cryptotricks (OP)
Newbie
 Offline
Activity: 70
Merit: 0
|
 |
January 29, 2018, 08:35:36 AM |
|
How can we manage the passwords/private keys in a secured and neat way. There are Exchanges passwords, ICO's, Altcoin wallets, Bitcoin wallets, Private keys and wallet file, paper wallets and the list just grows and its difficult sometimes to manage the passwords and stuffs for all these.
There are some basic guidelines which could be followed
1. Don't use the same password for all the exchanges. Dont use the same password as your email password to the exchanges.
2. Spend some time on the password you chose and make it unique everytime.
3. Dont take the backup keys as photo in your mobile. Instead write it down on a diary/notebook.
4. Always take a backup of the backupkeys to recover accounts, recover google authenticator, etc
5. Use atleast 1 USB disk exclusively and store as a backup apart from your original storage of keys/passwords.
6. Write down the keys on the paper and put in a locker. This would definitely help.
Apart from that, if there any best practices that can be followed add below and how this can be better done in a more organized way..
|
|
|
|
|
emmmmm
Member
Offline
Activity: 210
Merit: 10
The Experience Layer of the Decentralized Internet
|
|
January 29, 2018, 08:41:04 AM |
|
In general, I do not record the private key directly on the paper, because the private key is too long, then it may record the error. I usually take a photo to record the private key, and then encrypt this photo, which I think is relatively safe.  |
|
|
|
Pursuer
Legendary
Offline
Activity: 1638
Merit: 1163
Where is my ring of blades...
|
|
January 29, 2018, 08:42:04 AM |
|
nothing beats a "hard copy". you can use a paper or better yet a notebook where you write down your passwords, etc. the notebook can contain lots of things so that it is not just your obvious "Password Book"! it can be a phone book for instance.
and try to keep the things you store to a minimum so you don't have to worry about storing 100 different passwords.
|
Only Bitcoin
|
|
|
|
szpalata
|
|
January 29, 2018, 08:53:31 AM |
|
nothing beats a "hard copy". you can use a paper or better yet a notebook where you write down your passwords, etc. the notebook can contain lots of things so that it is not just your obvious "Password Book"! it can be a phone book for instance.
and try to keep the things you store to a minimum so you don't have to worry about storing 100 different passwords.
Exactly, that's why to avoid mistakes or potential typographical errors you can simply print them on an A4 sheet and have it saved in a safe or somewhere you can have the optimum privacy. I fancy having the private keys in hard copy too because many have recklessly lost theirs electronically. |
|
|
|
|
silverstar43
Copper Member
Jr. Member
Offline
Activity: 57
Merit: 1
always a satoshi short
|
|
January 29, 2018, 09:22:35 AM |
|
I read USB Flash Drives and SD cards can retain data in cold storage for 3-5yrs.
If you plug it in every so often, it will be fine.
But, having both digital and hard copy will be best.
If you have an upgraded version of windows, it comes with bitlocker.
A solid encryption software.
|
|
|
|
|
|
TheQuin
|
|
January 29, 2018, 09:32:33 AM |
|
For passwords to sites I like KeePass, although I would recommend for private keys or seed phrases to wallets, they should be written down and not stored electronically. KeePass is free and open source, it uses Advanced Encryption Standard to encrypt the database, so as long as you choose a long, strong memorable password for it you'll be safe. https://keepass.info/ |
|
|
|
|
bitcoinisbest
|
|
January 29, 2018, 09:36:05 AM |
|
For passwords to sites I like KeePass, although I would recommend for private keys or seed phrases to wallets, they should be written down and not stored electronically. KeePass is free and open source, it uses Advanced Encryption Standard to encrypt the database, so as long as you choose a long, strong memorable password for it you'll be safe. https://keepass.info/Thanks for the information but again it can get hacked or password could be stolen. The best is to write in a piece of paper and you keep it locked in your locker or share it with your relatives so that in case you not their still your loved ones can access that exchanges, wallets etc and they can get the money rather than that going waste. |
|
|
|
|
|
TheQuin
|
|
January 29, 2018, 09:55:28 AM |
|
Thanks for the information but again it can get hacked or password could be stolen. The best is to write in a piece of paper and you keep it locked in your locker or share it with your relatives so that in case you not their still your loved ones can access that exchanges, wallets etc and they can get the money rather than that going waste.
