wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
May 26, 2013, 12:54:44 PM |
|
Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.
Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.
But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC. Well now I'll probably open a brand new wallet just to be 100% sure... Thanks, This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet. The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made.
|
|
|
|
davidbitcoins
Newbie
Offline
Activity: 5
Merit: 0
|
|
May 26, 2013, 12:57:19 PM |
|
Whaaat that sucks man!
|
|
|
|
Hawkix
|
|
May 26, 2013, 03:29:08 PM |
|
Watch out for the security of the e-mail address you use in blockchain.info's wallet.
Regardless of 2FA, if you sent your backup to compromised e-mail and your password is weak enough so the attacker (has months to do it) can crack it, all your private keys are exposed. He does not need to logon to blockchain.info to empty your wallet there! The dark net is full of broken e-mails and someone may be monitoring them automatically.
|
|
|
|
Moebius327
|
|
May 26, 2013, 06:19:13 PM |
|
Watch out for the security of the e-mail address you use in blockchain.info's wallet.
Regardless of 2FA, if you sent your backup to compromised e-mail and your password is weak enough so the attacker (has months to do it) can crack it, all your private keys are exposed. He does not need to logon to blockchain.info to empty your wallet there! The dark net is full of broken e-mails and someone may be monitoring them automatically.
+1
|
|
|
|
bobthebuilder18
Newbie
Offline
Activity: 17
Merit: 0
|
|
May 26, 2013, 06:36:29 PM |
|
So because of all of that I'm now using Armory with strong passphrase and only keep a paper backup in my home. Basically there is now only a risk of a fire, but that's about it (at least I hope) BR
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
May 26, 2013, 08:54:42 PM |
|
If your btc value is high store an encrypted back up of your wallet.dat file or a paper wallet in another location. (bank - work)
|
|
|
|
scintill
|
|
May 27, 2013, 12:19:41 AM |
|
hmm thought that's "impossible" to have bitcoins stolen. What I heard was it takes forever.
It's virtually impossible (takes longer than a human lifespan) to crack a key if you only know an address. But stealing bitcoins is as easy as stealing private keys off someone's hard drive and cracking any password they have -- with proper security procedures though, that should be just as hard.
|
1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
|
|
|
Bitcointrrader200
Newbie
Offline
Activity: 11
Merit: 0
|
|
May 27, 2013, 04:06:02 AM |
|
That really sucks, a tough price to pay for the truth that the internet is probably less safe then the streets...
|
|
|
|
Pierre
|
|
May 27, 2013, 04:49:55 AM |
|
Paying the iron price
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
May 27, 2013, 10:28:26 AM |
|
So because of all of that I'm now using Armory with strong passphrase and only keep a paper backup in my home. Basically there is now only a risk of a fire, but that's about it (at least I hope) BR You can keep a paper backup in a bank safe or on you at all times (out of plain sight, out of things that frequently get stolen) to prevent that. I'm still thinking of something better, but the paper wallet codes are a little long to reliably memorize
|
|
|
|
btcshops
Newbie
Offline
Activity: 6
Merit: 0
|
|
May 27, 2013, 11:04:33 AM |
|
You should have been more careful bro...
|
|
|
|
ranlo
Legendary
Offline
Activity: 1988
Merit: 1007
|
|
May 27, 2013, 04:03:21 PM |
|
Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.
Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.
But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC. Well now I'll probably open a brand new wallet just to be 100% sure... Thanks, This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet. The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made. Is using a watch-only wallet just like using the blockchain to keep up with transactions, only cleaner (and inclusive of all your addresses at once)? Or is there some other benefit as well?
|
|
|
|
cp1
|
|
May 27, 2013, 04:08:54 PM |
|
Google authenticator should work just as well as a yubikey. Just remember to keep a backup of your key, or some one time passwords.
|
|
|
|
Fredidans
Newbie
Offline
Activity: 12
Merit: 0
|
|
May 27, 2013, 04:40:33 PM |
|
Personnaly i lost 5,5 BTC last year.
Now my wallet is on a crypted usb key
|
|
|
|
slashnp
Newbie
Offline
Activity: 29
Merit: 0
|
|
May 27, 2013, 05:02:01 PM |
|
You should keep your wallet on your flashdrive !
|
|
|
|
JayKEy00
Newbie
Offline
Activity: 27
Merit: 0
|
|
May 27, 2013, 05:50:15 PM Last edit: May 28, 2013, 07:54:01 PM by tysat |
|
MOD EDIT: See https://bitcointalk.org/index.php?topic=218040.0 as this site is probably a scamThe best method to save your bitcoins is a paper wallet, here can nobody steal you digital, only physicall and i think this happens less. I used the Bitcoin address generator at www.bitcoin-address.org. I think its the best because its the official bitcoin generator. How can I get my bitcoins now back digital, if i have them on paper? How can I import them?
|
|
|
|
ndr76
Newbie
Offline
Activity: 28
Merit: 0
|
|
May 27, 2013, 06:06:46 PM |
|
Consider using cold storage. Just write the private key on a piece of paper and remove it from you computer.
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
May 27, 2013, 06:14:36 PM |
|
Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.
Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.
But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC. Well now I'll probably open a brand new wallet just to be 100% sure... Thanks, This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet. The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made. Is using a watch-only wallet just like using the blockchain to keep up with transactions, only cleaner (and inclusive of all your addresses at once)? Or is there some other benefit as well? No there are no additional benefits (And you meant www.blockchain.info, that is not the same as the BlockChain )
|
|
|
|
ProfMac
Legendary
Offline
Activity: 1246
Merit: 1002
|
|
May 29, 2013, 05:26:07 PM Last edit: May 29, 2013, 09:21:13 PM by ProfMac |
|
Don't use Yubikey unless you have a Yubikey (it's a physical USB device). And AFAIK blockchain.info do not have their proprietary yubikeys, you have to use a Gox Yubikey, which is absurd IMO (the whole point of 2FA is to use a UNIQUE mechanism for each account).
I'd suggest using SMS because you do not need a smartphone and you can easily and immediately recover your phone number even if you lose your device. Google authenticator is good too, but you need to have a proper paper backup of the QR code and/or the private key of the security token linked to the account (this is mandatory or you may very well end up having the same problem described in the "I want to sue Google" thread in the legal subforum)
I have a Mt.Gox Yubikey, and also a standard Yubikey. Both of them will enter characters into the authentication box. Neither of them seem to enter the "return" character, which is the behavior that the key seems to have in other environments. I have tested this on Firefox and Chrome, both in a Linux environment. I also tested it in MSIE in Vista. My standard Yubikey behaves the same way - the code enters the box but is not saved. I'd really like to use Yubikey as it seems the e-mail 2FA at blockchain lags quite often (I'm using gmail with my own domain). Is the blockchain Yubikey 2FA method working at all? AFAIK only the Mt.Gox ones are not supported for the "new" accounts. Seems the Yubikey support at blockchain.info was fixed and Yubikey 2FA works now (at least my standard one does). My standard Yubikey was accepted. My Mt. Gox Yubikey was rejected. edited: I also restricted the account to my IP address.
|
I try to be respectful and informed.
|
|
|
newmars
|
|
May 29, 2013, 05:34:44 PM |
|
sorry to hear the lost. It may be safer to store in local wallet?
|
|
|
|
|