With a copy of your backup, what else does hacker need to access your btc?

[keithers]

I have seen a growing amount of posts online of people losing their BTC to hackers. This is super unfortunate, as it sucks that the world has so many dishonest people. That being said, what exactly does a hacker need in order to access your coins if he is able to obtain a backup copy of your wallet? I have seen some debate on this, and on most threads (where people lose their coins), people are quick to ask why the person who lost the btc did not have 2fa enabled.

What passwords would the hacker need? Would the hacker only need the primary password, or would he also need the secondary password to send out or withdraw funds?

[Abdussamad]

Well it sounds like you are talking about blockchain.info. With bc.i anybody can get at the copy of the wallet. All they need is the wallet identifier. Once they have the copy of the wallet they can brute force it at leisure. Doesn't matter how many passwords you have. So you should use a desktop client like electrum or armory.

People who haven't worked on password cracking have this quaint notion of running a little dictionary file through a program... and this would have been accurate in 1990 for someone cracking at your unix-crypt uni shell account.  Today the tools are significantly better and have been refined through the disclosure of hundreds of millions of unencrypted passwords and the same kind of statistical tools that power speech recognition and automatic human language transaction. This statistical intelligence gets backed up by the brute force of GPU and FPGA clusters that can try hundreds of million or even billions of attempts per second.

https://bitcointalk.org/index.php?topic=311000.msg3346715#msg3346715

[keithers]

Well it sounds like you are talking about blockchain.info. With bc.i anybody can get at the copy of the wallet. All they need is the wallet identifier. Once they have the copy of the wallet they can brute force it at leisure. Doesn't matter how many passwords you have. So you should use a desktop client like electrum or armory.

People who haven't worked on password cracking have this quaint notion of running a little dictionary file through a program... and this would have been accurate in 1990 for someone cracking at your unix-crypt uni shell account.  Today the tools are significantly better and have been refined through the disclosure of hundreds of millions of unencrypted passwords and the same kind of statistical tools that power speech recognition and automatic human language transaction. This statistical intelligence gets backed up by the brute force of GPU and FPGA clusters that can try hundreds of million or even billions of attempts per second.

https://bitcointalk.org/index.php?topic=311000.msg3346715#msg3346715

Yeah I was mainly talking about blockchain, because I wasn't too sure on the specifics of if they attacker would also need the secondary password to send out funds...but with a copy of the backup, it doesn't seem like they would need the secondary password