For those that use Bitcoin Core as a wallet, how do you plan safety?

[takuma sato]

For the people that use software such as Electrum where there is BIP39 support, you can "spawn" your entire wallet anywhere in the world by remembering the 12 seeds. However, I like the functionality and features of Bitcoin Core as a wallet, and I was never confident using any other software since it doesn't feel as solid, they feel more like a toy rather than something robust where you would trust money with, and so Bitcoin Core with features like coin control and so on plus it being the original full node software heavy peer reviewed feels like a better way to go. I just have 2 Bitcoin Core instances, one not synced for airgap storage of keys and one synced with watch-only address.

The big problem here is keeping your wallet.dat file safe. This was always a bit upsetting, knowing that you cannot have this nice feature of, if everything else failed on your backups for some reason, you could still use your memory by remembering the 12 words, but with Bitcoin Core you must keep the wallet.dat safe. So my question is, what are some ideas to keep it safe?

You are pretty much limited to physical backups. This is a big problem, specially if you travel, you must plan around having to cross borders. If you don't have anyone you could trust with keeping backups, or you don't have more than a single property, you are limited to a single spot. You would need to resort to paying an storage spot of sorts, like a bank vault, or something like that, which is questionable, but it's the only way to diversify physically, otherwise you will be stuck to your place.

You could encrypt the wallet in a encrypted container with dm-crypt, luks, veracrypt or some other open source software and in theory, if you trust bitcoin, then using sha256 with a strong password similar in length and complexity to the private keys then you would be trusting that this backup is safe and then you could place this somewhere online, like a cloud storage or email provider, and then you would have an alternative to the lack of BIP39, but this would mean you trust the servers there to not screw up. Perhaps someone knows a good cloud storage service or email provider you could register at without doxing yourself in the process.

Those are the options I see. You are tied to this file for the rest of your life basically, so you must consider all possible scenarios, and consider for instance if the risk of a flood, or someone stealing your backups is higher than the risk of storing online an encrypted file, which I think could be higher. We saw what happened in LA in the US for instance. A lot of people with luxury homes and safes lost their stuff. If you were wallet.dat user and had no online backups you could be screwed there.

If anyone knows any ideas in how to manage this please let me know.

[Findingnemo]

Now if you want to stick with core, no matter what as your wallet then the choices are storing the backup in offline devices on multiple locations and also cloud back up after encrypting the wallet file with strong password. I would say these still holds the potential risks that you're talking about.

How about using core not as wallet, just only a node and Electrum for the wallet so you get to have the privacy and coin control feature along with full node validation. Also now you have the choice of seeds that can be used for wallet recovery in future if it's ever needed.

[LoyceV]

You are pretty much limited to physical backups.

It's a small file, encrypted with a strong password. Even if it's HD, I prefer to make a new backup once in a while (so at least it adds the new labels). Don't delete your old backup, just create a new one on a new storage medium. I prefer different brands, and if you fear EMPs, you could burn it on a CD.

This is a big problem, specially if you travel, you must plan around having to cross borders.

Why would you bring your backups when you travel? I bring a disposable laptop. To access anything, you'd need to get through several layers of encryption.

If you don't have anyone you could trust with keeping backups, or you don't have more than a single property, you are limited to a single spot. You would need to resort to paying an storage spot of sorts, like a bank vault, or something like that, which is questionable, but it's the only way to diversify physically, otherwise you will be stuck to your place.

There's not much trust involved for having someone keep an encrypted backup. All they need to do is "not throw it out".

You could encrypt the wallet in a encrypted container with dm-crypt, luks, veracrypt or some other open source software and in theory, if you trust bitcoin, then using sha256 with a strong password similar in length and complexity to the private keys then you would be trusting that this backup is safe and then you could place this somewhere online, like a cloud storage or email provider, and then you would have an alternative to the lack of BIP39, but this would mean you trust the servers there to not screw up. Perhaps someone knows a good cloud storage service or email provider you could register at without doxing yourself in the process.

