What are your biggest challenges around securing your crypto?

[bitbalance]

‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?

Are you overwhelmed with how to manage your crypto and be assured that they are secure?  
For instance:

 * Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
 * If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.


What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?

[1715148243]

1715148243

[1715148243]

1715148243

[1715148243]

1715148243

[cellard]

The only way to secure bitcoin wallet is to create the private keys within a safe environment (a computer that has never connected to the internet, or at least, formatted the HDD and then installing an OS that never seen the internet). It's the only way. Then you must learn how to pass a transaction made on the offline computer within the online node. What can you do? it's the only way to go. Many find it annoying but it's what it is.

The main problem for me is passwords. I have bad memory, I always lose my passwords. I have lost access to all encrypted stuff because I lost the passwords.

As far as backups, im not sure about that. Putting your wallet on the internet doesn't seem like a good idea, even if encrypted... too paranoid. But also too paranoid to trust electrum seed's model. So what's the solution? Be careful to not burn your house or have thieves... I can't tell you anything else right now.

[anu1908]

i think these are probably the most asked questions that i found in this forum:
- what wallet that i should use?
- how to store my backup?
- how to keep me protected if i connected to the network?
- how can i make sure that nobody steal my seed/private key?
- what happen if i lose my backup, how to recover my bitcoin securely?
etc.

[Pmalek]

* If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

This is one of the bigger problems when it comes to crypto. People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures. 

Sensitive and financial information shouldn't be stored on computers. We have hardware and paper wallets for long term storage. If for some reason you do end up doing it at least password protect the sensitive files. Hide it from plain sight and don't make it easy for a hacker to find it by calling it All my BTC private keys.txt

[o_e_l_e_o]

People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures.

Not just software wallets, but also things like 2FA. Many people either don't have back ups for their 2FA, or back up to another electronic device (such as phone and laptop). As OP says, if both are stolen, you can lose access to all your trading accounts (and web wallets if you are silly enough to use them).

Sensitive and financial information shouldn't be stored on computers.

On internet accessible computers, at least. It is perfectly reasonable to store your wallets on an airgapped computer, provided you take appropriate precautions to ensure the device is not infected with anything when setting it up, and securing it from physical attacks as well (whole drive encryption and storing it securely, for example).

[BitBustah]

I would say the biggest challenge is physical security.  I've read the horror stories of people being tortured for their bitcoin.  There are people in the world will kill for a few dollars, no matter how good your computer security is you are always vulnerable. 

[seoincorporation]

‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?

Are you overwhelmed with how to manage your crypto and be assured that they are secure? 
For instance:

 * Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
 * If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.


What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?

This is a complex topic, because each system has its own vulnerabilities and if the engine is perfect the vulnerability is the human factor. That's how the technology works, we can create complex encryption systems but we can not make a perfect human who doesn't make mistakes.

I think the best way to secure our coins, is in paper wallets in txt files inside zip folders with passwords. That's it, but this is the way i feel secure, for sure other people has it's own way.

[bob123]

* Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password

4 of them (Browser, network, software, email) are circumvented by storing your coins offline.

A strong password is necessary to be secure against physical access (e.g. hardware wallet / cold wallet on a computer).
Regarding the hardware wallet: Most do wipe the data after X wrong attempts to enter the pin (e.g. ledger nano after 3 times).
Regarding the cold wallet on a PC: You could use an encryption algorithm with tons of iterations to slow down the decryption process -> Bruteforcing no longer possible even with only a 6-8 char alpha numerical password.

* If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

Simple question.

If your coins are stored on a hardware wallet: Nothing lost, you still have full access as the only person.

If your coins are stored on a desktop- / mobile wallet:

• One should always have his wallet protected (encrypted private keys trough password / android mobile always encrypted (which is default with android 7+) + no developer mode + not rooted + locked with a pin)
• One should always have a backup of the seed used

If both points apply, it is not a problem within the next few hours / days / weeks in which you should recover your coins with your backup and send them to a freshly created wallet.

