your word on a seed and keep the paper safe.  Where do you keep this paper then?  Do you keep it in a safe?  Do you keep it in a safe in the bank?  Do you keep it in a drawer in your home?  Do you have the paper broken in 2 or more parts that way the one piece of paper doesn't have all the word?  The thing is someone mentioned what if there is a fire.  Well if there is, that means your computer and everything might be gone.  The other thing is what if someone breaks in your apartment or something like that and then takes your paper.  Or maybe they come and just take a picture of your seed and then leave etc.

So if this is the case, isn't what i mentioned a while back probably the best idea to do would be just type your phrase on keepass or lastpass and then upload it on dropbox?  Because that way, the person would need to not only hack your dropbox account, but they would the password to your keepass or lastpass etc.  That way you dont have to worry about your piece of paper?  Also even if you put it in a safe in a bank, there has been cases where safes have gotten destroyed in banks etc.

Thoughts on this?  I really don't think having the entire phrase written down on a single piece of paper is good idea.  I could understand if you have it broken down in say 2 or 3 pieces etc though.  But in any case, shouldn't you have a copy of the seed online somewhere in keepass or lastpass?  That way you dont have to think about the physical piece of paper?
Spendulus
Legendary
*
Offline Offline

Activity: 2898
Merit: 1386



View Profile
January 14, 2018, 07:10:04 AM
 #30

So if you had to choose, its better to type it in on keepass as opposed to lastpass right? 

So if you upload your keepass or lastpass file on dropbox... well you still need to get the password of keepass or lastpass in order to access it.  So wouldn't that be the best way so that you would have a keepass or lastpass file backup on the internet such as dropbox in case you dont have your copy on your computer or usb etc?

Like the other mentioned... people say write your word on a seed and keep the paper safe.  Where do you keep this paper then?  Do you keep it in a safe?  Do you keep it in a safe in the bank?  Do you keep it in a drawer in your home?  Do you have the paper broken in 2 or more parts that way the one piece of paper doesn't have all the word?  The thing is someone mentioned what if there is a fire.  Well if there is, that means your computer and everything might be gone.  The other thing is what if someone breaks in your apartment or something like that and then takes your paper.  Or maybe they come and just take a picture of your seed and then leave etc.

So if this is the case, isn't what i mentioned a while back probably the best idea to do would be just type your phrase on keepass or lastpass and then upload it on dropbox?  Because that way, the person would need to not only hack your dropbox account, but they would the password to your keepass or lastpass etc.  That way you dont have to worry about your piece of paper?  Also even if you put it in a safe in a bank, there has been cases where safes have gotten destroyed in banks etc.

Thoughts on this?  I really don't think having the entire phrase written down on a single piece of paper is good idea.  I could understand if you have it broken down in say 2 or 3 pieces etc though.  But in any case, shouldn't you have a copy of the seed online somewhere in keepass or lastpass?  That way you dont have to think about the physical piece of paper?

There are some really, really bad ideas in this thread.

Please exclude from consideration all the programs, cloud storage and other crap.

But if you don't believe me, then take your seeds and keys, change the encoding as required and stuff them in a file entitled "Damn Microsoft Serial Numbers and Restore Keys"
jerry0
Full Member
***
Offline Offline

Activity: 1736
Merit: 186


View Profile
February 18, 2018, 09:52:01 PM
 #31

what physical locations are you guys putting the seeds into?  So you break it into 2 parts?  So whether its electrum or ledger wallet which has 24 or 25, you do the same?  Now what happens if you computer with electrum gets stolen.  And also 1 part of the seed in your apartment/house get stolen.  The other part let say you put in a bank safety deposit box.  First off, is that even safe?  That seems like a really bad idea as i heard of safety deposit box in banks getting broken into/drilled etc.  Then what happens then?  Same as if your nano ledger wallet gets stolen.  Half of the seed got stolen, the other half its somewhere else.  If you have no online backup, then what do you do here?  The other thing i thought was this.  If you keep it in keepass and put a copy of it online such as dropbox or google drive... well as long as you remember your dropbox/google drive password and keepass, that is all that is needed.  Don't you guys agree?  The other thing might be... how about create 2 different keepass files?  Where half the seed is on one keepass file... the other is on another file?  And each one is on 2 different dropbox/google drive email?  That way if somehow your dropbox/google drive account got hacked... well they still need the password for keepass. And if they somehow get it... well they still need to hack your other dropbox/google drive account and also hack the other keepass file.  So basically create different passwords for your different dropbox/google and for each keepass file.  Yes you would have to remember a few more passwords.  But wouldn't this probably be the safest way to store a password on keepass and keep an online backup?


12 word phrase, i could definitely see how people could remember that.  24 word or 25 word seed is basically impossible i think.


Because if you dont keep a copy of it online, well there is always a chance it physically could get destroyed/stolen.  So thoughts on that?  I mean there has to be lot of cases where people either did not wrote down their 12 word phrase or... they wrote it down but no idea where it is etc and they cannot access it anymore.
pooya87
Legendary
*
Offline Offline

Activity: 3402
Merit: 10435



View Profile
February 19, 2018, 02:56:22 AM
 #32

~

try not to overthink things! you have a bunch of words that you need to remember. if you have one of those strong memories then memorize them. and if you don't then simply write it down on a piece of paper, in a book or basically anywhere physical (no digital storage). then place that paper in a safe place.
now you can increase the resilience of that paper in a lot of different ways like laminating it or even using a metal plate instead of paper and etching your words on it.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
jerry0
Full Member
***
Offline Offline