If you encrypt it locally, and if you're sure you can forever remember your password^*, this could work. For a private cloud storage provider, try Protonmail. If your trust your encryption, you could even post it online (not recommended and not for the faint of heart, and I wouldn't dare do it for anything more than pocket change)

We saw what happened in LA in the US for instance. A lot of people with luxury homes and safes lost their stuff. If you were wallet.dat user and had no online backups you could be screwed there.

Those are the rare exceptions, and even if it happens, a safe-distance backup is all you need.

^* I prefer to use different passwords for multiple backups, so even if I lose access to one of my backups, I can still access the next one.

[ABCbits]

For the people that use software such as Electrum where there is BIP39 support, you can "spawn" your entire wallet anywhere in the world by remembering the 12 seeds.

Remembering 12 seed/recovery words isn't practical. But while Bitcoin Core never support BIP 39, you could do what you described by backup your master private key instead. Here's quick example for descriptor wallet.

Code:

walletpassphrase YOUR_PASSWORD

null

listdescriptors true

{
  "wallet_name": "test4",
  "descriptors": [
    {
      "desc": "pkh(tprv8ZgxMBicQKsPf4fVacbdYJEzWfZqKCPTe8ug3qRNkxSocM4QTivhYMXZxJdpaNev3NEhc8xxs8L1umh39VH8N6EJctNPpbyoMY5Ur3NL1sB/44h/1h/0h/0/*)#ldaa7mgc",
      "timestamp": 1741768274,
      "active": true,
      "internal": false,
      "range": [
        0,
        999
      ],
      "next": 0,
      "next_index": 0
    },
    ...
}

Usually you would backup all 8 descriptors. But theoretically you could get away by only backup 1 trpv, where you
1. Manually recompute checkesum.
2. Using either online resouirce or create new wallet to get descriptor (without trpv) and derivation path used by Bitcoin Core.

Perhaps someone knows a good cloud storage service or email provider you could register at without doxing yourself in the process.

I recall you've asked this question on different thread. But have you consider using VPS (that known to never ask KYC and allow anonymous registration)? I know it's not ideal option since it costs more money and require some expertise to secure the VPS properly.

[nc50lc]

For the people that use software such as Electrum where there is BIP39 support, you can "spawn" your entire wallet anywhere in the world by remembering the 12 seeds. However, I like the functionality and features of Bitcoin Core as a wallet,
-snip-
The big problem here is keeping your wallet.dat file safe. This was always a bit upsetting, knowing that you cannot have this nice feature of, if everything else failed on your backups for some reason, you could still use your memory by remembering the 12 words, but with Bitcoin Core you must keep the wallet.dat safe. So my question is, what are some ideas to keep it safe?
-snip-
If anyone knows any ideas in how to manage this please let me know.

If you really-really need to use a BIP39 mnemonic seed backup on a Bitcoin Core wallet, you can create a new wallet containing your BIP39 seed's master private key.
Your existing Bitcoin Core wallets however can't be backed-up by a mnemonic seed since "xprv -> seed -> mnemonic seed" isn't possible.
So your option is "mnemonic seed -> seed -> xprv -> descriptors -> importdescritors".

The steps are quite complicated and should be done in your Air-Gap machine (I wont go into finer details):

• 1. PRandomly create a BIP39 mnemonic (will be your written backup) and derive its Master Private Key.
  (you can use IanColeman's BIP39 tool for testing purposes only, its "BIP32 Root Key" is its master prvKey)
• 2. Create "pkh", "pwkh", "sh(pwkh)", "tr" descriptors and another set for each's internal (change) containing that master private key.
  If you're not familiar with descriptors, refer to a sample wallet's descriptors to see the correct format (create a sample descriptor wallet and use listdescriptors true)
  Since those are standard derivation paths, your mnemonic can also be restored to any wallet that supports BIP39.
• 3. Create your wallet with the option "Make Blank Wallet" set to "true" so it will not pre-generate descriptors.
• 4. Import those descriptors using importdescriptors command.
  Check the commands' syntax here: bitcoincore.org/en/doc/28.0.0/rpc/wallet/importdescriptors

[takuma sato]

Why would you bring your backups when you travel? I bring a disposable laptop. To access anything, you'd need to get through several layers of encryption.

