Backup your Private Keys ! (Before it's too late)

[apoorvlathey]

So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.

[1714955186]

1714955186

[1714955186]

1714955186

[GSpgh]

You're replacing one potential problem (physical damage to a piece of paper) with multiple passwords, a cloud service, etc. Too complicated and too many points of failure.

A laminated piece of paper in a waterproof/fireproof safe works well, maybe a second copy offsite if you're really paranoid. Or a hardware wallet.

[gentlemand]

2. Add it to a .zip file and encrypt it by setting a password.

You'd have to be very confident in your ability to create a strong enough password and being able to remember it is probably more important.

Anyone thinking of doing so would do well to spend a while researching the best way of creating strong and memorable ones. I have plenty of encrypted folders with variations on long term passwords that I can't remember. There's nothing of importance in them so it doesn't really matter. It obviously would in this case.

[masulum]

I remember what Bob123 say to me:

While redundancy is good. Even redundancy via the cloud is good for safety. But it is not a good way to "secure your recovery seed.." as stated in the OP and the title of this topic.


Storing such sensitive information (which gives anyone who has access to this information the full control over your funds) online is the exact opposite of secure.

From his post, I learn to more careful to save our PK on cloud storages. And, remember, Google not really save too, because they tracking everything that connect with our account. Maybe you can read "Let's talk about Privacy" by Bitmover. There are many Google alternatives you can use.

DWYOR/DYOR

[yazher]

I never knew that you can open an image file with notepad, I just don't like the idea to upload it on Gmail. I have an experience where I can't open my email account anymore due to long inactivity. although it's not Gmail, there is a tendency that it would be the same. I'm talking about my yahoo mail, I know the password but I cannot open it anymore it asks me some verification to another email which I don't know the password. FYI that Email I'm trying to open is my first email in 2008, older than Bitcoin. something like this could happen, you need to aware of it guys.

[gentlemand]

I never knew that you can open an image file with notepad, I just don't like the idea to upload it on Gmail. I have an experience where I can't open my email account anymore due to long inactivity. although it's not Gmail, there is a tendency that it would be the same. I'm talking about my yahoo mail, I know the password but I cannot open it anymore it asks me some verification to another email which I don't know the password. FYI that Email I'm trying to open is my first email in 2008, older than Bitcoin. something like this could happen, you need to aware of it guys.

Not sure if it's the case any more, but at one point Yahoo would make your address available again if you hadn't logged in for six or more months.

I've had the same thing with dead or forgotten recovery systems. I find it really annoying when gmail won't let you in. There should be a 'you're on your own' option that doesn't make these demands as sometimes you can't meet them.

[psycodad]

How about XORing the value that your seed represents with the hash of a (weaker and shorter) password and creating again an BIP39 seed from the output ?

The output looks like a valid seed but most probably isn't usable to use as seed (and certainly doesn't allow spending your funds). You get your original seed back by simply XORing again against the hash of your password.

Still easy to break with a classic $5 wrench attack though...

[febriyana]

So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.

I am not really sure, edit image with notepad.
Also that is complicated. We don't know :
zip also can get virus
Google maybe will block your account without notice
also to open it we must use laptop, pc, phone.
That is too long process...
I am still choose to write it manually in paper then laminated it. Save in the deposit box, if you want really secure. 

[apoorvlathey]

You're replacing one potential problem (physical damage to a piece of paper) with multiple passwords, a cloud service, etc. Too complicated and too many points of failure.

A laminated piece of paper in a waterproof/fireproof safe works well, maybe a second copy offsite if you're really paranoid. Or a hardware wallet.

Yeah you are right, but I wanted a way to access my wallet as I usually live remote, away from where I would have kept my keys in physical & permanent location. Can't risk it to carry them along with me wherever I go.

2. Add it to a .zip file and encrypt it by setting a password.

You'd have to be very confident in your ability to create a strong enough password and being able to remember it is probably more important.

Anyone thinking of doing so would do well to spend a while researching the best way of creating strong and memorable ones. I have plenty of encrypted folders with variations on long term passwords that I can't remember. There's nothing of importance in them so it doesn't really matter. It obviously would in this case.

I am pretty confident that I would remember all the passwords involved. I also use a sort of algorithm (mentally) that enables me to modify my password, making it unique for each site, so it's not much of an issue.
I cannot emphasize much on the importance of having different passwords for different websites.

I remember what Bob123 say to me:

While redundancy is good. Even redundancy via the cloud is good for safety. But it is not a good way to "secure your recovery seed.." as stated in the OP and the title of this topic.

Storing such sensitive information (which gives anyone who has access to this information the full control over your funds) online is the exact opposite of secure.

