Would you keep your data on cloud, like AWS s3

[briansparks]

Hello,

Looking for a suggestion. I have some important data of financial figures, credentials of wallet and some private keys. I do not want to keep them in my laptop or phone or email or storage hard disk, as they can be broken/stolen

I can backup that to AWS Glacier, from what I read.

I hear few quotes that cloud provider can read/access data and (mis)use that. Not sure, this can be true in real world, to read that small file out of millions of files, which they have stored from all their clients.

Please suggest, your thoughts ?

Thanks

[pooya87]

i wouldn't do that if i were you.
any sensitive information that you have is best stored offline and better stored as a hard copy (like on paper). it is not just about the provider having access to your data but also hackers being able to get in even if the possibility is very small.

you can buy some sort of storage hardware (USB disk, portable hard drive,...) and then store it there. or if possible (like for private keys) print them on paper.

if you don't have any other option and still insist on storing it on the "cloud" then at least encrypt the data using a strong encryption with a strong password then store the encrypted data on the cloud.

[mk4]

i wouldn't do that if i were you.
any sensitive information that you have is best stored offline and better stored as a hard copy (like on paper). it is not just about the provider having access to your data but also hackers being able to get in even if the possibility is very small.

you can buy some sort of storage hardware (USB disk, portable hard drive,...) and then store it there. or if possible (like for private keys) print them on paper.

if you don't have any other option and still insist on storing it on the "cloud" then at least encrypt the data using a strong encryption with a strong password then store the encrypted data on the cloud.

This.

Online login credentials? Use password managers like KeePass2[1]; remember to always use a very secure master password.

Private keys? Pen and paper, keep it simple. Or if you think you're tech savvy enough, you can create an air gapped device.

And yes, I'm quite suire that the cloud providers can access the data stored on your AWS.

[1] https://keepass.info/

[o_e_l_e_o]

Just to further emphasise why this is a bad idea:

By storing your private keys on any account (cloud, email, etc) which uses a simple password to log in, you are essentially negating the entire point of a private key. An 8-10 character password contains somewhere in the range of 40-60 bits of entropy at best, depending on your character set. This is many, many orders of magnitude less than a private key.

Cloud accounts get hacked all the time. I would never store anything valuable or personal on them. Offline or paper storage is your best bet.

[mu_enrico]

I have some important data of financial figures, credentials of wallet and some private keys.

For secret data that you feel "It's okay if someone stole it and I'm not going to cry", you could store it on cloud.
But for private keys, I would recommend keep it offline. You could buy two thick books to make "secret book safe", and keep two copies of your private keys in two different locations. Wiseman said "don't put your privkeys in one basket book."

[bob123]

Storing sensitive information on an online server is always a bad idea. There are too much attack vectors for it to be considered a secure storage.

There is a simple suggestion for your case: Use encryption.

You can simply use VeraCrypt (https://www.veracrypt.fr) to create an encrypted container. Each data stored inside of this container can only be accessed after decrypting it with the correct key/password.

In case of your laptop getting stolen, the thief won't be able to access your data (assuming you have chosen a password which is strong enough).
You should make sure to have a few copies of the container (on a different drive, USB-stick, etc..). This will allow you to gain access after your laptop got stolen or after a failure of your hard drive.


Note, that you also should NEVER use (unencrypted) emails to transmit/store sensitive information. Each mail server between you and your recipient can read and modify your email (since they are transmitted in plain text without authentication/verification).

[131tc01n]

I would rather suggest you store your important data on your hard drive, laptop or cold storage. You only need to do maintenance regularly and always backup it.
Cloud storage is more risky in my opinion, because your data can be lost at any time hacked.

[Gaaara]

storing a thing in online is not viable for things as important as that, everything in online is open for threat and its security is pretty much less than keeping it offline. There is a lot ways and a lot of security threat in online and most people can access it an a certain way so having it stored online will eventually a factor that will lead it down, you won't get any benefits from doing so hence there is no reason to.

[dothebeats]

How much does it cost you to buy a hard drive or even a flash drive and store your data there? Those solutions are far more secure and safe since you have them at bay physically, without the need to trust a server to do the storing for you plus without putting your data at risk due to hacks that could happen to the server. Also, cloud storage providers could easily change their ToS and could read the data inside your files which might compromise whatever it is in your file. At best, avoid such solutions and use the cloud to store unimportant files that is essentially useless to you but holds some sort of significance.

[Wingo]

i wouldn't do that if i were you.
any sensitive information that you have is best stored offline and better stored as a hard copy (like on paper). it is not just about the provider having access to your data but also hackers being able to get in even if the possibility is very small.

you can buy some sort of storage hardware (USB disk, portable hard drive,...) and then store it there. or if possible (like for private keys) print them on paper.

if you don't have any other option and still insist on storing it on the "cloud" then at least encrypt the data using a strong encryption with a strong password then store the encrypted data on the cloud.

Just to further emphasise why this is a bad idea:

By storing your private keys on any account (cloud, email, etc) which uses a simple password to log in, you are essentially negating the entire point of a private key. An 8-10 character password contains somewhere in the range of 40-60 bits of entropy at best, depending on your character set. This is many, many orders of magnitude less than a private key.

Cloud accounts get hacked all the time. I would never store anything valuable or personal on them. Offline or paper storage is your best bet.

This is 100% true when it comes to data security, one cannot guarantee maximum security in cloud storage, sensitive data should be stored in your personal hardware storage device. You can keep it for a long time and not worry about anything unless the hardware is stolen which is unlikely to happen if you store it in a secret location.

Cloud storage are vulnerable to malicious attacks at any point of time. You can also encrypt your data and store it in your hardware storage to ensure maximum data security.

[bloodyvio]

never trust third parties
there is no guarantee that your data is safe and not accessed by them
it's better to save your data on your own hardware HDD Ext or Flash Drive