If you want to use your BTC in another country and you refuse to have online backups, you will be carrying your wallet. People have reported getting forced to decrypt on some checkouts and they make full copies of your data.

There's not much trust involved for having someone keep an encrypted backup. All they need to do is "not throw it out".

The person you are trusting may backstab you on a long enough timeline, if they suspect you have something of value there, specially as BTC becomes more mainstream.

If you encrypt it locally, and if you're sure you can forever remember your password^*, this could work. For a private cloud storage provider, try Protonmail.

Protonmail was decent back when they didn't randomly ban accounts that use Tor. So you could upload your stuff there, and then wake up with a banned account at a random day, and now that copy is there stuck "forever" or for as long as they keep records for (even if encrypted I like to be able to at least delete it if I wanted, and yes they may keep copies after deletion but eventually they remove them, not sure what happens to deactivated account's data). So one would need to find a Tor friendly way to store the data since you don't want to be doxed to your backup just in case.

Those are the rare exceptions, and even if it happens, a safe-distance backup is all you need.

These things happen more often than one would imagine so you need to be ready. The problem with safe-distance is as I described, I wouldn't trust someone to hold backups long term, so perhaps some sort of vault or something you could rent would be better since they actually make money by not screwing up people's stuff vs someone that will most likely lose your usb or whatever you use to store it.

For the people that use software such as Electrum where there is BIP39 support, you can "spawn" your entire wallet anywhere in the world by remembering the 12 seeds. However, I like the functionality and features of Bitcoin Core as a wallet,
-snip-
The big problem here is keeping your wallet.dat file safe. This was always a bit upsetting, knowing that you cannot have this nice feature of, if everything else failed on your backups for some reason, you could still use your memory by remembering the 12 words, but with Bitcoin Core you must keep the wallet.dat safe. So my question is, what are some ideas to keep it safe?
-snip-
If anyone knows any ideas in how to manage this please let me know.

If you really-really need to use a BIP39 mnemonic seed backup on a Bitcoin Core wallet, you can create a new wallet containing your BIP39 seed's master private key.
Your existing Bitcoin Core wallets however can't be backed-up by a mnemonic seed since "xprv -> seed -> mnemonic seed" isn't possible.
So your option is "mnemonic seed -> seed -> xprv -> descriptors -> importdescritors".

The steps are quite complicated and should be done in your Air-Gap machine (I wont go into finer details):

• 1. PRandomly create a BIP39 mnemonic (will be your written backup) and derive its Master Private Key.
  (you can use IanColeman's BIP39 tool for testing purposes only, its "BIP32 Root Key" is its master prvKey)
• 2. Create "pkh", "pwkh", "sh(pwkh)", "tr" descriptors and another set for each's internal (change) containing that master private key.
  If you're not familiar with descriptors, refer to a sample wallet's descriptors to see the correct format (create a sample descriptor wallet and use listdescriptors true)
  Since those are standard derivation paths, your mnemonic can also be restored to any wallet that supports BIP39.
• 3. Create your wallet with the option "Make Blank Wallet" set to "true" so it will not pre-generate descriptors.
• 4. Import those descriptors using importdescriptors command.
  Check the commands' syntax here: bitcoincore.org/en/doc/28.0.0/rpc/wallet/importdescriptors

There must be a reason this isn't implemented in the GUI right. I guess I could do that but looks like a nice way to screw things up in the process. If BIP39 to spawn the contents of your wallet.dat was possible in a safe way, then I guess someone is working on this or is not in the plans? Since it's obvious how useful this would be if it does not compromise the integrity of the wallet in any way.