[Pmalek]

I would say the biggest challenge is physical security.  I've read the horror stories of people being tortured for their bitcoin.  There are people in the world will kill for a few dollars, no matter how good your computer security is you are always vulnerable. 

Nobody knows that you have bitcoin if you don't tell people you own bitcoin. Bitcoin is semi-anonymous and their users should stay that way as well. Only your circle of trust should know what you are doing and nobody else.

[Lucius]

All the possible technologies that exist today to keep crypto safe is not worth anything if it is not used in the right way. Most agree that hardware wallets are safe way of keeping crypto, and for now it is shown that this is correct. But security of hardware wallet is worth nothing if user is not aware of importance to make backup of seed words, so in case device is broken or stolen coins are lost.

My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.

The main problem for me is passwords. I have bad memory, I always lose my passwords. I have lost access to all encrypted stuff because I lost the passwords.

Why you use only your memory for passwords? Nobody is so perfect to remember hundreds of passwords, and the simplest solution is to write them down of paper. Then you only need to store that paper in the best possible way, there is no great wisdom in that.

[buwaytress]

I like that question also (on are your prepared for loss and recovery if devices all stolen) and I've asked myself and others a few times in the past.

1. Most people would probably not be able to recover a lot of things, browser accounts, email accounts, much less a Bitcoin wallet. I know I could recover several of those at least from memory alone.

2. This for me is also the weak point, that most people use 2FA on a device, exposing them to at least the Password axis you mentioned. Myself I use a Google Authenticator for 2FA, as an extension only linked to 1 browser account. Browser and extension are uninstalled quickly after use. And means I could recover all my online accounts quickly from a new device with 2FA and change passwords. I expect this method opens me up to other vulnerabilities... anyone care to share?

[jerry0]

What about where to store your seed?  You put it in your house, well a fire, theft or something like that could destroy it.  So you put it in 2 or 3 different locations?  Of course doing that exposes it even more.


Now if you have 24 word seed, you do write it in 1 piece of 2 piece or 3 pieces?  Example 12 words, its only half the seed.


Now where can you store it where its safe?  Bank deposit box?  What if thieves drill through it and steal the boxes as i have heard of cases like this?  If your seed is in the box with 24 words, well thats it.  But if nothing like that happens, couldn't an employee or someone on inside open the boxes up?  If its cash, they taking it would mean the person putting it there would know when they check the box.  The seed, well they can take picture of it or write it down.




Now what about making your seed look like something not noticeable?  Example you write the words and say 3rd grade spelling words or something like that?  What about you writing the 24 word seed but you do it as a code.  Like A = Z  B = Y etc.  Or something like A = E etc.  Then if someone gets access to it, they won't have a clue what that is because those are not words.  Of course if you do this, you need to remember what the letters a mean such as does it mean a is e or z etc.



Does anyone know of any safe storage spaces for this?  I know people say never store your seed online.  But what if you store it in your computer but encrypt it with say axcrypt.  Then upload it to say dropbox or google drive.  So let say someone was able to hack your dropbox or google drive. 


They still need to



Know your password for lastpass or keepass.




Now what if you encrypt lastpass or keepass as well?  Now they need to know the password for axcrypt and also lastpass or keepass.  A risk of this would be if you forget both passwords.


Thoughts on that?  Which of these seem to be the best?  I always thought having an online backup was good in case anything physically happened.

[BitBustah]

I would say the biggest challenge is physical security.  I've read the horror stories of people being tortured for their bitcoin.  There are people in the world will kill for a few dollars, no matter how good your computer security is you are always vulnerable. 

Nobody knows that you have bitcoin if you don't tell people you own bitcoin. Bitcoin is semi-anonymous and their users should stay that way as well. Only your circle of trust should know what you are doing and nobody else.

Well if you want to sell any significant amount of bitcoin you are pretty much forced to give you perosnal info to an exchange.  These exchanges are run by humans and all it takes is one bad employee or a data hack and your information is out there.

It must be a constant worry of crypto celebrities like Roger Ver, Vitalik, John Mcafee.  I'm sure they are worried about being kidnapped and torture for their coins.