There's a trade-off between security and functionality. This way you can just put one strong password in an envelope and securely store it and pass a copy to your trusted loved ones. Cracking encryption that strong if you didn't use a short password or something susceptible to a dictionary attack would theoretically take years. It's a personal choice if having the passwords there with an easy copy paste when you need them balances the tiny risk. Again I stress this is not for private keys / seed phrases. |
|
|
|
grimesrhymes
Member
Offline
Activity: 161
Merit: 12
📶Decentralized free Wi-Fi📶
|
|
January 29, 2018, 09:56:20 AM |
|
How can we manage the passwords/private keys in a secured and neat way. There are Exchanges passwords, ICO's, Altcoin wallets, Bitcoin wallets, Private keys and wallet file, paper wallets and the list just grows and its difficult sometimes to manage the passwords and stuffs for all these.
There are some basic guidelines which could be followed
1. Don't use the same password for all the exchanges. Dont use the same password as your email password to the exchanges.
2. Spend some time on the password you chose and make it unique everytime.
3. Dont take the backup keys as photo in your mobile. Instead write it down on a diary/notebook.
4. Always take a backup of the backupkeys to recover accounts, recover google authenticator, etc
5. Use atleast 1 USB disk exclusively and store as a backup apart from your original storage of keys/passwords.
6. Write down the keys on the paper and put in a locker. This would definitely help.
Apart from that, if there any best practices that can be followed add below and how this can be better done in a more organized way..
These are some good ideas, the most important point of it being to always keep several back ups of everything and be sensible with where you store it, as well as having unique passwords that you update regularly. For most people it won't be too difficult if they only have a few accounts/wallets to manage, the difficulty for be with the guys who have many accounts and many wallets, they'll have to have a very organised system. |
|
|
|
cryptotricks (OP)
Newbie
Offline
Activity: 70
Merit: 0
|
|
January 29, 2018, 09:56:52 AM |
|
I read USB Flash Drives and SD cards can retain data in cold storage for 3-5yrs.
If you plug it in every so often, it will be fine.
This is a information for me. May be I should plug it often to keep it alive.. Thanks. |
|
|
|
|
LogitechMouse
Legendary
Offline
Activity: 2478
Merit: 1038
Signature and Avatar for rent.
|
|
January 29, 2018, 10:15:14 AM |
|
I have watched on the you tube last week and this is the way he stores his keys. Lets say for example, the seeds. He prints out seeds but in 3 pages. The one page is the whole seed. Another page is the half of the seed and another page is the other half of the seeds and then he will put it in the corner of his house. In this way, they won't see it. I like this way because it is very secured but you must don't forget where did you put it. Putting the passwords, keys in the laptop you are using is not a good practice for me.
|
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
January 29, 2018, 01:27:33 PM |
|
Thanks for the information but again it can get hacked or password could be stolen. The best is to write in a piece of paper and you keep it locked in your locker or share it with your relatives so that in case you not their still your loved ones can access that exchanges, wallets etc and they can get the money rather than that going waste.
There's a trade-off between security and functionality. This way you can just put one strong password in an envelope and securely store it and pass a copy to your trusted loved ones. Cracking encryption that strong if you didn't use a short password or something susceptible to a dictionary attack would theoretically take years. It's a personal choice if having the passwords there with an easy copy paste when you need them balances the tiny risk. Again I stress this is not for private keys / seed phrases. I'm always a bit wary of a method that forces me to copy and paste those passwords every time I want to log-in. There is malware that is specifically designed to intercept the contents of your clipboard. I do agree that you have to make some kind of trade-off between security and functionality though. I wonder what the security risks are of just using FireFox's password manager, given that you've set a very strong master password? You have the benefit that you never have to type in or copy/paste your password, so keyloggers or other malware can't intercept the password that way. |
|
|
|
|
paolo099
|
|
January 29, 2018, 01:36:16 PM |
|
there many different ways to manage passwords and the rest of confidential information.