[LoyceV]

If you want to use your BTC in another country and you refuse to have online backups, you will be carrying your wallet. People have reported getting forced to decrypt on some checkouts and they make full copies of your data.

That's a choice you'll have to make for yourself. I think cloud storage is riskier than customs checks, but if you think otherwise, that's your choice.

The person you are trusting may backstab you on a long enough timeline, if they suspect you have something of value there, specially as BTC becomes more mainstream.

With proper encryption they won't be able to ever access it. By the time you don't trust them anymore, just move your coins.

Protonmail was decent back when they didn't randomly ban accounts that use Tor.

Define "random". I don't have problems with Protonmail.

So you could upload your stuff there, and then wake up with a banned account at a random day, and now that copy is there stuck "forever"

Again: that's why you use encryption. If you don't trust your encryption, don't upload your private keys!

So one would need to find a Tor friendly way to store the data since you don't want to be doxed to your backup just in case.

I don't know any Tor friendly storage that I'd trust more than Protonmail.

These things happen more often than one would imagine so you need to be ready.

Hence the backup

The problem with safe-distance is as I described, I wouldn't trust someone to hold backups long term, so perhaps some sort of vault or something you could rent would be better since they actually make money by not screwing up people's stuff vs someone that will most likely lose your usb or whatever you use to store it.

Then get a safe deposit box, if that makes you feel more secure.

[nc50lc]

-snip-

There must be a reason this isn't implemented in the GUI right. I guess I could do that but looks like a nice way to screw things up in the process. If BIP39 to spawn the contents of your wallet.dat was possible in a safe way, then I guess someone is working on this or is not in the plans? Since it's obvious how useful this would be if it does not compromise the integrity of the wallet in any way.

Not in the plans and the reason is because most devs do not approve BIP39.
You can follow this issue if you want to know if something similar will be implemented in the future: github.com/bitcoin/bitcoin/issues/19151

For your concerns, the main issue is screwing up the Master Private Key generation that could make the mnemonic phrase backup incapable to restoring the wallet.
This can easily be avoided if you test the mnemonic phrase first in your preferred clients (offline) if it'll restore the same addresses before actually storing it in a safe / under your pillow.

If you have a backup of your wallet.dat file that was imported with descriptors with your xprv,
There shouldn't be any problem with recovery since the previously used keys are derived from the information in those descriptors.

[ABCbits]

--snip--

There must be a reason this isn't implemented in the GUI right. I guess I could do that but looks like a nice way to screw things up in the process. If BIP39 to spawn the contents of your wallet.dat was possible in a safe way, then I guess someone is working on this or is not in the plans? Since it's obvious how useful this would be if it does not compromise the integrity of the wallet in any way.

One of Bitcoin Core developer explain why Bitcoin Core never implement BIP 39 on https://bitcoin.stackexchange.com/a/88244. If you want to reduce risk of screw up, you could skip step 1 by using different wallet software (such as Sparrow Wallet) which can create wallet using BIP 39 words and show master private key.

[nc50lc]

If you want to reduce risk of screw up, you could skip step 1 by using different wallet software (such as Sparrow Wallet) which can create wallet using BIP 39 words and show master private key.

That a good alternative if the wallet is well-reviewed.

But the problem is: it's rare for wallets to show the master private key.
Most of them display an xprv key that is actually an "Extended Private Key" which is a child derived with its default/given derivation path down to the "account_index" like m/44'/0'/0' while Bitcoin Core's parent descriptor requires its "m".
Although he can create descriptors containing the extended private key in the correct position, that'll even complicate the processes and will make different script types' xprv different.

BTW, Sparrow will only let the user view its master private key if the keystore is created using a master private key or descriptor containing a master private key.
If the wallet's keystore was made from a BIP39 mnemonic seed, it'll only allow to view the seed.

