Bitcoin Forum
October 24, 2019, 06:36:29 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Saving your private key in your email is a lethal move  (Read 710 times)
Sharon121212
Full Member
***
Offline Offline

Activity: 280
Merit: 207



View Profile
April 07, 2019, 06:00:27 PM
Merited by Jet Cash (5), dbshck (4), CryptopreneurBrainboss (3), Halab (2), DdmrDdmr (1)
 #1

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

 It's basic instructions and rules when over looked causes damages.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Pmalek
Legendary
*
Offline Offline

Activity: 1106
Merit: 1158



View Profile
April 07, 2019, 07:19:52 PM
Merited by TryNinja (1)
 #2

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
nakamura12
Full Member
***
Offline Offline

Activity: 602
Merit: 125


★777Coin.com★ Fun BTC Casino!


View Profile
April 07, 2019, 08:18:10 PM
 #3

Saving private key online will only expose your private key to hackers out there where cloud save as an example can be hacked by hackers then they will be able to get your private key to access your crypto savings. It is already discussed here already on where or what is the best solution to save your private key which most cases is written on a piece of paper or a device where there is no internet connection like a USB for example.

LTU_btc
Hero Member
*****
Offline Offline

Activity: 1400
Merit: 746



View Profile WWW
April 07, 2019, 09:10:47 PM
Merited by DdmrDdmr (1)
 #4

Storing private in email is stupid idea definitely. It's something similar like to lock your house and leave keys in the lock.
I heard some similar stories when people keep their private keys, back up file or recovery phrase in cloud storages like Google Drive because they consider that is safer place in case if something will happen to their computer. Also, I know that some people just take photo of their private key or recovery phrase and just keep it on their phone.
When I was less experienced user, I also had dilemma where to keep these things. I instantly rejected idea to write down it, because sheet of paper doesn't looks like safest thing. I also didn't saved it on my PC or online storages. It was difficult to choose where to keep these things. Finally I decided to USB flash, but I'm not sure that's safest place.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
akamit
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 569


CryptoTalk.Org - Get Paid for every Post!


View Profile
April 07, 2019, 10:11:33 PM
 #5

Finally I decided to USB flash, but I'm not sure that's safest place.
Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.



@OP, you may want to check this article for all the best possible options.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
madrogue
Member
**
Offline Offline

Activity: 98
Merit: 15


View Profile
April 08, 2019, 12:01:13 AM
 #6

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.
More than 2 Years i save my private key to USB Flash and this is very safe i think.
But you must be carefull to access your wallet with private key,. If you login in phising website, hacker can steal your wallet too.

Bookmark website is important but with Bruteforce they can move a website you visited to their phising site.
So, don't bookmark in your Searching Browser. Better you save it as text file and save to your USB Flash.
bitmover
Hero Member
*****
Offline Offline

Activity: 644
Merit: 1071



View Profile
April 08, 2019, 12:06:31 AM
 #7

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

That's 100% correct.

Bitcoin is genius because the keys are hold offline, they cannot be hacked. If you hold them online, you are doing it wrong and making them available for hackers

You can just note down your seed and store in a safe physical location, hidden.

whotookmycrypto
Full Member
***
Offline Offline

Activity: 168
Merit: 198


WhoTookMyCrypto.com


View Profile WWW
April 08, 2019, 02:00:27 AM
 #8

Trezor has made a good article on this: https://blog.trezor.io/https-blog-trezor-io-keep-your-seed-phrase-away-from-lions-edcc105457a0

While they talk about seed phrase instead of private keys, the recommendations provided are equally applicable to securing your private keys.

mjglqw
Hero Member
*****
Online Online

Activity: 1106
Merit: 894


https://coinsources.io/bitcoin


View Profile WWW
April 08, 2019, 02:22:32 AM
 #9

or a device where there is no internet connection like a USB for example.

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

whotookmycrypto
Full Member
***
Offline Offline

Activity: 168
Merit: 198


WhoTookMyCrypto.com


View Profile WWW
April 08, 2019, 02:44:21 AM
 #10

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.


joniboini
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1152


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
April 08, 2019, 03:36:59 AM
 #11

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

pooya87
Legendary
*
Online Online

Activity: 1806
Merit: 1983


Remember tonight for it's the beginning of forever


View Profile
April 08, 2019, 04:24:47 AM
 #12

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

DroomieChikito
Sr. Member
****
Offline Offline

Activity: 770
Merit: 296


CryptoTalk.Org - Get Paid for every Post!


