key safety strategies?

[Lucius]

I recently had a scare with the ledger hardware wallet update and a windows 7 computer.
Got it sorted but made me plenty nervous.
I will go for months without checking, and generally uninstall the ledger app from my devices.

It's been a long time since Ledger doesn't support Windows 7, and it's no wonder you've had problems with the firmware update - you're happy if you've managed to complete it successfully. What you should do is leave that now obsolete OS, it has become a thing of the past and will only create problems for you with Ledger. If you want to continue using Windows I suggest you do an update to W10. Your private keys will be safe in your hardware wallet as long as you keep your backup safe.

Hmm. You're supposed to check the seed a few times after writing down, to be fair. Doesn't Ledger prompt you to read the seeds again to verify if you've written it down correctly? It shouldn't be that big of a problem if you're supposed to verify it again in the first place.

Ledger has something called Recovery Check app, but it is always desirable to perform a good old method to reset the device after the initial setup, and check if the same addresses are created after recovery.

[1715378950]

1715378950

[hatshepsut93]

but Tails comes with Electrum pre-installed on it so you can't verify Electrum's signature anymore as far as i know because it is already extracted.

You can download Electrum, put it on a USB and run this version instead of the one that is pre-installed. Or you can put it in Tails' persistent storage if you use it.

besides isn't it harder to use persistence with Tails that is designed by default not to leave anything behind? and if you want to use it installed on a USB to be used as the cold storage then you need persistence.

To me the amnesia feature is actually the biggest appeal of Tails, because it helps mitigate a theoretical airgap-jumping malware. I always transfer the unsigned transactions first, then I insert my USB with Electrum and wallet files and sign the transaction. After that I broadcast a transaction with mobile version of Electrum by scanning its QR code. This way, my keys are even less exposed than with persistent storage.

I agree. Since my cold storage device will never connect to the internet, then I do not need most of the things that Tails provides. A general OS with full disk encryption provides better usability and better security.

With my first cold storage setups I tried Ubuntu and Mint, and I've ran into issues with drivers and lack of a Python installation on the latter. Tails worked out of the box, and pre-installed Electrum is a bonus. It's true that you have to trust them with it, but you have to trust them on a bigger scale anyway - if OS authors wanted to steal coins, they would do it with or without malicious wallet software.

[o_e_l_e_o]

You can download Electrum, put it on a USB and run this version instead of the one that is pre-installed.

With this method, an attacker who gets their hands on your USB can do two things. First of all, they can deduce from the Electrum files and data that you are storing bitcoin, and execute a $5 wrench attack to access it. Or they can replace the Electrum files with malicious ones (I doubt very much you would verify the Electrum files each and every time you open Electrum) and steal your coins. Neither of these attacks are possible with a permanent OS which is fully encrypted.

With my first cold storage setups I tried Ubuntu and Mint, and I've ran into issues with drivers and lack of a Python installation on the latter.

Yeah, I'm not a big fan of Mint, but I've never had a problem with Ubuntu. You could always try Debian if you really like Tails, since that's what Tails is built on.

[daneal stev]

According to my personal opinion, the best advice that you can follow to protect your keys is to create backup copies of these keys, print more than one copy on the papers, and hide these papers in different places that only you can access, in addition to that you should stay away from storing your keys inside browsers and the Internet In addition to staying away from storing it inside a computer or mobile phone

[Twentyonepaylots]

What's wrong with Ledger? Hardware wallets are generally the safest that you can get if you're not a very tech-savvy person and it's practically idiot proof if you don't type your seeds into random places.

Totally agree, if we are talking about storing keys hardware wallets would be the topmost in the list. I like what you called it "idiot-proof" lol. But this thing might costs you around $100 to $200, if you don't have this you better storing your keys offline.

Hardware wallets are designed to store the keys only within the device itself and you can connect it to compromised computers without much problem (ideally not).

And also don't be an idiot acquiring hardware wallet on a random seller in the internet, they will sell you in a lower price but the hardware wallet is tampered or worst has a malware use in stealing funds. Either you have it or not, the safest way is to have a common sense.

[PointHope]

Got some good tips, thanks.

I like how easy the Electrum wallet works.
 
I quiit using win7 and now win10.
But windows is becoming more annoying with the increasing intrusiveness.

I'll probably got back to using a Linux only machine, which I havent used for a while. The learning curve was kinda tough for a younger boomer like me.
I've read how the newer Linux versions are easier to use nowadays.