[takuma sato]

--snip--

There must be a reason this isn't implemented in the GUI right. I guess I could do that but looks like a nice way to screw things up in the process. If BIP39 to spawn the contents of your wallet.dat was possible in a safe way, then I guess someone is working on this or is not in the plans? Since it's obvious how useful this would be if it does not compromise the integrity of the wallet in any way.

One of Bitcoin Core developer explain why Bitcoin Core never implement BIP 39 on https://bitcoin.stackexchange.com/a/88244. If you want to reduce risk of screw up, you could skip step 1 by using different wallet software (such as Sparrow Wallet) which can create wallet using BIP 39 words and show master private key.

From what im seeing this feature has not been pursued further, so I will assume that it's not worth the risks associated with ditching the wallet.dat file in hopes that the seed scheme method does not screw up things. I also remember reading about key derivation risks associated with that. I think there is just less risk to encrypt your wallet file with a very long 128+ char random password using a solid random generator and basically cracking it would mean that bitcoin has been cracked so you would be screwed anyway. And so if that ever gets anywhere near close to happening you should go online and delete any backups, then delete the entire account associated with where you hosted your backups and then move your coins to whatever new quantum resistant type of address they come up with. But most likely you would face database leaks of the cloud storage site you are using before that happens. I wouldn't feel comfortable knowing that someone has a copy even if encrypted of my data, that is something anyone that uses cloud storage is facing. At some point you have to accept some compromises I guess, there is no real free lunch to any method you use.

[ABCbits]

If you want to reduce risk of screw up, you could skip step 1 by using different wallet software (such as Sparrow Wallet) which can create wallet using BIP 39 words and show master private key.

That a good alternative if the wallet is well-reviewed.

But the problem is: it's rare for wallets to show the master private key.
Most of them display an xprv key that is actually an "Extended Private Key" which is a child derived with its default/given derivation path down to the "account_index" like m/44'/0'/0' while Bitcoin Core's parent descriptor requires its "m".
Although he can create descriptors containing the extended private key in the correct position, that'll even complicate the processes and will make different script types' xprv different.

BTW, Sparrow will only let the user view its master private key if the keystore is created using a master private key or descriptor containing a master private key.
If the wallet's keystore was made from a BIP39 mnemonic seed, it'll only allow to view the seed.

That's good point. It's easy to mistook extended private key as master private key, which isn't goal of my suggestion.

I also just tried Sparrow and i'm surprised it only allows you to see master private key if you import it in first place. Option to specify account and derivation also could add confusion, so i decided to remove Sparrow as example.

[LoyceV]

I think there is just less risk to encrypt your wallet file with a very long 128+ char random password using a solid random generator and basically cracking it would mean that bitcoin has been cracked so you would be screwed anyway.

The next question is of course: how are you going to make sure you don't lose that 128 character long password?

Code:

vI[y.oSc]v!{NGu(1AklxXA8iw'I~3c=x;-prm9B@Jjun(aKSJrZLULdo=Clk1vw$i[.Vo%tAq9wl1YdqJhC'#MvCsR~h_3USL(#ub;+md=VW1}u3k9[w.m_3FndB.EW

That's going to be annoying to type!

[takuma sato]

I think there is just less risk to encrypt your wallet file with a very long 128+ char random password using a solid random generator and basically cracking it would mean that bitcoin has been cracked so you would be screwed anyway.

The next question is of course: how are you going to make sure you don't lose that 128 character long password?

Code:

vI[y.oSc]v!{NGu(1AklxXA8iw'I~3c=x;-prm9B@Jjun(aKSJrZLULdo=Clk1vw$i[.Vo%tAq9wl1YdqJhC'#MvCsR~h_3USL(#ub;+md=VW1}u3k9[w.m_3FndB.EW

That's going to be annoying to type!