From his post, I learn to more careful to save our PK on cloud storages. And, remember, Google not really save too, because they tracking everything that connect with our account. Maybe you can read "Let's talk about Privacy" by Bitmover. There are many Google alternatives you can use.

DWYOR/DYOR

In order to maintain my privacy with the google cloud, I upload only the encrypted file to their server.
Thanks for linking this thread, wasn't aware of other open-source alternatives like these, the only problem they have is one has to setup his/her own dedicated server.

I never knew that you can open an image file with notepad, I just don't like the idea to upload it on Gmail. I have an experience where I can't open my email account anymore due to long inactivity. although it's not Gmail, there is a tendency that it would be the same. I'm talking about my yahoo mail, I know the password but I cannot open it anymore it asks me some verification to another email which I don't know the password. FYI that Email I'm trying to open is my first email in 2008, older than Bitcoin. something like this could happen, you need to aware of it guys.
...

Woah, you definitely got a valid point here. This thought never crossed my mind. I wasn't aware that such things might happen for inactivity. As in this case, I would be using the cloud for backup purposes only, so logging into this email is rare.
Btw, one can setup "Inactive Account Manager" (link: https://support.google.com/accounts/answer/3036546?hl=en) to forward any data before account deletion by google.

Here's a quote:

As of late 2017, Google does not automatically delete inactive Gmail accounts. The company reserves the right to delete accounts that remain inactive for an extended period of time but does not usually do so. The information on Google's Gmail account deletion policy is here for historical purposes.

...
Still easy to break with a classic $5 wrench attack though...

Haha true !

...
zip also can get virus
Google maybe will block your account without notice
also to open it we must use laptop, pc, phone.

I don't think the zip would get virus if it is safely stored in the cloud.
I fully accept that Google, being in control of this could cause a problem. Might need to consider better alternatives. As in cryptocurrencies, it all comes down to Being Your Own Bank (BYOB) !

[Blowon]

I never knew that you can open an image file with notepad, I just don't like the idea to upload it on Gmail. I have an experience where I can't open my email account anymore due to long inactivity. although it's not Gmail, there is a tendency that it would be the same. I'm talking about my yahoo mail, I know the password but I cannot open it anymore it asks me some verification to another email which I don't know the password. FYI that Email I'm trying to open is my first email in 2008, older than Bitcoin. something like this could happen, you need to aware of it guys.
-snip-

That's could being your mistake not services by mails, lets we learn from it, to always set up email or phone active so we can easily revocery a case on one day. Images could be coverted by words then saved on notepad, it's called as encrypt & decrypt methode.

[btcdie]

So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.

I am not really sure, edit image with notepad.
Also that is complicated. We don't know :
zip also can get virus
Google maybe will block your account without notice
also to open it we must use laptop, pc, phone.
That is too long process...
I am still choose to write it manually in paper then laminated it. Save in the deposit box, if you want really secure. 

that's what I have been doing all this time to secure my private key, which is to write it on a piece of paper and put it in the ground, like planting a time capsule. I have a box made of stainless steel, strong for the long term. when planting private keys, I make sure no one knows. if saving on an online backup, it is very risky to forget the account in the long run and have to remember it all the time.

[Velkro]

You're replacing one potential problem (physical damage to a piece of paper) with multiple passwords, a cloud service, etc. Too complicated and too many points of failure.

A laminated piece of paper in a waterproof/fireproof safe works well, maybe a second copy offsite if you're really paranoid. Or a hardware wallet.

Agree, this is very failure possible method. Not secure to store any serious BTC.
Less failure method would be even storing piece of paper with your seed in front of your PC screen. Stupid? Yes, but you not relaying on 3rd party service like google servers, you don't have chance to forgot multiple passwords etc.
Think again about it, im glad it worked this time, but for future you can improve your method so much.

[o_e_l_e_o]

Yeah, this is horrible advice.

Storing a key in an image file would only hide it from the most cursory of searches. Anyone who is seriously trying to steal private keys won't be fooled by this.
Applying a password to a ZIP or other archive file doesn't necessarily encrypt it, and if it does, doesn't necessarily use strong encryption. All depends on the software you use.
You shouldn't be storing private keys in the cloud, and certainly not on some random insecure email server.

Why are trying to reinvent the wheel? There is an accepted standard for backing up wallets - write down your 12 or 24 words on paper, and store them somewhere safe and secure. There is a reason that all major wallets suggest this method.

[GSpgh]

Yeah you are right, but I wanted a way to access my wallet as I usually live remote, away from where I would have kept my keys in physical & permanent location. Can't risk it to carry them along with me wherever I go.

Invest in a hardware wallet.