Like somebody already said in the topic, i use keepass software for most of my credentials (home banking, google accounts and so on), i activate the authenticator every time it's possible (mail or google auth. app) then, regarding the private keys it's a different story.
hard copy (paper, 3 copies to be safe and well hidden in my apartment and one in a secure at bank), an USB stick to connect every now and then when you need to update something.
Memory it's the worst thing to use because we are humans, anything can happen so better be safe than sorry.
|
|
|
|
|
|
TheQuin
|
|
January 29, 2018, 01:42:23 PM |
|
I'm always a bit wary of a method that forces me to copy and paste those passwords every time I want to log-in.
You are not actually forced to, you can just display the password and type it in if you want. Keeping your devices free of malware is obviously the most important step you can take. I wonder what the security risks are of just using FireFox's password manager, given that you've set a very strong master password?
You have the benefit that you never have to type in or copy/paste your password, so keyloggers or other malware can't intercept the password that way.
I'm Chrome fan. As I use 2FA on everything where money is involved I'm happy for my browser to remember passwords as well. |
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
January 29, 2018, 01:46:20 PM |
|
How can we manage the passwords/private keys in a secured and neat way. There are Exchanges passwords, ICO's, Altcoin wallets, Bitcoin wallets, Private keys and wallet file, paper wallets and the list just grows and its difficult sometimes to manage the passwords and stuffs for all these.
There are some basic guidelines which could be followed
1. Don't use the same password for all the exchanges. Dont use the same password as your email password to the exchanges.
2. Spend some time on the password you chose and make it unique everytime.
3. Dont take the backup keys as photo in your mobile. Instead write it down on a diary/notebook.
4. Always take a backup of the backupkeys to recover accounts, recover google authenticator, etc
5. Use atleast 1 USB disk exclusively and store as a backup apart from your original storage of keys/passwords.
6. Write down the keys on the paper and put in a locker. This would definitely help.
Apart from that, if there any best practices that can be followed add below and how this can be better done in a more organized way..
#1 is really important. Lots of individual hacks are not due to their password being brute-forced, but instead a dodgy exchange like Cryptsy SELLS it's email addresses and passwords to dark actors who then try them out on other exchanges hoping to find someone who has naively used the same password on them all. I think bitcointalk was hacked a while back and emails and passwords then appeared on the dark web too. So be careful out there. |
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
January 29, 2018, 02:14:06 PM |
|
I'm always a bit wary of a method that forces me to copy and paste those passwords every time I want to log-in.
You are not actually forced to, you can just display the password and type it in if you want. Keeping your devices free of malware is obviously the most important step you can take. I wonder what the security risks are of just using FireFox's password manager, given that you've set a very strong master password?
You have the benefit that you never have to type in or copy/paste your password, so keyloggers or other malware can't intercept the password that way.
I'm Chrome fan. As I use 2FA on everything where money is involved I'm happy for my browser to remember passwords as well. In the end, if you use 2FA on all exchanges or online wallets, you're going to be pretty safe regardless on how you store your passwords. Normally you won't keep large sums on an online wallet or exchange either way, I hope. If you have significant amounts or coins, I'd keep everything on a hardware wallet and just memorize the passwords. |
|
|
|
|
Mi5h0
|
|
January 30, 2018, 11:38:54 AM |
|
How can we manage the passwords/private keys in a secured and neat way. There are Exchanges passwords, ICO's, Altcoin wallets, Bitcoin wallets, Private keys and wallet file, paper wallets and the list just grows and its difficult sometimes to manage the passwords and stuffs for all these.