You can store them without any real references as to what it does. Just have a bunch of passwords with no context or other context. I like to think extreme situations where someone access your password manager file or something, and all they find is a bunch of passwords, so it's useless since you have a key, but you don't have the lock, and so the lock is your wallet file which should be hosted somewhere online for the "what if my house burns/tornado/flood/thief". Then of course you have the problem of storing your local copy. You really want a local copy just in case, this would be the problem, where to store it that it remains undetected. If you have full disk encryption, you may be forced to unencrypted by some party. In this case, what do you do? You handle the key or get locked up or beaten up depending on the subject. And then when it's unencrypted, you have to hide this file somewhere. It is really a mess dealing with this. If you start thinking about all possible scenarios, it's quite complex. Forensics tools have ways to scan for these files, so they will find it, and then you are screwed. A dumbass thief may not find it out, but someone that knows what they are doing they will find it if you are forced to decrypt a FDE disk.

[LoyceV]

You can store them without any real references as to what it does. Just have a bunch of passwords with no context or other context. I like to think extreme situations where someone access your password manager file or something, and all they find is a bunch of passwords, so it's useless since you have a key, but you don't have the lock, and so the lock is your wallet file which should be hosted somewhere online for the "what if my house burns/tornado/flood/thief". Then of course you have the problem of storing your local copy.

Let's say something destroys your local copy and password lists, and you now have only a bunch of random passwords and encrypted files on cloud storage. Do you still remember the access to your cloud storage? And if you have all your passwords and encryption on there, it's still a high risk. I prefer a more balance approach for more realistic scenarios.

[Forsyth Jones]

If you prefer to have a BIP39 seed phrase backup, but want to use Bitcoin Core, the only way to do this is to import the master private key of this BIP39 seed phrase with importdescriptors in Bitcoin Core, this way, I can forget/lose access to the encryption passphrase of my wallet.dat, but as long as I have the backup saved of the seedphrase + passphrase (if enabled), then everything is fine.

It's just about combining the useful with the pleasant. I don't see a problem with Bitcoin Core not accepting the BIP39 standard, since it's also an HD wallet, as long as you has the backup wallet and remember the encryption password, everything is fine.

You can learn how to handle descriptors here > How to import an xpriv to a descriptor wallet in bitcoin core?

And also follow the advice already left in this thread, I've never had any problems regarding where I should store the backup, whether in physical or digital format (like in the cloud), as long as it's well encrypted, I don't see any problem.

[NotATether]

Remembering 12 seed/recovery words isn't practical. But while Bitcoin Core never support BIP 39, you could do what you described by backup your master private key instead. Here's quick example for descriptor wallet.

1. Where are you going to store that backup since you can't write it down?

2. Does Bitcoin Core even have an RPC for importing descriptors into a brand new wallet?

3. I thought Bitcoin Core used a single HD seed (i.e. an xprv) to derive all the private keys? Or is that only for legacy wallets?

[Synchronice]

I have an Electrum wallet backed up by 12 words seed phrase (memorized in my brain) and I also have one Bitcoin Core wallet. I bought a few flash drives from local electronics store and paid a few bucks in each of them. You can buy them for 5-6 dollars from Newegg. So, I stored my wallet.dat file on flash drive and encrypted it with my Electrum wallet's 12 words seed phrase but I made a few modifications and removed/added a few words for extra protection (extra risk, I know).
P.S. I know that my approach is crazy for many people but I did it for fun and I can afford to lose them. I'm sharing this simply to show OP that he can save wallet.dat in flash drive and encrypt it with the strong password for security. I also saved them on cloud storages (file is protected with a very strong password as I mentioned above).

By the way, you can store flash drives in different physical locations but it is very individual. You can save one in your parent's house and one in your house (if you trust your parents).

