What are your biggest challenges around securing your crypto?

[bitbalance]

Does anyone know of any safe storage spaces for this?  I know people say never store your seed online.  But what if you store it in your computer but encrypt it with say axcrypt.  Then upload it to say dropbox or google drive.  So let say someone was able to hack your dropbox or google drive. 

They still need to Know your password for lastpass or keepass.


Now what if you encrypt lastpass or keepass as well?  Now they need to know the password for axcrypt and also lastpass or keepass.  A risk of this would be if you forget both passwords.

Thoughts on that?  Which of these seem to be the best?  I always thought having an online backup was good in case anything physically happened.

For sure. This sounds a reasonable way to go about it. Also, the security doesn't have to be one solution for everything. YOu can have higher level of security for larger amounts. And reasonable security for lower amount of assets.

You could increase the security of the above method by using a client side encrypted storage space  instead of dropbox or gdrive - ex: Sync.com or Spideroak

[1715519455]

1715519455

[1715519455]

1715519455

[1715519455]

1715519455

[1715519455]

1715519455

[1715519455]

1715519455

[o_e_l_e_o]

My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly.

This is a huge security risk. Using the same password for things like email, social media, forums, and exchanges is just asking to be hacked. There have been some pretty major password leaks from some very reputable companies over the past few years - it is highly likely that less reputable companies like small crypto exchanges will leak your password at some point. If an attacker was to gain access to one of your accounts, you could lose everything.

If you are struggling to use different passwords or remember them all, then just use a secure password manager like KeePass.

[bitbalance]

My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly. For my private key i preface to go the traditional way by writing and keeping it some where safe

This is a reasonable thought process. Also, you can use two password managers - one password - to store passwords that are not risky. Ie for regular accounts and such that will not cause you to lose lot of money. Using a file based offline password manager like Keepass to store sensitive passwords and keys.

[bitbalance]

People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures.

Not just software wallets, but also things like 2FA. Many people either don't have back ups for their 2FA, or back up to another electronic device (such as phone and laptop). As OP says, if both are stolen, you can lose access to all your trading accounts (and web wallets if you are silly enough to use them).

For 2FA, you have to have a strategy to securely store the backup of your 2FA as well cause you don't want that falling under the wrong hands either.

[bitbalance]

2. This for me is also the weak point, that most people use 2FA on a device, exposing them to at least the Password axis you mentioned. Myself I use a Google Authenticator for 2FA, as an extension only linked to 1 browser account. Browser and extension are uninstalled quickly after use. And means I could recover all my online accounts quickly from a new device with 2FA and change passwords. I expect this method opens me up to other vulnerabilities... anyone care to share?

Are you using an extension to get the 2FA code? That is not how it is meant to be used. 2 Factor means, it's the second way of proving it is you. THe first way is password. And if you use your 2FA this way, then it's really only 1 factor. The use of the 2fa seed in many places will increas the chance of it being stolen. You could just install a 2fa app on a phone not connected to the internet.

[_Django05_]

‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?

Are you overwhelmed with how to manage your crypto and be assured that they are secure?  
For instance:

 * Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
 * If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.


What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?

Other than my daily driver Windows 10,  I dual boot Win7 in another HDD for the sole purpose of wallet sync and transaction. No browsers, no other programs just the wallet. I backed up my wallet.dat file along with my seed on a flashdrive which i never plug on another computer just mine with the  Win7 OS. That's how i deal with it.

[o_e_l_e_o]

I backed up my wallet.dat file along with my seed on a flashdrive which i never plug on another computer just mine with the  Win7 OS.

For the best security, your seed should never touch an internet enabled computer, especially if you are storing it in plain text. Even although you are using a different OS, since you are connecting to the internet with that OS you have no guarantee that it has not been infected with some kind of malware. I would store your seed on paper and not on a flash drive at all, or if you insist on storing it on a flash drive, only ever connect that flash drive to a completely air-gapped machine.

[Jet Cash]

With regards to using computers that have never had access to the net - I'm thinking of removing the hard drive from a notebook, and installing Linux on a couple of USB SSDs. I can then boot the computer from one of the SSDs. If I keep personal info on the one that never accesses the net, then that should give me a bit of extra security.

[o_e_l_e_o]

With regards to using computers that have never had access to the net - I'm thinking of removing the hard drive from a notebook, and installing Linux on a couple of USB SSDs. I can then boot the computer from one of the SSDs. If I keep personal info on the one that never accesses the net, then that should give me a bit of extra security.

The way I've done it is with a old laptop (10+ years) I had kicking around. It was serving no purpose anyway, other than gathering dust, so I simply opened it up and removed the WiFi card, so it will never accidentally connect to the internet. The hardware is old and it would struggle to run most modern software. Hell, I don't think it would even manage a modern version of Windows or a resource heavy browser like Chrome, but it's quite capable of running Linux and signing bitcoin transactions.

The other vector of attack is obviously physical attacks on the device. I have full drive encryption on this laptop - it might be worth looking in to that for your SSD.

[LeGaulois]

The challenge I had was to keep the seeds in a safe place. At home, you will say, yes sure, but what about if there's a fire in your house. Your home insurance will do nothing. You can have the backups in all the rooms, all of them will be gone with the fire. I don't really have a family anymore so can't even ask someone to keep a piece of paper. I managed to store the seed somewhat but it cost me some buck

[o_e_l_e_o]

-snip-

You could invest in a fire and water proof safe, and place it underneath your floorboards or bury it in your garden if you have one. Or inscribe your seed on some metal plates which would withstand the heat of a fire. Alternatively, use something like Shamir's Secret Sharing to give parts of your key to some trustworthy friends.

[LeGaulois]

-snip-

You could invest in a fire and water proof safe, and place it underneath your floorboards or bury it in your garden if you have one. Or inscribe your seed on some metal plates which would withstand the heat of a fire. Alternatively, use something like Shamir's Secret Sharing to give parts of your key to some trustworthy friends.

I don't want to rely on a person per se, I prefer to rely on a system I think. I got trouble last year when my father passed away suddenly.
I know there's a metal thing to keep your seeds, cryptosteel or something like that, but I was in a hurry, I give it to a notary since I also need to use him for others stuff.

[royalfestus]

Hack and physical theft could the security challenge around me. sometimes physical theft information may not be useful to culprit and may just cost absolute loss. Demise of some individual may not give access to the coin, the fear of crypto loss due to demise came up as a challenging problem in recent dailies. I think this is enough or good idea for crypto enthusiasts to look into and create a project from.