[Pmalek]

Now where can you store it where its safe?  Bank deposit box?  What if thieves drill through it and steal the boxes as i have heard of cases like this?  If your seed is in the box with 24 words, well thats it.  But if nothing like that happens, couldn't an employee or someone on inside open the boxes up?  If its cash, they taking it would mean the person putting it there would know when they check the box.  The seed, well they can take picture of it or write it down.

Thieves could get to your seed phrase by robbing the bank but in cases like that they are usually looking for cash, gold, diamonds etc. You would have to be unlucky to get your deposit box robbed by thieves looking for crypto.

Bank deposit boxes can't be opened by the bank employee alone. You need two sets of keys. One key belongs to the bank and the other to the person leasing the box. Consider it a 2FA of some sort.

Does anyone know of any safe storage spaces for this?  I know people say never store your seed online.  But what if you store it in your computer but encrypt it with say axcrypt.  Then upload it to say dropbox or google drive.  So let say someone was able to hack your dropbox or google drive.  

You can store an encrypted seed and keys on a computer but it shouldn't be one that is connected to the Internet. It has to be free of malware and in good condition both hardware and software wise.

I wouldn't advice uploading to a cloud/drive. A safer option is to keep an encrypted copy on a password protected USB drive for example. One that is only used for that purpose and not for storing any other files.

[o_e_l_e_o]

Now if you have 24 word seed, you do write it in 1 piece of 2 piece or 3 pieces?  Example 12 words, its only half the seed.

The issue with this is that you all three pieces to restore your seed. If an attacker steals one, you can't restore the seed from the other two. You could of course leave multiple copies of each piece in different locations, but the more locations you use the more chance of someone finding one.

There are other ways to securely store your seed on paper. For example, you can use methods like Shamir's Secret Sharing or a modified one-time pad technique to split your seed in to 3 parts, and require any 2 of them to recover your seed (or 3 out of 5, or any other combination you fancy). Each piece on its own is useless.

But what if you store it in your computer but encrypt it with say axcrypt.

To encrypt it on your computer, it must at some point be on your computer unencrypted. This is not safe. You should only be doing this on a permanently airgapped device.

[pushups44]

A hardware wallet is great, but what if the pass code is stolen or found? How will funds be transmitted to relatives after death? In my view, these are issues crypto will have to solve in the coming decade. More than likely, we will need some centralization to resolve some of these concerns.

[o_e_l_e_o]

A hardware wallet is great, but what if the pass code is stolen or found? How will funds be transmitted to relatives after death? In my view, these are issues crypto will have to solve in the coming decade. More than likely, we will need some centralization to resolve some of these concerns.

Pass code? Do you mean your PIN for accessing the wallet? It should never be stolen or found because you should never write it down. The only thing you should be writing down and storing securely is your seed.

The easiest way to transmit funds after death is to tell your spouse or family member your PIN/location of your seed/paper wallet, etc. or include said instructions in your will or a dead man's switch.

[Lucius]

Pass code? Do you mean your PIN for accessing the wallet? It should never be stolen or found because you should never write it down. The only thing you should be writing down and storing securely is your seed.

Although the PIN in hardware wallets is important, in case it is forgotten, it is possible to recover wallet by entering 3 times incorrect PIN and then restore wallet from seed. But I can not agree that PIN should not be written down, it is 8 digit number (in my case - Nano S), and can easily be forgotten. If someone finds four digits or eight digits number, without the device itself it will not have any use of it. But if seed is compromised, wallet can be restored in different ways, regardless of PIN.

[bitbalance]

All the possible technologies that exist today to keep crypto safe is not worth anything if it is not used in the right way. Most agree that hardware wallets are safe way of keeping crypto, and for now it is shown that this is correct. But security of hardware wallet is worth nothing if user is not aware of importance to make backup of seed words, so in case device is broken or stolen coins are lost.

My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.

This is exactly the problem I want to tackle and educate people on it. It's hard to find relevant guides to security in one place. There are some that offer just generic information but don't discuss the details of how to do it.

[thinkright]

My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly. For my private key i preface to go the traditional way by writing and keeping it some where safe