[philipma1957]

For the people that use software such as Electrum where there is BIP39 support, you can "spawn" your entire wallet anywhere in the world by remembering the 12 seeds. However, I like the functionality and features of Bitcoin Core as a wallet, and I was never confident using any other software since it doesn't feel as solid, they feel more like a toy rather than something robust where you would trust money with, and so Bitcoin Core with features like coin control and so on plus it being the original full node software heavy peer reviewed feels like a better way to go. I just have 2 Bitcoin Core instances, one not synced for airgap storage of keys and one synced with watch-only address.

The big problem here is keeping your wallet.dat file safe. This was always a bit upsetting, knowing that you cannot have this nice feature of, if everything else failed on your backups for some reason, you could still use your memory by remembering the 12 words, but with Bitcoin Core you must keep the wallet.dat safe. So my question is, what are some ideas to keep it safe?

You are pretty much limited to physical backups. This is a big problem, specially if you travel, you must plan around having to cross borders. If you don't have anyone you could trust with keeping backups, or you don't have more than a single property, you are limited to a single spot. You would need to resort to paying an storage spot of sorts, like a bank vault, or something like that, which is questionable, but it's the only way to diversify physically, otherwise you will be stuck to your place.

You could encrypt the wallet in a encrypted container with dm-crypt, luks, veracrypt or some other open source software and in theory, if you trust bitcoin, then using sha256 with a strong password similar in length and complexity to the private keys then you would be trusting that this backup is safe and then you could place this somewhere online, like a cloud storage or email provider, and then you would have an alternative to the lack of BIP39, but this would mean you trust the servers there to not screw up. Perhaps someone knows a good cloud storage service or email provider you could register at without doxing yourself in the process.

Those are the options I see. You are tied to this file for the rest of your life basically, so you must consider all possible scenarios, and consider for instance if the risk of a flood, or someone stealing your backups is higher than the risk of storing online an encrypted file, which I think could be higher. We saw what happened in LA in the US for instance. A lot of people with luxury homes and safes lost their stuff. If you were wallet.dat user and had no online backups you could be screwed there.

If anyone knows any ideas in how to manage this please let me know.

I do mac mini's and run them with an external ssd


https://www.bestbuy.com/site/apple-mac-mini-desktop-latest-model-m4-chip-built-for-apple-intelligence-16gb-memory-256gb-ssd-silver/6566918.p?skuId=6566918

https://www.bestbuy.com/site/samsung-t7-4tb-external-usb-3-2-gen-2-portable-ssd-with-hardware-encryption-titan-gray/6576883.p?skuId=6576883


or dell https://www.ebay.com/itm/234989817127?

with the Samsung as an external

the Samsungs are small and you can use a long password on them with them encrypted

[takuma sato]

You can store them without any real references as to what it does. Just have a bunch of passwords with no context or other context. I like to think extreme situations where someone access your password manager file or something, and all they find is a bunch of passwords, so it's useless since you have a key, but you don't have the lock, and so the lock is your wallet file which should be hosted somewhere online for the "what if my house burns/tornado/flood/thief". Then of course you have the problem of storing your local copy.

Let's say something destroys your local copy and password lists, and you now have only a bunch of random passwords and encrypted files on cloud storage. Do you still remember the access to your cloud storage? And if you have all your passwords and encryption on there, it's still a high risk. I prefer a more balance approach for more realistic scenarios.

You would have multiple backups in your home, so the disaster scenario would need to happen (one that physically wipes all possible stuff that you have stored in your house, that is, a massive storm, fire, flooding, or a thief that really finds all copies and steals them). So this is the same problem with wallet.dat protection offline.

The solution to this would be: hire a storage vault and leave your stuff there. They have security cameras, and make their money by not screwing you up. Someone you know is not as reliable as this in my opinion, people forget about things when money is not on the line, they may just lose your backup by the time you request it years later. Of course a massive natural phenomena may destroy both your home and the storage vault at the same time if it's on the same town but at least you have diversified this chance a bit.

Use a password you can remember to login to your cloud storage stuff and diversify across different email providers and/or cloud storage services.

What is your "more balanced approach"?