I lose my btc if I forget my 24 word password for ledger

[eafe00]

This is the wallet that I need to help me recover

1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP


https://blockchain.info/es/address/1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP?filter=5

Dirección de Bitcoin 1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP
blockchain.info
Transacciones enviadas y recibidas desde la dirección bitcoin 1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP.


by mistake I created 2 accounts in the nano s ledger since I did not understand its operation and I kept the wrong security key now I have that money that I do not know how to recover it

Could you help me

[1714504415]

1714504415

[gvnsrbtc]

If you forget the 24 words that the ledger has given you when setting up the device, you lose the address. Never ever forget the 24 words. As far as I know, there is no way to recover it.

[shinjunobi09]

Well that's too bad sir, there is definitely no way of recovering if you forgot the 24 word password from your ledger account which is why it is advisable that you safely write in a physical components like in a piece of paper or save it on your google mail account like emailing the 24 word password account. Based on what I have read sir there is clearly no way to recover your bitcoin if you forgot both of your PIN and 24 word password.

[HCP]

... or save it on your google mail account like emailing the 24 word password account.

This is quite possibly the WORST advice ever given to anyone regarding security of their seed mnemonic

It should NEVER be stored digitally and certainly not in a gmail account. It should be kept offline, or you are defeating the entire purpose of the hardware wallet.

[Barcode_]

Well that's too bad sir, there is definitely no way of recovering if you forgot the 24 word password from your ledger account which is why it is advisable that you safely write in a physical components like in a piece of paper or save it on your google mail account like emailing the 24 word password account. Based on what I have read sir there is clearly no way to recover your bitcoin if you forgot both of your PIN and 24 word password.

So what is the whole point of purchasing a Ledger Nano S hardware wallet? You advised him to save his 24 word recovery phrase on a google email account by emailing his main email with another email account? That is a very bad piece of advice, because any hacker who are able to get hold of that 24 word recovery phrase can just easily steal his bitcoin out from his wallet, email account is one of the most horrible place to store any private keys or important information as it is online and you does not have any main control over it in security.

[bob123]

...or save it on your google mail account like emailing the 24 word password account...

As others already mentioned, its a really bad idea to store the seed digitally (and even worse to store it online).

But i also want to add that email is a broken protocol! Its a 45+ year old outdated protocol.

People tend to think that email works as it should because its used everywhere.

Emails can be spoofed, intercepted, manipulated, etc. ... and emails are not encrypted!
I would advise to never use (unencrypted) emails for ANY sensitive information which you don't want to get intercepted by someone who is not supposed to see them.

[asdlolciterquit]

i'm sorry, i didn't understand what happened. DO you really have tried to memorize your seed? Or you just lose it?

[bL4nkcode]

... or save it on your google mail account like emailing the 24 word password account.

This is quite possibly the WORST advice ever given to anyone regarding security of their seed mnemonic

Most probably...

DO you really have tried to memorize your seed?

I highly doubt that someone memorizes this 24 recovery phrase already. Instead, save this confidential information in a safe place offline that only you knows.

by mistake I created 2 accounts in the nano s ledger since I did not understand its operation and I kept the wrong security key now I have that money that I do not know how to recover it

Could you tell us if the address above is the currently used on your ledger? or not? if not then those funds are forever lost, just sorry for your loss this should be served as a lesson to you.

[priselive]

write to technical support, and specify in detail your problem!

[bob123]

To those of you that say its the worst idea to write the 24 word seed in gmail... i would agree with this because someone could hack your account.  However, if you use say lastpass or keepass and then put the seed in either program, isn't that pretty safe?  Thus the hacker would not only need to know your gmail address, they need your gmail password.  Then they would need your password to either your lastpass or keepass.  So wouldn't that be pretty safe?  Or that could still be hacked?

If you are putting the seed into a password manager (which itself is as secured as the passwordmanager (encryption implementation, ..) is), why are you then storing something in your email?
Is your idea to store the encrypted file in your email account?

Or are you talking about storing your gmail password in a password manager and then store the seed (encrypted/unencrypted ?) in your gmail account?

As i have already mentioned.. email is broken!


Any (unencrypted) email you send, can be read by anyone who cares to read your emails. I hope you know this.
So, no. An attacker would not need your gmail password to 'receive' your mails. He simply just 'copies them on the way to the mail server'.
Note that it is not that trivial as i have described. But for an attacker with medium knowledge this is pretty easy to accomplish.

For more information about how broken email is: https://en.wikipedia.org/wiki/Email#Privacy_concerns

Because they would have to go through 2 layers of security right? 

No, only passwordmanager encryption.
Since an attacker (who does target you) can read/intercept all of your (unencrypted) emails.

Also isn't it true if someone logs into your gmail account from another location, gmail would block them if they don't recognize the ip address or country etc?

An attacker could use a proxy, faking an IP address near from your location.
This is a security measurement which can easily be bypassed.

So wouldn't that be another hurdle for that hacker? 

No.

And even if they get through that, how could they hack the password for lastpass or keepass then?  Are there cases of this? 
Because i have heard of cases where someone types their seed and emails it to their gmail account like in plain letters... that is bad since its not even encrypted.  But with lastpass or keepass, isn't that pretty safe then?

Well, as long as there is no vulnerability found (e.g. mistake in the implementation in the password manager) it is safe to store your seed inside kepass.
But keep in mind that an attacker might have your encrypted file once you attach it to an email.

So he has quite some time (assuming you don't change your seed frequently) to bruteforce all easy passwords.
And once a vulnerability might be found, your seed can definetely get compromised.

Overall, it is 'pretty safe' to store your encrypted seed in your email account regarding the possibility of someone cracking the encryption.
But note that there are way more secured storage possibilities than an email account.