There are some basic guidelines which could be followed
1. Don't use the same password for all the exchanges. Dont use the same password as your email password to the exchanges.
2. Spend some time on the password you chose and make it unique everytime.
3. Dont take the backup keys as photo in your mobile. Instead write it down on a diary/notebook.
4. Always take a backup of the backupkeys to recover accounts, recover google authenticator, etc
5. Use atleast 1 USB disk exclusively and store as a backup apart from your original storage of keys/passwords.
6. Write down the keys on the paper and put in a locker. This would definitely help.
Apart from that, if there any best practices that can be followed add below and how this can be better done in a more organized way..
#1 is really important. Lots of individual hacks are not due to their password being brute-forced, but instead a dodgy exchange like Cryptsy SELLS it's email addresses and passwords to dark actors who then try them out on other exchanges hoping to find someone who has naively used the same password on them all. I think bitcointalk was hacked a while back and emails and passwords then appeared on the dark web too. So be careful out there. I agree. Using the same password (or variations of the same password) for every online account is a very bad idea. If any one of your passwords gets compromised, that puts all the accounts where you've also used it at risk. For example, LinkedIn, Yahoo and Amazon all experienced security breaches in the past. To protect yourself, you should be using a different password for every account. If you only have a handful of accounts, then you can probably remember them all. |
|
|
|
|
Pan Troglodytes
Member
Offline
Activity: 392
Merit: 39
|
|
January 30, 2018, 11:46:07 AM |
|
To manage and protect private keys there is nothing (and I repeat it: nothing) like a hardware wallet. I had my bitcoins stored in a cold storage once and it was such a fuss to recreate it to "hot" securely, no to mention I was all stressed if it would work out at all.
So, for private keys I really recommend hardware wallets, as they are very secure.
Moreover, if you make that one step and buy yourself a hardware wallet, it supposedly (although I never really tried it) gives you 2FA to emails and exchanges and, moreover, Trezor (I don't know about Ledger) is supposed to safekeep your passwords for you (as KeePass does). But I really never tried this functionality myself.
So I think that hardware wallet may be a one complete solution for everything you asked for in your thread title.
|
|
|
|
|
|
criz2fer
|
|
January 30, 2018, 11:55:43 AM |
|
How can we manage the passwords/private keys in a secured and neat way. There are Exchanges passwords, ICO's, Altcoin wallets, Bitcoin wallets, Private keys and wallet file, paper wallets and the list just grows and its difficult sometimes to manage the passwords and stuffs for all these.
There are some basic guidelines which could be followed
1. Don't use the same password for all the exchanges. Dont use the same password as your email password to the exchanges.
2. Spend some time on the password you chose and make it unique everytime.
3. Dont take the backup keys as photo in your mobile. Instead write it down on a diary/notebook.
4. Always take a backup of the backupkeys to recover accounts, recover google authenticator, etc
5. Use atleast 1 USB disk exclusively and store as a backup apart from your original storage of keys/passwords.
6. Write down the keys on the paper and put in a locker. This would definitely help.
Apart from that, if there any best practices that can be followed add below and how this can be better done in a more organized way..
I would prepare a notepad or an excell file which are save safely in my desktop. Ofcourse every log in, you will be using your desktop or laptop or even yuor smartphone. It would help alot if you have different account in exchangers. |
|
|
|
|
Aura
|
|
January 30, 2018, 11:57:54 AM |
|
I prefer writing the private key down on a piece of paper, instead of printing. Printing requires you to either transfer the data by WiFi or USB, for both you're not sure whether it will save anything on the memory, as it could then later by stolen trough the same communication protocol. I'm extra cautious because I use a shared printer, so a lot of devices get connected to the printer which could possibly be compromised. Handwritten paper backups are also the way I save my passwords, where I use a different one for every occasion. I use manually random generated passwords for accounts that have a lot of value for me, the dice works very good for this purpose.
|
|
|
|
|
|
