Store your seed phrase offline

[Pmalek]

I never saw the allure of using password managers to help me with my passwords, let alone for storing seeds or private keys. Sooner or later something nasty was bound to happen and LastPass is proof of that. This is not the first leak or hack that involved password managers. I don't keep track of it because it's none of my business, but I think LastPass was attacked in the past as well.

Just keep your private data to yourself, and think of a system of how to create secure passwords that will still be easy to remember.   
I would rather use good old pen and paper and a notebook if it became tedious to remember all the different pass combinations.

[1715335142]

1715335142

[1715335142]

1715335142

[LoyceV]

I never saw the allure of using password managers to help me with my passwords

Once upon a time, I used a clear-text file to store my passwords. Then, I installed a password manager and I'm still happy with it. I have at least 100 passwords, each with (give or take) 25 random characters.

let alone for storing seeds or private keys.

Agreed. Although it could work on a dedicated system without internet and sufficient backups, most people just shouldn't do this.

This is not the first leak or hack that involved password managers.

Password managers aren't the problem, it's the ones that add internet functionality. Don't do that, don't upload your passwords in the cloud. Keep it local, and make local backups.

Just keep your private data to yourself

Agreed!

and think of a system of how to create secure passwords that will still be easy to remember.

I did, and that "system" is a password manager that runs on my own system with heavy encryption and regular backups.

I would rather use good old pen and paper and a notebook if it became tedious to remember all the different pass combinations.

That means you either have weak passwords, or a very hard time using them. Example:

Code:

K7pKmC*ed^Pxjmd=u^5GHv!d4Vf2cbB+

Writing that down will lead to mistakes. If your system is to make small adjustments to your password for different websites, that means you're making it very easy for one compromised site to access your other accounts.

I always hate having to enter a password on mobile, and I bet most people use weak passwords because it takes far too long to type the above password on a mobile keyboard.

[Pmalek]

That means you either have weak passwords, or a very hard time using them. Example:

Code:

K7pKmC*ed^Pxjmd=u^5GHv!d4Vf2cbB+

Most of my passwords aren't week. I say most, meaning for the sites and services I care about. Dummy accounts or accounts created for testing purposes don't belong in that group. I agree that's too complex of a password, and the only way to work with that conveniently is through a password manager. Simpler alternatives are good enough for most people. You can still generate strong passwords made up of uppercase and lowercase letters, numbers, and special characters without making it look like your dog laid down on your keyboard.

And if you found yourself in a life-threatening situation where you absolutely had to access something from your phone while away from home, but you use a password like that, your chances are pretty slim.

[LoyceV]

I agree that's too complex of a password

It's not too complex, I think that's a normal password One that's actually a password, and not just some simple characters.

the only way to work with that conveniently is through a password manager.

Once you use a password manager, there's no reason not to use decent passwords anymore. Except for certain websites that restrict the use of characters and length of the password (to reduce security because their system can't handle it).

Simpler alternatives are good enough for most people. You can still generate strong passwords made up of uppercase and lowercase letters, numbers, and special characters without making it look like your dog laid down on your keyboard.

Of course. And I can remember even a few of them. But that's not enough. I just checked: for webshops alone, I have more than 50 different accounts, all with their own unique strong password.

And if you found yourself in a life-threatening situation where you absolutely had to access something from your phone while away from home, but you use a password like that, your chances are pretty slim.

I can't think of such a situation. I don't do banking on my phone, but have my debit and creditcard with me. I have cash and an encrypted paper wallet in my wallet, I have an emergency loan system in place on Bitcointalk. We have emergency services that arrive within a few minutes, and the country is so densely populated I can crawl to a house in a few meters. I don't need any of my passwords in an emergency.

[romeitaly]

Much better if you keep your seed phrase physically. What I mean is you can write down your seed phrase with a piece of paper and keep it in your trust case or something. Your seed phrase is much more important than your password so always keep in mind.

[Pmalek]

Much better if you keep your seed phrase physically. What I mean is you can write down your seed phrase with a piece of paper and keep it in your trust case or something.

Seed phrases should only be stored physically on paper or metal and in no digital form whatsoever. You can't hack a piece of paper safely tucked away somewhere where no one can find it. I am not sure what a 'trust case' is supposed to be. Are you talking about safety boxes maybe? I hope you don't mean carrying the seed with you in your briefcase or another type of bag or physical wallet because that is not recommended at all.

[Saint-loup]

There is nothing as important as the private key.

Because the seed phrase can produce the private key, that is why the seed phrase is very important but there is nothing as important as the private key.

Bitcoin core do not have seed phrase, either you backup the master private key or the wallet file. If you backup the wallet.dat, the password will be important if you encrypt it.

Actually Bitcoin Core uses HD wallets with private keys derived from a seed since several years. Only the first versions of the software didn't use them. The seed is not in the BIP 39 mnemonic format but in the WIF private key one, that's why so few people are aware about it.
But you can simply get it by doing a dumpwallet and looking at the first lines of the dump file. The seed will be a key named hdseed in the file.