Additionally you don't have any control over 1) who gets access to your encrypted file and 2) how long your file will stay there.
One morning the email service provider might have a failure with their servers, resulting in a loss of data.. or whatever..


I would not suggest to use email as a storage for ANY confidential information.

[hugeblack]

No, Let probability science speak  :
There are 2048 words to be chosen in the seed and you have 24 words to create your seed.
2048^24= 2.9642775e+79.
You need a supercomputer to do the processing that takes a long time as well as the electricity bill.
Your money (0.1 BTC or 700$) will look slim if compared to the cost of restoring your seed.
Sorry for your loss

[bob123]

There are 2048 words to be chosen in the seed and you have 24 words to create your seed.
2048^24= 2.9642775e+79.

This is the (theoretically) maximum amount of possible combination.
But due to the fact that the last word is partially a checksum (a few bits from the last word), the actual amount of valid seeds is lower than 2048^24.

You need a supercomputer to do the processing that takes a long time as well as the electricity bill.
Your money (0.1 BTC or 700$) will look slim if compared to the cost of restoring your seed.

It just doesn't take 'a long time', it is also not possible to compute all possibilities within a few hundred/thousand years.

[jerry0]

Hi there.  I meant like this


You use lastpass or keepass.  You store all your passwords there such as gmail, banking and any other site.  Thus only thing you need to remember is your password or master password.  Now if you log into lastpass or keepass, then say you store your seed in that wallet.  Now when you log into say dropbox or say gmail, then go to your google drive account, upload their lastpass or keepass file into it... and the lastpass or keepass is encrypted since you cannot open it without the password, that is safe or not?  Because assuming you don't encrypt the lastpass or keepass file, by that you mean encrypt it, then its not safe?  Thus someone could read the lastpass or keepass file?



Well you have a copy of lastpass or keepass in your computer and most likely a usb stick or external hard drive.  So when you say why would you upload a copy to your email or dropbox etc, well its a digital copy in case something happens to your laptop or usb stick or external hard drive.  Thus if you lost all these items, you could still log into your dropbox or gmail and then open your lastpass or keepass as long as you remember the password for both.  So that is bad idea?  Again im not talking about you typing out your seed in gmail and then sending it to yourself and anyone who hack your password can read it.  That would be a very bad idea etc. 

[swogerino]

Hi there.  I meant like this


You use lastpass or keepass.  You store all your passwords there such as gmail, banking and any other site.  Thus only thing you need to remember is your password or master password.  Now if you log into lastpass or keepass, then say you store your seed in that wallet.  Now when you log into say dropbox or say gmail, then go to your google drive account, upload their lastpass or keepass file into it... and the lastpass or keepass is encrypted since you cannot open it without the password, that is safe or not?  Because assuming you don't encrypt the lastpass or keepass file, by that you mean encrypt it, then its not safe?  Thus someone could read the lastpass or keepass file?



Well you have a copy of lastpass or keepass in your computer and most likely a usb stick or external hard drive.  So when you say why would you upload a copy to your email or dropbox etc, well its a digital copy in case something happens to your laptop or usb stick or external hard drive.  Thus if you lost all these items, you could still log into your dropbox or gmail and then open your lastpass or keepass as long as you remember the password for both.  So that is bad idea?  Again im not talking about you typing out your seed in gmail and then sending it to yourself and anyone who hack your password can read it.  That would be a very bad idea etc. 

It is still a bad practice, as long as you are relying on a third party to hold your seed, in this case keepass or lastpass. Both are good password managers but that is all, they don't do wonders.

The true purpose of the hardware wallet is to do every transaction from the built in chip of this wallet without leaving it so you don't get hacked even if your computer have a thousand viruses. You need to set it up as first time use in a Linux envorinment to be 100% safe.

Then you have to keep your 24 words seed in the letter that comes with your wallet, or in a paper and put it in your personal cabinet or drawer at your home. If you happen to have more than 50 bitcoins you can store your seed in a bank deposit small safe box.

This is the best practice of how to keep a seed of a hardware wallet.

[bob123]

Now if you log into lastpass or keepass, then say you store your seed in that wallet. 

With wallet you are referring to the password manager file, right?

Now when you log into say dropbox or say gmail, then go to your google drive account, upload their lastpass or keepass file into it... and the lastpass or keepass is encrypted since you cannot open it without the password, that is safe or not? 

In a perfect world (where you password manger doesn't have a vulnerability (and never will have) and the encryption is chosen ight), yes. It is safe.
The problem is.. once you are uploading it.. it may be (somehow) read  / accessed by an attacker (who at this time can't read it because its encrypted).
But if in the future someday a vulnerability would be found (e.g. encryption algorithm implemented wrong), then he may be able to access your file, abusing the flawed implementation.

Because assuming you don't encrypt the lastpass or keepass file, by that you mean encrypt it, then its not safe?  Thus someone could read the lastpass or keepass file?

If its not encrypted, this is possible. Either by Man-in-the-Middle attacks or through accessing the server of your storage provider.
Storing/sending files unencrypted can definetly lead to a loss of your funds.

Well you have a copy of lastpass or keepass in your computer and most likely a usb stick or external hard drive.  So when you say why would you upload a copy to your email or dropbox etc, well its a digital copy in case something happens to your laptop or usb stick or external hard drive.  Thus if you lost all these items, you could still log into your dropbox or gmail and then open your lastpass or keepass as long as you remember the password for both.  So that is bad idea?  Again im not talking about you typing out your seed in gmail and then sending it to yourself and anyone who hack your password can read it.  That would be a very bad idea etc. 

The probability of an attacker accessing your file + vulnerability found and used itself is pretty low.
But this can't be excluded.
This all depends on how much you trust the devs from your password manager and of course the 'level' of security you want to reach.

While this may work well in most cases.. the risk still exists.