Saving your private key in your email is a lethal move

[Sharon121212]

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

 It's basic instructions and rules when over looked causes damages.

[Pmalek]

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

[nakamura12]

Saving private key online will only expose your private key to hackers out there where cloud save as an example can be hacked by hackers then they will be able to get your private key to access your crypto savings. It is already discussed here already on where or what is the best solution to save your private key which most cases is written on a piece of paper or a device where there is no internet connection like a USB for example.

[LTU_btc]

Storing private in email is stupid idea definitely. It's something similar like to lock your house and leave keys in the lock.
I heard some similar stories when people keep their private keys, back up file or recovery phrase in cloud storages like Google Drive because they consider that is safer place in case if something will happen to their computer. Also, I know that some people just take photo of their private key or recovery phrase and just keep it on their phone.
When I was less experienced user, I also had dilemma where to keep these things. I instantly rejected idea to write down it, because sheet of paper doesn't looks like safest thing. I also didn't saved it on my PC or online storages. It was difficult to choose where to keep these things. Finally I decided to USB flash, but I'm not sure that's safest place.

[akamit]

Finally I decided to USB flash, but I'm not sure that's safest place.

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.


@OP, you may want to check this article for all the best possible options.

[madrogue]

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

More than 2 Years i save my private key to USB Flash and this is very safe i think.
But you must be carefull to access your wallet with private key,. If you login in phising website, hacker can steal your wallet too.

Bookmark website is important but with Bruteforce they can move a website you visited to their phising site.
So, don't bookmark in your Searching Browser. Better you save it as text file and save to your USB Flash.

[bitmover]

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

That's 100% correct.

Bitcoin is genius because the keys are hold offline, they cannot be hacked. If you hold them online, you are doing it wrong and making them available for hackers

You can just note down your seed and store in a safe physical location, hidden.

[whotookmycrypto]

Trezor has made a good article on this: https://blog.trezor.io/https-blog-trezor-io-keep-your-seed-phrase-away-from-lions-edcc105457a0

While they talk about seed phrase instead of private keys, the recommendations provided are equally applicable to securing your private keys.

[mk4]

or a device where there is no internet connection like a USB for example.

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

[whotookmycrypto]

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

[joniboini]

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

[pooya87]

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

[Chikito]

even they are student and familiar with pen and pencil, you have to instruting them of all to write private key on paper, double check spelling of private key, then laminated paper on very safe place

[sheenshane]

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member.

Anyone who wants to try this just sent me a PM.

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.

[Kakmakr]

Well, not entirely true. If you and the recipient have come to some sort of agreement to obscure the whole private key, by for example breaking it up and sending it with other numbers/letters in several different emails, then people will not be able to extract the private key from your emails.

Let's say the sender and the recipient agrees that the first 3 numbers or letters will be ignored and then the 5th and the 7th and replaced with something else, then it would not make up a recognisable private key.    <You further break up the numbers and send them in separate emails.>  

[dothebeats]

Of course. Knowing how easy it is to actually get in on one's email and snoop on all of the contents of it, no one in their sane mind would even think of saving their private keys and other vital information on their email. If life's really that tough, then perhaps save your keys on your phone or write it down somewhere safe. It should be common knowledge that emails are insecure places to store sensitive data be it private keys, banking details, personal info.. the list goes on.

[bob123]

Your email can not key your private key safe it's still could be hacked and the information collected.

It seems like the majority of people still don't know how the email protocol works.

EVERY mail server (again: EVERY) between you and your recipient can read the mail in plain text.

It is (and never was) a good idea using (non-encrypted) emails to transmit sensitive information.
The email protocol is from 1980. It is extremely outdated and not secure at all.

Just because it is used everywhere, it doesn't mean it is something good / safe / secure.


Actually, you shouldn't store private keys on a device which is connected to the internet at all. Storing them on a mail server is just plain dumb.

[jademaxsuy]

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member.

Anyone who wants to try this just sent me a PM.

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.

This is more secure than I thought of saving a private key in a usb for sometimes it could be misplaced or stolen by someone and could compromise your holdings.

BTW, do this USB has a safety feature to which if one will going to eat it will prevent damage from the liquids passed through the mouth? I hope so, so that it could be really helpful and it could be one of great saving device for wallet private key.

[LTU_btc]

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.

Offcourse hardware wallets is the best choice, I already use it for almost few years. But still, USB flash is needed for me to keep recovery phrase. I have written it down to a sheet of paper, but as already said, paper isn't very safe thing - Iover the time ink fades, and paper deteriorates, it's easy to destroy it with water and it can get lost easily.

[o_e_l_e_o]

Let's say the sender and the recipient agrees that the first 3 numbers or letters will be ignored and then the 5th and the 7th and replaced with something else, then it would not make up a recognisable private key.

This is essentially security through obscurity, and is generally a bad way to store any sensitive information. If you absolutely must send something sensitive via email, the best way is an encrypted file with a previously (and securely) agreed upon key.

The same advice throughout this thread obviously applies to mnemonic seeds as well. Too many people store electronic copies of their mnemonic seed, which again, is a terrible idea. Write it down or engrave it, and store it somewhere physically secure.