Set or generate a new HD wallet seed. Non-HD wallets will not be upgraded to being a HD wallet. Wallets that are already
HD will have a new HD seed set so that new keys added to the keypool will be derived from this new seed.
[...]
2. seed (string, optional, default=random seed) The WIF private key to use as the new HD seed.
The seed value can be retrieved using the dumpwallet command. It is the private key marked hdseed=1

https://bitcoincore.org/en/doc/24.0.0/rpc/wallet/sethdseed/

[Lillominato89]

No online password security will be as strong as storing offline, either it's 2FA or 3FA Authentication do not use them to store your wallet's private seed.

There is no malware, spyware or hackers without online/ internet access, think about it, the only way to stay safe is offline 100%.

Writing seeds down on a paper book or steel carving is the best practice ever.

keeping our seed 100% safe and offline is the safest practice to avoid hacker attacks! transcribing one's seed sentence on sheets of paper or on steel platelets still has its degree of danger! paper is easily perishable in case of fire, for example, or it can be easily found by prying eyes if badly preserved, the steel plate could be lost, for another example. therefore security can never be 100%. It would be necessary to make many backups and a lot of care and conserve well

[Inwestour]

I never saw the allure of using password managers to help me with my passwords, let alone for storing seeds or private keys. Sooner or later something nasty was bound to happen and LastPass is proof of that. This is not the first leak or hack that involved password managers. I don't keep track of it because it's none of my business, but I think LastPass was attacked in the past as well.

Just keep your private data to yourself, and think of a system of how to create secure passwords that will still be easy to remember.   
I would rather use good old pen and paper and a notebook if it became tedious to remember all the different pass combinations.

Pen and notepad is perhaps one of the best options for storing our passwords and seed phrases. As for seed phrases, we can use our imagination and write it down in a way that only you can understand. But this is everyone's business, it's like an additional security measure.

I have also never used a password manager and never will, the risk is too high to put my funds at risk. And even more so, I never saved passwords on my laptop or phone, because this is probably the first place where they can steal it. Pen and notepad it's the easiest and most reliable way that has never let me down.

[GeorgeJohn]

The best way someone can store seed phrase is through documents on a paper, from the beginning i was thinking that the best conditions to keep seed phrase is through email documentation, but right now i have detect that storing your seed phrase online can give easy access of penetrating to the seed phrase, so the best someone can do is to store in a paper and store to a private place.

[Mpamaegbu]

Much better if you keep your seed phrase physically. What I mean is you can write down your seed phrase with a piece of paper and keep it in your trust case or something.

This is by far the best approach to it and that's the method I adopt. However, the downside to it is how do you assess it when you're far from home? I believe it's because of this hiccup that makes people want to save their seedphrase or passwords online/electronically so that they can easily assess them from anywhere without minding the danger of a leak. This is where being old fashioned pays, if you asked me.

[darkangel11]

Much better if you keep your seed phrase physically. What I mean is you can write down your seed phrase with a piece of paper and keep it in your trust case or something.

This is by far the best approach to it and that's the method I adopt. However, the downside to it is how do you assess it when you're far from home? I believe it's because of this hiccup that makes people want to save their seedphrase or passwords online/electronically so that they can easily assess them from anywhere without minding the danger of a leak. This is where being old fashioned pays, if you asked me.

Paper has even more limitations. It burns, it breaks, it can get lost, it can be read by random people if they find it, the ink can be damaged by water...
If you want to use paper make sure to store it in a steel or aluminum, waterproof container. I like storing things in electronic form but I do it offline on good old hard drives. They're pretty robust and can sustain more beating than a memory card or an ssd and can be recovered even after taking some serious beating. The upside is they can be encrypted and can fit more data than a simple piece of paper.
The important thing is to keep the offline at all times and only connect to machines you know are safe. It's really cheap to build a dedicated PC these days. A cheap, small computer cost about 2 times more than a hardware wallet and with some tweaking makes a secure access point.

[BossTrack]

I have not used LastPass password manager before, some people said it is also used for 2 factor authentication, but this is about people that are convenient to store their seed phrase, private key and password using a password manager that can connect online. The password manager uses vault to store people's information which are encrypted. In August 2022, hacker breached data of LastPass users, but can only be accessed using the password the users used to encrypt the data, said LastPass.

LastPass attacker stole password vault data, showing Web2’s limitations
LastPass data breach led to $53K   stolen, lawsuit alleges

What do you think about this? Before hacker can have access to something, that means the vault is online. If something is online, it can be hacked. If a password manager is not offline, do not use it. I like to put my seed phrase on a paper, if you want it safer, you can use a steel backup for it, there are steels that you can buy to backup your seed phrase and it is not a waste of money.

If you are afraid of people not to see your seed phrase and steal it, keep your seed phrase in a very safe place but use passphrase to make it safer.

I think it's a tough way to learn something we have been saying for a while. The less failure points the better, when you have your seed phrase stored online there is ONE failure point, you.

[Pmalek]

As for seed phrases, we can use our imagination and write it down in a way that only you can understand.

