how much BTC would you trust in a blockchain.wallet,how long should passord be??

[jubalix]

how much BTC would you trust in a blockchain.wallet, how should password be??

note assumes you have got all your private keys backup and encrypted everywhere

me, unsure at this stage (hence the thread) but it seems with say a 20 plus letter password it should be ok?

EDIT what hapens if you use 2 factor and then loose your phone?

EDIT 2: I guess the issue is, if some one got access to the server and relevant web sites, they could inject a JavaScript that just collects you password as you enter it, and javascript checker would be no good either as they would change that on the check site as well....as the BTC goes up so does impetus to do this some how goes up too...even of you had distributed javascript to be checked agiasnt, but even the a dodge on could be distributed......

at least this is my understanding of how the javascript check works and its limitations.

[1714475012]

1714475012

[1714475012]

1714475012

[1714475012]

1714475012

[1714475012]

1714475012

[siggy]

how much BTC would you trust in a blockchain.wallet, how should password be??

note assumes you have got all your private keys backup and encrypted everywhere

me, unsure at this stage (hence the thread) but it seems with say a 20 plus letter password it should be ok?

About as much as I'd want to spend that day before I getting home and top it off from my personall wallet.

Sigg

[justusranvier]

Trust it with as much value as you'd feel comfortable carrying around as physical cash in your wallet on a daily basis.

Password should be at least 30 random characters and generated by a password generator, which itself is protected by a high-entropy passphrase.

[whiskers75]

Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

[grue]

I'll trust it for up to $50 worth of bitcoins, but I will never store any money on it. What's the point of that when you can run a lite/thin client on your desktop?

Trust it with as much value as you'd feel comfortable carrying around as physical cash in your wallet on a daily basis.

Password should be at least 30 random characters and generated by a password generator, which itself is protected by a high-entropy passphrase.

30 characters is extreme, unless you're trying to store thousands of dollars' worth of bitcoins.

[Lethn]

10 Bitcoins at most for me, then the loss wouldn't hurt so bad but honestly I don't trust the safety of anything that's on the internet, it's always safest offline.

[btctrack]

regarding password length

http://imgs.xkcd.com/comics/password_strength.png


http://xkcd.com/936/

[ivanol]

Best to think up your own four word passphrase though.

correct horse battery staple
5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS
https://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

[Frozenlock]

I would like an 'expert' opinion on this.

In 2011 it was really silly to use the webwallets.
However, because blockchain.info (and others) never touches your private keys, is it still as much a risk as many here pretend?
(Provided you use a secure password, of course.)

[ivanol]

In 2011 it was really silly to use the webwallets.
However, because blockchain.info (and others) never touches your private keys, is it still as much a risk as many here pretend?
(Provided you use a secure password, of course.)

How do you know they don't touch your private keys? They say they don't, but unless you read the javascript source code every time you access their website, you are taking that on trust. If their website is hacked, the hacker could edit the javascript to leak your private keys/password back to them and steal your bitcoins.

This is a much lower risk than an old style web wallet that stores your private keys. In the blockchain.info case you would only be at risk if you tried to access your webwallet in the window between the site being hacked and someone noticing and taking it offline.

[glub0x]

regarding password length




http://xkcd.com/936/

IT still has a LOOOOOOOONG way to go ...

[acoindr]

In 2011 it was really silly to use the webwallets.
However, because blockchain.info (and others) never touches your private keys, is it still as much a risk as many here pretend?
(Provided you use a secure password, of course.)

How do you know they don't touch your private keys? They say they don't, but unless you read the javascript source code every time you access their website, you are taking that on trust. If their website is hacked, the hacker could edit the javascript to leak your private keys/password back to them and steal your bitcoins.

This is a much lower risk than an old style web wallet that stores your private keys. In the blockchain.info case you would only be at risk if you tried to access your webwallet in the window between the site being hacked and someone noticing and taking it offline.

This is correct.

Unless you are reading the code/information exchanged between your computer and blockchain.info (or elsewhere) EVERY TIME you connect and exchange information then you can't be sure things are happening as you imagine and hope they are.

For ANY online Bitcoin service I advise only storing as much there longer term as you are willing to lose completely if something unforeseen (like hacking/dishonesty/mistakes etc.) happens.