Activity: 1736
Merit: 186


View Profile
March 30, 2019, 11:18:46 PM
 #33

The other thing is this.  Most ppl store passwords on these programs.  So its not safe putting your 12 word or 24 word seed on it?  Because someone still need to know your password to lastpass or keepass.  But if someone installed malware or trojan, then it record your keystrokes so that means all your passwords are not safe?
pooya87
Legendary
*
Offline Offline

Activity: 3402
Merit: 10435



View Profile
March 31, 2019, 04:06:17 AM
 #34

The other thing is this.  Most ppl store passwords on these programs.  So its not safe putting your 12 word or 24 word seed on it?  Because someone still need to know your password to lastpass or keepass.  But if someone installed malware or trojan, then it record your keystrokes so that means all your passwords are not safe?

well you want to use it in a safe/clean environment. if for example you use it on a computer that has a malware that can steal your encrypted keypass file + the password you enter in it, then it is obviously not going to be the safe way of using it. it would be like having a safe in your wall but instead of locking it, you leave the door open with your valuables inside!

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Pmalek
Legendary
*
Offline Offline

Activity: 2716
Merit: 7033


Farewell, Leo. You will be missed!


View Profile
March 31, 2019, 08:01:18 AM
 #35

<Snip>
I have never been a fan of these password managers, they are useful, sure, but we are still somehow giving control to a third party when it comes to password generation and storage. We are trying to move away from centralised control when it is related to our private keys but we give another party the option to generate the passwords that we use. 

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
jerry0
Full Member
***
Offline Offline

Activity: 1736
Merit: 186


View Profile
May 02, 2021, 06:14:10 PM
 #36

Has lastpass ever been hacked before?  Someone mentioned of a password manager that was recently hacked... and said like if you installed updates during a certain time, then you got hacked.  Anyone know anything about this?


Also would you store it on lastpass or keepass or are they about the same?
Pmalek
Legendary
*
Offline Offline

Activity: 2716
Merit: 7033


Farewell, Leo. You will be missed!


View Profile
May 03, 2021, 09:15:14 AM
 #37

Has lastpass ever been hacked before? 
They have been hacked a few times. 2-3 times I think. I don't know if Keepass was ever hacked.

Also would you store it on lastpass or keepass or are they about the same?
I wouldn't store my seed in either of the two software no matter what anyone else says. Recovery phrases shouldn't have digital backups, period.
How do you get from wanting to store your seed in multiple bank accounts across the country to wanting to store them on your computer or online service in any format?   

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
BlackHatCoiner
Legendary
*
Online Online

Activity: 1470
Merit: 7064


Farewell, Leo


View Profile
May 03, 2021, 01:26:13 PM
 #38

Also would you store it on lastpass or keepass or are they about the same?
I would personally choose not to store it anywhere electronically. It's losing its point. The seed phrase should and is being defined as a list of words which store all the information needed to recover your funds. Most of the software wallets will instruct the user to write them down on a paper.

The developers didn't choose to warn the user such thing casually. Besides the fact that your chances of getting robbed by anything malicious are less, there's another reason:  Which item would you be more comfortable with if you wanted to keep it working for 10+ years?   rhetorical

I don't know if Keepass was ever hacked.
It's an open-source software. You can't hack it same like lastpass.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
jerry0
Full Member
***
Offline Offline

Activity: 1736
Merit: 186


View Profile
May 03, 2021, 03:56:33 PM
 #39

Okay didn't know that about lastpass.  So is keepass the only password program to never gotten hacked then?  I heard some other one like lpassword i think but maybe thats the wrong one?



Umm... i store my seeds online with a password manager as i described.  I know people said don't do that... because I didn't have any good option because i thought... as long as i have my encryption password and cloud password aka dropbox/gmail...i thought that was fine.  Of course that would mean making sure my computer has no malware/virus.



That is why i started asking... maybe its maybe to just store the seeds in multiple safe deposit boxes at different banks.  Im not asking the other way around...


Well is passwords to your email/sites and banking all you should put in keepass/lastpass then?



I always felt seeds would be safe there... since well... someone needs to have your password for keepass/lastpass... but also they need your cloud username/password as well.  Now the cloud part is obviously much easier... but how they going to get your keepass/lastpass password assuming its completely unrelated to your email if you never wrote it down anywhere online.  Now i know if you get malware/keylogger on laptop, then thats completely different story. 
ranochigo
Legendary
*
Offline Offline

Activity: 2940
Merit: 4127



View Profile
May 03, 2021, 04:03:46 PM
 #40

Umm... i store my seeds online with a password manager as i described.  I know people said don't do that... because I didn't have any good option because i thought... as long as i have my encryption password and cloud password aka dropbox/gmail...i thought that was fine.  Of course that would mean making sure my computer has no malware/virus.
You can't exactly make sure your computer doesn't have malware and virus, it can just be undetectable and storing it offline is the only way for non-physical attacks to be prevented.



I always felt seeds would be safe there... since well... someone needs to have your password for keepass/lastpass... but also they need your cloud username/password as well.  Now the cloud part is obviously much easier... but how they going to get your keepass/lastpass password assuming its completely unrelated to your email if you never wrote it down anywhere online.  Now i know if you get malware/keylogger on laptop, then thats completely different story. 
Storing your seeds in any digital medium will open up a whole range of attack vectors, malware, password compromise, encrypted data leak from the password manager. If you're storing your seeds on the cloud, I consider that as good as giving someone else your password. Most password manager encrypts your data locally but that doesn't mean an attacker can't get your encrypted string and start bruteforcing it. While it is unlikely that people can crack your encrypted strings unless you're using a weak password, why would you even take the risk?

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!