The more complicated your setup is, the greater the danger that you will make a mistake while setting it up or not remember what exactly you did in the future. A copy of 12/24 words written down in order is pretty self-explanatory. If you play around with the sequence or use any other memory tricks and systems, it can create unnecessary problems for you and your future heirs.

Whatever you own, you are going to leave it to your family if something happens to you. They shouldn't suffer trying to figure out what exactly you did. It's easier to explain to them to import a set of words in the order they were written down instead of having them memorize or write down your personal system.   

[Mpamaegbu]

~

Paper has even more limitations. It burns, it breaks, it can get lost, it can be read by random people if they find it, the ink can be damaged by water...

I read all the arguments you put out there against saving seedphrases on paper. They're valid points but you also have to know that no system is infallible. Every system has its peculiarity and can't be said to be perfect. I think the greater part of the task in security our wallets lies with us. Individuals must learn how to tighten the safety of whatever they use in securing their funds, whether offline or online; whether software or hardware.

[hd49728]

Individuals must learn how to tighten the safety of whatever they use in securing their funds, whether offline or online; whether software or hardware.

They should do their works silently.

If nobody knows they are rich, they are less likely become targets of thieves. If nobody around you knows you are cryptocurrency investor, you will less likely be in their radars.

If your devices are broken, learn to fix them by buying hardware stuffs and replace them by yourself, at home. With Youtube, Internet, you can replace a lot of things for your devices by yourself.

If it is out of your ability but a device is low in value like an old smart phone, let it be and buy a new one to use. Don't bring it to any store. Restoring your phone to factory condition won't make it completely impossible to be hacked.

[Mpamaegbu]

Individuals must learn how to tighten the safety of whatever they use in securing their funds, whether offline or online; whether software or hardware.

They should do their works silently.

If nobody knows they are rich, they are less likely become targets of thieves. If nobody around you knows you are cryptocurrency investor, you will less likely be in their radars.

I guess the paparazzi thing engulfing cryptocurrency is because of the preponderance of youngsters coming into the industry who erroneously equate the industry with the entertainment industry where public display of cash and affluence is a thing. We all know how exuberant youngsters can be. Being in this industry is supposed to entail secrecy and privacy. Those who keep and shield themselves from public scrutiny enjoy their new found riches quietly and in peace. Those who don't find themselves constantly harassed by the public.

[Ultegra134]

Pen and notepad is perhaps one of the best options for storing our passwords and seed phrases. As for seed phrases, we can use our imagination and write it down in a way that only you can understand. But this is everyone's business, it's like an additional security measure.

Use your imagination? Trust me, this is probably the worst piece of advice. I've lost quite a few seed phrases which I had written in a notebook in the past, thinking I'd remember where it is a year later. Trust me, I didn't have a single clue. Let alone coming up with your own encryption or randomizer of the seed phrase. It's a 99.9% guarantee that you'll lose it.

Moreover, I'm not fond of password managers either. I could be wrong, but in my opinion, it's best to avoid third parties in such a delicate matter.

Paper has even more limitations. It burns, it breaks, it can get lost, it can be read by random people if they find it, the ink can be damaged by water...
If you want to use paper make sure to store it in a steel or aluminum, waterproof container. I like storing things in electronic form but I do it offline on good old hard drives. They're pretty robust and can sustain more beating than a memory card or an ssd and can be recovered even after taking some serious beating. The upside is they can be encrypted and can fit more data than a simple piece of paper.
The important thing is to keep the offline at all times and only connect to machines you know are safe. It's really cheap to build a dedicated PC these days. A cheap, small computer cost about 2 times more than a hardware wallet and with some tweaking makes a secure access point.

Both methods have benefits and drawbacks; both can be lost in a variety of ways or even destroyed. I'm yet to apply this myself, but the best option out there seems to be to write it down on a few pieces of paper and hide them around the house, such as under a drawer or a cupboard. You can even use some hints for the locations on your phone; hardly anyone will ever suspect such a thing, and I also find it exaggerated for anything to happen that way.

[Crypt0Gore]

Seed phrases are safer on a notebook than anywhere else, the only thing to watch out for is natural disasters like water and fire, if you want to take this to another level then carve the words on a stainless steel and keep that in a safe location that only you knows and have access to.

Anything online is not friendly to crypto wallet and keys.

[Pmalek]

Use your imagination? Trust me, this is probably the worst piece of advice. I've lost quite a few seed phrases which I had written in a notebook in the past, thinking I'd remember where it is a year later. Trust me, I didn't have a single clue. Let alone coming up with your own encryption or randomizer of the seed phrase. It's a 99.9% guarantee that you'll lose it.

You shouldn't deviate away from standard encryption methods that have proven to be resilient and work for the majority of people. I agree with you on the part of not creating your own standards or reinventing hot water, as they say.

But misplacing or losing your seed that was written down in a notebook is your own fault. You didn't create something non-standard that failed you. You simply forgot where you wrote down your recovery phrase in the most natural of ways. This could have happened to you with any paper wallet backups. Even if you had a metal seed backup, you could have lost it somewhere or buried it and forgot where. It's your responsibility to remember these things. However, such backup standards aren't unusual in any ways to be avoided and not be recommended.