[seramania]

What are the best private key safety tips.

I just learned about the CASA app. But it has a monthly fee.

I recently had a scare with the ledger hardware wallet update and a windows 7 computer.
 Got it sorted but made me plenty nervous.
I will go for months without checking, and generally uninstall the ledger app from my devices.

What other srategies can I consider?

are applications like casa convincing ?? use hardware wallets such as nano ledgers or trezzors as the safest storage media. because currently both types of wallets are proven to provide the best and most relevant storage. so the safest is a hardware wallet at this time

[hatshepsut93]

With this method, an attacker who gets their hands on your USB can do two things. First of all, they can deduce from the Electrum files and data that you are storing bitcoin, and execute a $5 wrench attack to access it. Or they can replace the Electrum files with malicious ones (I doubt very much you would verify the Electrum files each and every time you open Electrum) and steal your coins. Neither of these attacks are possible with a permanent OS which is fully encrypted.

USB with wallet files and Electrum can be encrypted too. It's pretty much the same, in both cases the attacker will see some encrypted files, and in both cases it might rise their interest, so a $5 wrench attack is equally likely. Steganography can be used to get deniability in case of these attacks, but if the attacker is good with technology, this might not work.

[Yamifoud]

What are the best private key safety tips.

I just learned about the CASA app. But it has a monthly fee.

I recently had a scare with the ledger hardware wallet update and a windows 7 computer.
 Got it sorted but made me plenty nervous.
I will go for months without checking, and generally uninstall the ledger app from my devices.

What other srategies can I consider?

You are just risking your keys to losing when you are using any third party. To keep your keeps much better to have saved it offline or just print it. I'd never think how you confidence using ledger wallet because a lot of people using that.

All the safety of your wallet and private keys will depend on you, in fact, I only use an online wallet but having 2FA factors will be good enough for me to secure my fund on there. If you are too careless with your keys, letting your computer used by another person or being bold enough to others, the possibility that you might lose control of your wallet. You don't need to spend more about keeping your keys, enough to start how you handle them.

[taufik123]

there's nothing to fear with hardware wallet updates. Even updating the device wallet firmware will be safer with even better security updates.
The main security wallet any other hardware device or wallet you have depends on how you use it. Do not enter your private key on phishing websites which will easily retrieve your private key.
Storing private keys must be done properly and safely, do not let them connect to the internet that you do not monitor.
You also need to have a secure and offline backup of the private key, which is especially necessary when you lose the primary private key.

You also have to always be vigilant and don't get caught with phishing websites or fake websites that will take over your wallet.

[o_e_l_e_o]

I only use an online wallet but having 2FA factors will be good enough for me to secure my fund on there.

2FA only protects your account from being directly accessed by an attacker, and even then it's not infallible and can be bypassed, reset, transferred, or phished. 2FA does absolutely nothing to protect your coins from the third party shutting down, going bankrupt, exit scamming, freezing your account, seizing your coins, implementing sudden KYC or other privacy invading policies, and so on. Do yourself a favor and withdraw your coins to your own wallet.

there's nothing to fear with hardware wallet updates.

Provided you have your seed phrase backed up. There have been instances of wallets resetting themselves when being updated.

Do not enter your private key on phishing websites

Fixed that for you. Do not enter your private key on any website, ever.

[FXforfun]

Hi,
Probably the perfect solution doesn't exist. There are a number of threats that could compromise your keys:
- Malicious people/software/devices: Hackers could steal your keys stored on any software or third party, Burglers could steal the piece of paper where you wrote down your keys. Ok, splitting your keys in several copies could work
- Yourself: After the years you could forget where did you hide your keys. How to recompound a sophisticated method. Who remember the password that open the magic box that stores the instructions to recover the seed?
- Death! Let's assume that you find the strategy to preserve the keys that best suits you. When you die, who will recover your bitcoins?? You need to allow easy access to your keys for the day you pass away, otherwise these would be buried and forgotten forever

[20kevin20]

Hmm. You're supposed to check the seed a few times after writing down, to be fair. Doesn't Ledger prompt you to read the seeds again to verify if you've written it down correctly? It shouldn't be that big of a problem if you're supposed to verify it again in the first place.

I can't remember if it did the last time I had to reset it, to be honest.. yet, the moment is still kinda stressful and puts me into some kind of paranoia mode until I get back to my wallets, lol.