View Profile WWW
April 08, 2019, 06:13:59 AM
 #13

even they are student and familiar with pen and pencil, you have to instruting them of all to write private key on paper, double check spelling of private key, then laminated paper on very safe place

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
sheenshane
Hero Member
*****
Offline Offline

Activity: 770
Merit: 522


🔰www.mintdice.com🔰


View Profile WWW
April 08, 2019, 06:55:55 AM
Merited by suchmoon (9), Yamifoud (2), pooya87 (1), BitMaxz (1)
 #14

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.
You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member. Cheesy

Anyone who wants to try this just sent me a PM. Grin

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
Kakmakr
Legendary
*
Offline Offline

Activity: 1820
Merit: 1376

★ ChipMixer | Bitcoin mixing service ★


View Profile
April 08, 2019, 07:01:55 AM
 #15

Well, not entirely true. If you and the recipient have come to some sort of agreement to obscure the whole private key, by for example breaking it up and sending it with other numbers/letters in several different emails, then people will not be able to extract the private key from your emails.

Let's say the sender and the recipient agrees that the first 3 numbers or letters will be ignored and then the 5th and the 7th and replaced with something else, then it would not make up a recognisable private key.  Grin  <You further break up the numbers and send them in separate emails.>  Tongue

dothebeats
Legendary
*
Offline Offline

Activity: 1988
Merit: 1140

CryptoTalk.Org - Get Paid for every Post!


View Profile
April 08, 2019, 10:33:35 AM
 #16

Of course. Knowing how easy it is to actually get in on one's email and snoop on all of the contents of it, no one in their sane mind would even think of saving their private keys and other vital information on their email. If life's really that tough, then perhaps save your keys on your phone or write it down somewhere safe. It should be common knowledge that emails are insecure places to store sensitive data be it private keys, banking details, personal info.. the list goes on.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
April 08, 2019, 01:22:58 PM
Merited by Foxpup (3), vapourminer (1), o_e_l_e_o (1)
 #17

Your email can not key your private key safe it's still could be hacked and the information collected.


It seems like the majority of people still don't know how the email protocol works.

EVERY mail server (again: EVERY) between you and your recipient can read the mail in plain text.

It is (and never was) a good idea using (non-encrypted) emails to transmit sensitive information.
The email protocol is from 1980. It is extremely outdated and not secure at all.

Just because it is used everywhere, it doesn't mean it is something good / safe / secure.


Actually, you shouldn't store private keys on a device which is connected to the internet at all. Storing them on a mail server is just plain dumb.

jademaxsuy
Member
**
Offline Offline

Activity: 546
Merit: 23

★777Coin.com★ Fun BTC Casino!


View Profile WWW
April 08, 2019, 02:05:54 PM
 #18

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.
You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member. Cheesy

Anyone who wants to try this just sent me a PM. Grin

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.
This is more secure than I thought of saving a private key in a usb for sometimes it could be misplaced or stolen by someone and could compromise your holdings.

BTW, do this USB has a safety feature to which if one will going to eat it will prevent damage from the liquids passed through the mouth? I hope so, so that it could be really helpful and it could be one of great saving device for wallet private key.

LTU_btc
Hero Member
*****
Offline Offline

Activity: 1400
Merit: 746



View Profile WWW
April 08, 2019, 07:31:55 PM
 #19

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.
Offcourse hardware wallets is the best choice, I already use it for almost few years. But still, USB flash is needed for me to keep recovery phrase. I have written it down to a sheet of paper, but as already said, paper isn't very safe thing - Iover the time ink fades, and paper deteriorates, it's easy to destroy it with water and it can get lost easily.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 728
Merit: 2911


Decent


View Profile
April 08, 2019, 08:04:22 PM
Merited by Foxpup (3)
 #20

Let's say the sender and the recipient agrees that the first 3 numbers or letters will be ignored and then the 5th and the 7th and replaced with something else, then it would not make up a recognisable private key.
This is essentially security through obscurity, and is generally a bad way to store any sensitive information. If you absolutely must send something sensitive via email, the best way is an encrypted file with a previously (and securely) agreed upon key.

The same advice throughout this thread obviously applies to mnemonic seeds as well. Too many people store electronic copies of their mnemonic seed, which again, is a terrible idea. Write it down or engrave it, and store it somewhere physically secure.

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!