Bitcoin Forum
December 05, 2016, 02:25:14 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Wallet Security Dos and Don'ts (for the average Windows user)  (Read 3496 times)
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 27, 2011, 12:30:13 PM
 #1

I felt that the Securing Your Wallet article on the Bitcoin Wiki was too hard to digest for a non-technical user so I created this simple, brief list of dos and don't as a starting point:

https://en.bitcoin.it/wiki/Wallet_Security_Dos_and_Don%27ts_%28Windows%29

Any modifications or improvements are appreciated.

Bear in mind that this is not meant to be a comprehensive guide on how to create a 100% secure wallet. I'm just trying to address the most obvious security mistakes made by beginners.

GPG ID: FA868D77   bitcoin-otc:forever-d
1480904714
Hero Member
*
Offline Offline

Posts: 1480904714

View Profile Personal Message (Offline)

Ignore
1480904714
Reply with quote  #2

1480904714
Report to moderator
1480904714
Hero Member
*
Offline Offline

Posts: 1480904714

View Profile Personal Message (Offline)

Ignore
1480904714
Reply with quote  #2

1480904714
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
June 27, 2011, 12:49:17 PM
 #2

Quote
Do keep encrypted backups of all your wallets in at least 3 physically separate locations.
Do use keyfiles to encrypt your wallets, and keep backups of your keyfiles in at least 3 physically separate locations.

mostly the same.

Quote
Do use a good antivirus and firewall, and keep them up to date.

firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain.

otherwise nice guide / reminder  Smiley

luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 771



View Profile
June 27, 2011, 12:52:38 PM
 #3

firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain.

Uhhhhh, have you SEEN Comodo's software firewall???  Shit is amazing.

Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530



View Profile WWW
June 27, 2011, 12:54:32 PM
 #4

1) Keep your big wallet offline
2) Split your big wallet to 15+ small wallets
3) Use one small wallet when you want to spent.
4) Encrypt all wallets when not in use.
5) Scan your computer before copying your wallet to a connected computer.

Done

BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
June 27, 2011, 12:58:23 PM
 #5

All words that are attached to the "Do's" and "Don'ts" should be linking to parts of the Wiki discussing those things.

haydent
Full Member
***
Offline Offline

Activity: 154



View Profile
June 27, 2011, 01:00:39 PM
 #6

firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain.

Uhhhhh, have you SEEN Comodo's software firewall???  Shit is amazing.

i prefer ESET Smart Security, but i used comodo firewall for ages before this. In both i have them set and recommend people use 'manual mode' so you must allow or block anything trying to send or recieve data via your computer.

great for stopping those pesky apps from checking online for updates / key's

2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 27, 2011, 05:08:49 PM
 #7

The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
June 27, 2011, 05:16:02 PM
 #8

The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)

Dang... I was just about to comment that a properly set-up window 7 x64, using limited privilege user, and efs for private data can be very secure.

One off NP-Hard.
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
June 27, 2011, 05:17:01 PM
 #9

The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)

Dang... I was just about to comment that a properly set-up window 7 x64, using limited privilege user accounts, and efs for private data can be very secure.

One off NP-Hard.
BitCoinBarter
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 27, 2011, 07:05:07 PM
 #10

I felt that the Securing Your Wallet article on the Bitcoin Wiki was too hard to digest for a non-technical user so I created this simple, brief list of dos and don't as a starting point:

https://en.bitcoin.it/wiki/Wallet_Security_Dos_and_Don%27ts_%28Windows%29

Any modifications or improvements are appreciated.

Bear in mind that this is not meant to be a comprehensive guide on how to create a 100% secure wallet. I'm just trying to address the most obvious security mistakes made by beginners.

Great start. Thank you.
I'm sure that this will help (if only they use it) all users (not just Window users).

I agree with BitcoinPorn, "...should be linking..."
To that, I would add that it links to reliable information, even if it does't link to the Wiki.

I would also suggest you to add/modify/explain the following (possible with a link):

-How to find/use symmetric encryption (asymmetric may be a little much, however it should be mentioned).
-What a keyfile is and how it relates to encryption.
-Don't use an online backup/storage services' encryption unless you have the sole key. Even if that is the case, I suggest you to not use their encryption (use your own). If the service uses encryption, then considered that a plus that is added to your encryption.
-Once your wallet leaves your system (e.g., to an online backup/storage, USB, etc.), it should be encrypted.
-When deleting an unencrypted wallet, that file must be shredded. Of course this will mean explain what shredding is and why it is important.
-Recommend a good password manager to help (I vote for LastPass).