- Yourself: After the years you could forget where did you hide your keys. How to recompound a sophisticated method. Who remember the password that open the magic box that stores the instructions to recover the seed?

To be honest, this one sucks the most. I mean, methods that require a good remembering mind suck and could go wrong for example if you suddenly have an unfortunate loss of memory.

I created a very complicated method to hide my keys (not very safe, but takes hella lot to find out what the pattern is) on a paper years ago and recently found the paper containing just the hidden key. I have no idea anymore what the method I have used was. Fortunately, it's empty though..

[roadrunnerjaiv2025]

I recommend having a hardware wallet instead. That's the safest of all your wallet options. That is if that's what you meant by "key safety". The thing about private key is that no one must know or have a copy of it apart from you. If it's inputted in a wallet that's owned and run by a third-party provider, access to your private key isn't exclusive to you. The third-party provider has access to it, too. Some of them are reputable though.

That said, hardware wallets aren't totally safe, so you must be careful when buying one. Some sellers will try to trick you into using a set of codes and tell you that it's supposed to be the key to your account. The seller has a copy of this key and can freely use it to steal your coins. Make sure that your hardware wallet is fully formated or free of any suspicious data. Experts advise writing down your private key on a piece of paper instead of saving it in a digital file. This way, if your computer gets infected or hacked, the hacker won't have your key.

[witcher_sense]

What do you mean by learn your key by heart? Memorizing the seed(s)? That's not a good choice. Even if you can remember the mnemonics with some tricks, nothing guarantee that you can remember it tomorrow. Printing the copy is better as you mentioned, as long as you store it securely. Buying a wall safe is probably a good idea but I won't put it open where people can see it as if you tell people "hey, there is something valuable here".

Seed phrases are meant to be memorized especially in emergency situations. For example, if a person is trying to escape from authoritarian regime or bitcoin-unfriendly country or simply wants to transfer wealth to another country he has to memorize his seed phrase and write it down again when he successfully crossed the border. Hardware wallets, paper wallets, seed plates are all good for safe storing and holding, but it is almost impossible to transfer those across borders. All your physical backups will suddenly become irrelevant and unsafe, because you obviously can't leave them behind and can't risk transfer them since they can and will likely be confiscated by evil government.

[crwth]

In order to be sure that you have a not compromised private key you could do a couple of things like

• Create your wallet in an air-gapped computer
• Use Hardware wallets (that's what you used already and you are pretty much protected already with that)
• Make sure that you only use a computer that isn’t infected with malicious content
• Update as much as possible to prevent possible vulnerability attacks
• Don’t Trust, Verify

With that, I think you are pretty safe with your keys. Don't ever lose your backup phrases and never input them to anything unless it's secure.

[taufik123]

there's nothing to fear with hardware wallet updates.

Provided you have your seed phrase backed up. There have been instances of wallets resetting themselves when being updated.

yes i am aware of that. Having a backup seed phrase is essential to avoid unexpected occurrences. I don't really know about hardware wallets, but when the firmware update fails it might be fatal too.
However, backing up the wallet's seed phrase is the most important and must be done.

[VanityWallets2015]

In order to be sure that you have a not compromised private key you could do a couple of things like

• Create your wallet in an air-gapped computer
• Use Hardware wallets (that's what you used already and you are pretty much protected already with that)
• Make sure that you only use a computer that isn’t infected with malicious content
• Update as much as possible to prevent possible vulnerability attacks
• Don’t Trust, Verify

With that, I think you are pretty safe with your keys. Don't ever lose your backup phrases and never input them to anything unless it's secure.

Exactly. It is important to have a secure physical storage for your keys.
Although, I acknowledge the point that these seed phrases are meant to be memorized as well.
The best and safest storage in your mind, just don't forget to constantly remind yourself about these.

[mardaed]

This key safety is among the many struggle of crypto enthusiasts. It is important to choose storage that are surely trusted but never get too assured and comfortable about these storage because it is also better if you know it by yourself.

[Rengga Jati]

I have very simple examples that I commonly do.
1. Store the private key with specific code on several devices such as laptops, computers, and also mobile phones. I store it offline, not online one because it will be very risky moreover when the application is not a paid-app.
2. Write down them on certain books, be sure that you really save the book securely. If needed, you can notice someone else about the private key, but ensure that he//she is trusted enough. It may be your wife/husband or trusted family.

And of course, never give other people who you don't believe the private keys, whatever the reasons, moreover when they have reasons to help you recover something. Never believe them.