Storing your seed phrase in a password manager? Yes or no?

[headingnorth]

The conventional wisdom is to never store your seed phrase online.

However, millions if not billions of people rely on password managers to store critical username and password information for
their bank accounts, email account, Amazon, ebay, Apple and Android accounts, crypto exchanges, school and work emails, etc.
PMs also store all your personal identifying information including name, address, phone number, etc.

The average person probably has at least a hundred different online passwords which would be virtually impossible to keep track of
without a password manager. I have never heard of a password manager being hacked into so they seem to be extremely secure.
I have been using PMs myself for over 20 years with no issues. So if they have such a stellar track record of security then why not
use a PM to store your seed phrase? Most PMs allow you to store personal notes so that is where your seed phrase would go.

Benefits of using a PM - eliminates the possibility of losing your physical backup or having it stolen.
Personally I am more worried about someone stealing my physical backup or me losing it then I am
of my PM getting hacked.

I'm not saying others should store their seed phrase in a PM but I do believe it is an option worth considering.
Ultimately it is up to every person to make their own choice. If you don't feel comfortable doing it then don't do it.
Keep your seed phrase offline. Another option is having both - a physical backup plus online backup secured in your PM.

I would also suggest using a passphrase (aka hidden wallet) so in the remote event someone hacks your PM
they won't be able to use your seed phrase without knowing your passphrase. But this is completely optional
and can be a double edge sword - if you ever forget your passphrase you are screwed so better make sure
it is simple enough to remember. Of course you never want to store your passphrase together with your seedphrase
because that would defeat the purpose.

[mocacinno]

Here's some interesting reading material: https://www.cloaked.com/post/the-top-3-worst-password-manager-breaches-and-security-issues-to-date

Password managers have been hacked in the past, and i'm pretty sure others will be hacked in the future.
Even if you use a local keypass, it can theoretically be bruteforced or you can fall victim to a keylogger.

The only safe setup i can imagine right now is a keypass database with a strong password on a removable encrypted medium (maybe a usb key with hardware encryption) that's stored in a secure location and that's only plugged in on offline machines, and it's probably a good idear to copy it on a second encrypted medium for safety. Opsec-wise, i think that setup might even be safer than storing your seed on a piece of paper, as long as the offline machine you plug the thumbdrive into never ever goes online (maybe even has it's network unplugged and it's wifi physically disabled)

It is true, however, that a lot of people store really important data in those password managers, there's no denying that... I'm 100% sure that a password manager is safer than re-using your password. Storing your seed completely offline also has it's attack vectors (like an evil maid, or burglars, or losing your seed), and it's correct that an extended seed with a strong custom password is a good idear.

[Hatchy]

It's better you stick to trusted, tested and safe way of storing your keys so you don't end up losing them. No matter how good you may feel a password manager or online storage is, the possibility of them getting hacked is still 99% of 100. You keys could easily get compromised if there's even a single glitch on their server, it can be lost.

Fact here is, whatever way you may choose to store your keys, it's your personal choice but still try to do it the right way to avoid them getting compromised or your funds stolen.

[joeperry]

I don't think it's ideal to put your seed phrase in manager or anywhere in your computer, it's still better if its offline but still, we have our own preferences. There are times that password managers have been hacked and so what I learned is never leave your phrase anywhere in a computer, though I think what other alternative you can do to store it is by using encryption software to create a partition before storing it in computer and one of the best software that you can use for free is VeraCrypt.

Or alternatively you can probably change some of the words in your phrase that only you can know so even if it's stolen you're the only one who can access it.

[Helena Yu]

Unfortunately there's nothing safe in this world.

I know those are advantages of using password managers, but no one can guarantee it will be safe in the future.

If you want to use password managers, I suggest you to split your seeds e.g. 4 words in A password manager, 4 words in B password manager and 4 words in C password manager.

Passphrase isn't something that hard to remember, just use one or two characters that you really remember, example your university, the first place you work, the street you live in. Avoid to use your full name, animal, mother, father names etc.

[headingnorth]

Here's some interesting reading material: https://www.cloaked.com/post/the-top-3-worst-password-manager-breaches-and-security-issues-to-date

Password managers have been hacked in the past, and i'm pretty sure others will be hacked in the future.
Even if you use a local keypass, it can theoretically be bruteforced or you can fall victim to a keylogger.

The only safe setup i can imagine right now is a keypass database with a strong password on a removable encrypted medium (maybe a usb key with hardware encryption) that's stored in a secure location and that's only plugged in on offline machines, and it's probably a good idear to copy it on a second encrypted medium for safety. Opsec-wise, i think that setup might even be safer than storing your seed on a piece of paper, as long as the offline machine you plug the thumbdrive into never ever goes online (maybe even has it's network unplugged and it's wifi physically disabled)

It is true, however, that a lot of people store really important data in those password managers, there's no denying that... I'm 100% sure that a password manager is safer than re-using your password. Storing your seed completely offline also has it's attack vectors (like an evil maid, or burglars, or losing your seed), and it's correct that an extended seed with a strong custom password is a good idear.