[franky1]

using any remote service for storage that is not owned by you is risky.

no matter how much security a bank vault has, there have been hundreds of years of examples of bank thefts involving gaining entry to a vault.

no matter how much security a bank has on its computer systems there are decades of examples of hacking banking institutions.

the only reason to still trust banks is that your money is insured.

with bitcoin it is not insured.

so don't let third parties hold all your funds, no matter how much security they promise they have.

remember if the only copy of the private key is on your hard drive or a piece of paper in your possession then the coins only belong to you.

if a third party service has it, secured or not. there is always a risk.

so only risk what your willing to use/lose.

[Dacm4n]

how much BTC would you trust in a blockchain.wallet, how should password be??

note assumes you have got all your private keys backup and encrypted everywhere

me, unsure at this stage (hence the thread) but it seems with say a 20 plus letter password it should be ok?

I have all my bitcoins there in watch mode with a strong long password. I use paper addresses and I import the keys when I want to use the coins. Those coins might sit there a couple of days and I have no problems with that but long term I wouldn't let any coins sit there in case the site goes down and you can't access the website or something similar.

[Frozenlock]

Sure, local wallets will always be more secure when done correctly.

What I'm wondering about is the risk importance.

[acoindr]

Sure, local wallets will always be more secure when done correctly.

What I'm wondering about is the risk importance.

How important are your funds to you? If you lose whatever amount you have on an online service I daresay you would feel it's important. The only way to minimize that loss/importance is to minimize what can be lost that way.

Now if you're asking about likelihoods sure that can be a consideration. Is it likely Blockchain.info will be effectively hacked or that piuk, the site's creator, is dishonest and/or unreasonably incompetent on security matters? Given its history I'd say no that's not likely. That still doesn't mean I'm willing to trust 100% of my coins there. I'd put there as much as might be used for typical transactions, for example.

EDIT: now that I think about it where is Blockchain.info hosted? If it's not hosted under only piuk's administration (i.e. with a hosting provider) then anyone with access can compromise the site and steal coins with clever code.

[blockbet.net]

I have 100% trust towards blockchain.info, but still, I would only store as little as necessary, for as short a time as necessary.

It's all subjective though, what one person might consider his life savings might be small money to somebody else. But frankly I can't see any reason why you'd put your bitcoins there unless you plan on spending it soon. If you have thousands of dollars worth of bitcoins, then in my opinion, it's a good idea to spend some time to study how local wallets work and how they can be kept safe.

Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

Can you tell us what happened? Did you have a easy password, a trojan on your computer, or how did that happen?

[Logik]

Your password doesn't matter, the only thing that matters is password uniqueness. You shouldn't rely on your password to keep your account safe. You should rely on 2-factor authentication to keep your account safe; you should assume your password will be keylogged or stolen - if that's the case then the only risk (because you have 2-factor) is that your password will be tried by the crackers on other services to see if you re-used it. But, if you didn't re-use it then you're fine.

You know what I do with my Blockchain wallet? I have a 30 character password that I keep in a Google Doc, and I copy/paste it into Blockchain but I have Google Authenticator / 2FA on both the Google account that holds the password doc, and Blockchain.

This might seem insecure, but seriously, nobody has their password stolen because they wrote it down somewhere. People get hacked because they re-use passwords and because they don't 2FA. 2FA is never going to get hacked. Just don't lose your phone.

Unique passwords, even if you have to track them all in a document, or in KeepPass/LastPass etc is far more secure than using the same passphrase everywhere.

The other mistake people make is not securing their email address. If your email is compromised then it can be used for password reset.

Passwords = just for fun. 2FA = keep out crackers

[bg002h]

regarding password length




http://xkcd.com/936/

IT still has a LOOOOOOOONG way to go ...

If we say there are 10,000 words and a password will be 4 words...that is 1E16 combinations. If we have 26 uppercase, 26 lower case, 10 numbers and 10 symbols, then a 9 char passwords has 72^9= 5E16 combinations. So, a good 9 char password (really hard to memorize) is as decent a password as a 4 word pass phrase.

That sound right?

[jubalix]

Well, mine was hacked, losing 1 bitcoin. USE TWO FACTOR AUTHENTICATION!

what happens if you loose your mobile, what happens to2 factor then?