Let this sad incident be a reminder to anyone that happens to come across this thread: When you handle bitcoins or any other decentralized crypto, YOU are THE BANK.
You simply cannot be lazy about it, the higher the amount, the more important it is. BUT, while you are starting with "low" sums, take the chance to train yourself and get in the habit to do things properly.
The OP thankfully admitted some mistakes, but to summarize:
- Windows 10
- Same password
- Trying unknown software on the same PC
Seriously people, DON'T. Lets start with the beginning.
You should not use windows to handle these sums. Even if you see companies and large institutions using it, Microsoft has a long history of security faults. The OS might be OK for gaming and non essential stuff, but handling your money is something that should never occur to you. The solution is simple, use a different OS for serious tasks.
For example you can download a linux iso, put it in a thumbdrive and boot the computer from it to create and occasionally handle a cold wallet. You don't even need to install that OS in your computer if you don't want, just boot from it to do your banking and then shut it off. Someone mentioned kali, I don't recommend this. not only its very unfriendly to newcomers, but it logs as root by default. That is not a distro for protection, its for testing security, meaning: attacking (which you should never do without written permission).
How to make and handle a cold wallet:
Use newbie friendly distro like
Linux Mint or
Ubuntu to boot from usb, install a wallet like Electrum using the distro package manager; create a wallet and write down the seed words (1) in a piece of paper by hand (no printing, no photos). Once created don't bother with passwords, just print or photo your wallet addresses and turn off the PC.
From now on any money you send to those addresses are as safe as that paper with the written seed words is. It is offline (ie. cold), and no "hacker" can do anything about it.
But someday you may want to move those funds elsewhere:
Use newbie friendly distro like Linux Mint or Ubuntu to boot from usb, install a wallet like Electrum using the distro package manager; recover the wallet by using the seed words you wrote in that piece of paper by hand, do your transactions and turn off the PC.
Ideally you should keep a "cold" wallet for large sums, and a "hot" wallet (eg: in your smartphone) for daily needs.
By using an usb thumbdrive to boot a linux distro you are keeping separate your risky malware OS from your serious banking use. You could also install the "secure" OS permanently in another PC (old or not) to do your internet and online banking, and perhaps productivity safer, but keep using the boot from USB (livecd) method around when handling cold wallets, which you are not supposed to do very often. You can check any transactions going to your cold wallet by using any of the online blockchain explorers.
Now lets talk about passwords. Never EVER Re-use the same password anywhere, period. Use a password manager to generate a different random password for every site and service you use, and password protect that with a GOOD (2) password. If you have a password for your PC (which you should) make this also a good password different to the one in your password manager. Then every time you need to login to a site, use your password manager. This works better in a safer OS like Linux, BSD, etc; which is why permanently installing linux in another PC dedicated for such tasks is not such a bad idea (ie. your productivity separate from your gaming PC).
2fa is not panacea, but I'm not against you backing up the codes within the password manager, tho you could use a separate password file (with a different GOOD password) for that exclusive use, since you very rarely need the backups (only when your smartphone is lost); again much better to do this in a "secure" PC running a safer OS.
If this is too annoying and you'd rather trust your money to 3rd party institutions, fine go ahead and use a bank vault (maybe a good place to store a copy of your seed words). But remember when you are the bank, the responsibility lies almost entirely in you.
(1) Those seed words represent (are used to regenerate) your private key.
(2) A good password is something you can't find in a dictionary. You can easily scramble your passwords by mixing words and number together, preferably intermingled. Eg. say Table and 1988 could become T1a9b8l8e or tA19BL88E be creative and use your imagination for something only you can remember.
Good luck. Perhaps post a bounty in services for recovery?