Do no evil,

Smiley 12KYva8D2GT3C1wSD8wvgkFkP5TnBp3LPC Smiley
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 29, 2011, 09:41:22 AM
 #11

Thanks for your feedback.

Quote
-When deleting an unencrypted wallet, that file must be shredded. Of course this will mean explain what shredding is and why it is important.

It has been pointed out that shredding is not effective on modern operating systems.  I think it's still better than nothing, but does it give people a false sense of security?

Quote
-Recommend a good password manager to help (I vote for LastPass).

Password managers create a single point of failure. Do you think this is secure enough for protecting wallets? I prefer to encrypt my savings wallets with different, independent passwords.

GPG ID: FA868D77   bitcoin-otc:forever-d
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 29, 2011, 09:42:29 AM
 #12

2) Split your big wallet to 15+ small wallets

Why so many? 15 seems like a lot of work. Won't about 5 suffice for the average user?

GPG ID: FA868D77   bitcoin-otc:forever-d
IlbiStarz
Full Member
***
Offline Offline

Activity: 224


View Profile
June 29, 2011, 09:47:00 AM
 #13

Quote
Don't keep your computer switched on overnight.

Dang then how do we mine Sad

It's better to be pissed off, than to be pissed on.
BTC : 1UgM1rqL9mFtH4PHF8TgvAaceymaKmhmP         LTC : LgCGw2WrRphr94RYS1qXHj2PUuYrTap4vk
FC : 6jc9PEmqxpMSxydfepHtshE4f2jMom1dAJ
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 29, 2011, 10:25:14 AM
 #14

Quote
Don't keep your computer switched on overnight.

Dang then how do we mine Sad

I'll fix that to cater for miners.

GPG ID: FA868D77   bitcoin-otc:forever-d
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 29, 2011, 10:52:03 AM
 #15

Quote
Do keep encrypted backups of all your wallets in at least 3 physically separate locations.
Do use keyfiles to encrypt your wallets, and keep backups of your keyfiles in at least 3 physically separate locations.

mostly the same.

Quote
Do use a good antivirus and firewall, and keep them up to date.

firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain.

otherwise nice guide / reminder  Smiley

Antivirus is pretty mandatory on a windows box, but as for firewall - use a hardware firewall too. Pretty much any consumer DSL router already includes one - use it.
XIU
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 11:36:03 AM
 #16

Using the -datadir option to move your wallet.dat file to another location could also help for the current wallet stealers, they all use %AppData%\Bitcoin\wallet.dat hardcoded.

1xiuHwHk81j4TRnLuLBMvH2ctqtTsubT6
titeuf_87
Member
**
Offline Offline

Activity: 112


View Profile
June 29, 2011, 11:45:58 AM
 #17

An important one to add:

Don't click on any links from an email or open any attachment, no matter how official looking they are.

15kfBM3TQ4PGzL7cKncU3su2pH7ZJmiLtr
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 29, 2011, 04:54:17 PM
 #18

It has been pointed out that shredding is not effective on modern operating systems.  I think it's still better than nothing, but does it give people a false sense of security?

Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 29, 2011, 05:34:43 PM
 #19

It has been pointed out that shredding is not effective on modern operating systems.  I think it's still better than nothing, but does it give people a false sense of security?

Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc.

No, shredding files does not work, because modern file systems don't write the new data for a file to the same place (for performance and recovery reasons).

shredding whole volumes works, but takes weeks.

Misspelling protects against dictionary attacks NOT
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 29, 2011, 05:40:03 PM
 #20

It has been pointed out that shredding is not effective on modern operating systems.  I think it's still better than nothing, but does it give people a false sense of security?

Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc.

No, shredding files does not work, because modern file systems don't write the new data for a file to the same place (for performance and recovery reasons).

shredding whole volumes works, but takes weeks.

Oh yeah, I forgot all about journaling filesystems and things of that nature. Doh.

Though shredding entire volumes takes hours or days, not weeks. Unless you have some unusually large volumes.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!