To paraphrase Dan Geer: cost, security, convenience - you can only pick two. If you're trying to make it cheap AND convenient you will sacrifice security and that's not a good thing when you're dealing with money.

[Thekool1s]

1. Edit an image using notepad, paste the seed in between.

If someone is already on your PC, you have been compromised. You never COPY/PASTE your seed. There are much better alternatives to make backup copies of your seed which have been discussed here before.

Anyway, If I were to create a secure seed, I would download an official copy of windows from Microsoft and verify it first. Most people don't run official windows and if you ask me that's a major threat that most people ignore/are unaware of. After Installing the windows on a spare drive, I would Create a seed, backup the seed on 2 Encrypted flash drives and probably place them under a plant in my home Even if one of them fails I will have the 2nd one. The more flash drives you have, the better

[Mahanton]

1. Edit an image using notepad, paste the seed in between.

If someone is already on your PC, you have been compromised. You never COPY/PASTE your seed. There are much better alternatives to make backup copies of your seed which have been discussed here before.

Anyway, If I were to create a secure seed, I would download an official copy of windows from Microsoft and verify it first. Most people don't run official windows and if you ask me that's a major threat that most people ignore/are unaware of. After Installing the windows on a spare drive, I would Create a seed, backup the seed on 2 Encrypted flash drives and probably place them under a plant in my home Even if one of them fails I will have the 2nd one. The more flash drives you have, the better

'
I have 3 encrypted flashdrives which been kept in different locations in my house and i didnt even intend to store up any keys in cloud yet
im just too paranoid when it comes to online exploits and hackings so its better to store these sensitive informations offline or physically.
I do able to sleep well without worries because even one of your flashdrives is gone or got destoryed you do still have back-ups of back-ups.

[GSpgh]

Create a seed, backup the seed on 2 Encrypted flash drives and probably place them under a plant in my home Even if one of them fails I will have the 2nd one. The more flash drives you have, the better

[I'm going to ignore the recommendation to use home-phoning malware known as Windows]

Do you even need to hide the flash drive? If anything, a hidden drive (if someone knocks your plant off accidentally and finds it) will look like it has something valuable in it. But you just throw it into a drawer with some random junk it will look like any other flash drive. And better store the other drive offsite (work, car, etc) in case your house burns down.

That's assuming encryption is reliable. Some "hardware encrypted" flash drives are not. I'd rather use known good encryption software at the file level, which allows you to do some other stuff, like make the files seem innocuous if someone looks inside. Although that also has pitfalls (speaking as a former TrueCrypt user here).

Or just skip the hassle and use paper. Proven technology, thousands of years old, with plenty of options to obscure and to secure.

[Thekool1s]

[I'm going to ignore the recommendation to use home-phoning malware known as Windows]

Fine, let's agree to disagree

Do you even need to hide the flash drive? If anything, a hidden drive (if someone knocks your plant off accidentally and finds it) will look like it has something valuable in it. But you just throw it into a drawer with some random junk it will look like any other flash drive. And better store the other drive offsite (work, car, etc) in case your house burns down.

Hey, don't take my suggestion literally. That's exactly what I meant by having them "Under a plant"

That's assuming encryption is reliable. Some "hardware encrypted" flash drives are not. I'd rather use known good encryption software at the file level, which allows you to do some other stuff, like make the files seem innocuous if someone looks inside. Although that also has pitfalls (speaking as a former TrueCrypt user here).

Indeed. Mine are "Software" Encrypted as well

Or just skip the hassle and use paper. Proven technology, thousands of years old, with plenty of options to obscure and to secure.

I have a dictionary and i have highlighted one of my seeds, it's a dumb idea but that's just me man.

[Saint-loup]

So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.

I think it's a little bit too complicated for most of users. Moreover Gmail can be hacked and you have to remember 2 different passwords.

The easiest way IMO is to use BIP38 keys with a password or a bip39 seed with a passphrase.
If your wallet doesn't support seeds with passphrase, you can generate a bip39 seed with a passphrase off line on the iancoleman page https://iancoleman.io/bip39/ and then import the private key (xprv) in your wallet.
Then you can backup your seed online, you just need to remember your passphrase or to store it in another place.

You can also back up online a normal seed (without passphrase) by replacing few words, and remembering  these words, or storing them in another place.

[GSpgh]

Hey, don't take my suggestion literally. That's exactly what I meant by having them "Under a plant"

LOL ok 

You can also back up online a normal seed (without passphrase) by replacing few words, and remembering  these words, or storing them in another place.

Just make sure to replace them with BIP39 words otherwise it might be easy enough to identify and bruteforce the missing words. Sorry if you meant this, it wasn't clear.