You are correct. Lastpass was hacked but according to the company the data breach involved
customer names and emails, no passwords were compromised. Which may or may not be true.

I was using Lastpass at the time of the hack but afterwards began researching alternatives and went with Bitwarden
which is an open-source PM. I'm surprised to see it on the hacked list but good to know the flaw was caught and corrected before
hackers could exploit it. That is the benefit of being open-source, anyone can look at the code and there are a large number of
eyes watching for vulnerabilities. So I recommend open-source PMs over closed-source but everyone should do their own research.

[Ruttoshi]

I don't like saving my password on PM because it can be compromised not to talk more of saving your seed phrase on a PM. It's good that you engrave your seed phrase on a stainless steel and keep them in different locations. However, one needs to be very careful with whatever method he chooses to use to keep his seed phrase save so that he does not make it vulnerable to a third-party.

Or alternatively you can probably change some of the words in your phrase that only you can know so even if it's stolen you're the only one who can access it.

It's not advisable to change any word of your seed phrases or abbreviate it because if there's any accident in future that make you lose your memory, you funds is gone. Better to add a passphrase to your seed phrase.

[goldkingcoiner]

I only use password managers for passwords to websites that I do not care about and probably will never visit again. In other words, I absolutely do not trust password managers.

If you store your seed phrase on a device then at least make sure it is not the same device you use to access the internet. Keep it offline and airgapped, meaning it does not have access to the internet or any other kind of network connections.

[aoluain]

Absolutely not! its still online or a digital version or on a 3rd party service. The problem with
using services like this is that it is too convenient, you have to opt for something more
"Private" and "Secure"

The only safe way/safest way to store a seed phrase is to take ownership of it yourself and
store it in a suitable place.

The go to method is on a Stainless Steel seed plate which should be anti corrosive if wet and
also fire resistant.

Willi9974 sells these over on the Goods board > Stainless steel Bitcoin Recovery Seed Plate

[headingnorth]

I don't like saving my password on PM because it can be compromised not to talk more of saving your seed phrase on a PM. It's good that you engrave your seed phrase on a stainless steel and keep them in different locations. However, one needs to be very careful with whatever method he chooses to use to keep his seed phrase save so that he does not make it vulnerable to a third-party.

Or alternatively you can probably change some of the words in your phrase that only you can know so even if it's stolen you're the only one who can access it.

It's not advisable to change any word of your seed phrases or abbreviate it because if there's any accident in future that make you lose your memory, you funds is gone. Better to add a passphrase to your seed phrase.

For another layer of security, you can put your seed phrase in a password-protected
PDF file (Microsoft Word gives you this option). Then upload it to your PM.
As an extra precaution, instead of typing your seed phrase write it down on a piece of paper,
scan then import into MS Word document, then save as encrypted PDF file (password-protected).
This helps avoid the threat of keyloggers that can record your keystrokes.

My caveat would be all this stuff is for more advanced users. You don't have to be super tech savvy
to use them but should be at least moderately computer savvy and feel very comfortable doing this kind of stuff.

Those who don't feel comfortable dealing with too much complexity, it's best to keep it simple and stay with offline-only storage.

[NotATether]

NO

If you are careless enough to do this, please please please encrypt it with GPG or something first before you upload it to the password manager.

Don't trust the password manager's security. Lastpass is a good case study on how you can lose all your coins by blindly trusting providers.

[Charles-Tim]

However, millions if not billions of people rely on password managers to store critical username and password information for
their bank accounts, email account, Amazon, ebay, Apple and Android accounts, crypto exchanges, school and work emails, etc.
PMs also store all your personal identifying information including name, address, phone number, etc.

Many of them that make use of LastPass like this lost huge amount of money despite a warning that something bad is happening to LastPass for more than a year. Password managers should not be used for storing seed phrase. I prefer to have my seed phrase offline written instead, and which is written on a paper. But better if you get a steel or titanium backup for it which is resistance to heat.

[Yaunfitda]

The average person probably has at least a hundred different online passwords which would be virtually impossible to keep track of
without a password manager. I have never heard of a password manager being hacked into so they seem to be extremely secure.
I have been using PMs myself for over 20 years with no issues. So if they have such a stellar track record of security then why not
use a PM to store your seed phrase? Most PMs allow you to store personal notes so that is where your seed phrase would go.

Wrong, there have been a lot of Password Manager that has been hacked in the recent years.

• NortonLifeLock Data Breach
• LastPass Notice of Security Incident
• Bitwarden Autofill Feature Can Expose Passwords to Malicious Attackers
• Okta October 2023 Security Incident Investigation Closure

Those are just some of the breaches from either the Password Manager themselves or 3rd party involving their project like 1Password-Okta incident. So the obvious answer is not to store your seed phrase in a Password Manager or anything that is online.

[lovesmayfamilis]

I doubt the average user has more than a hundred important passwords, firstly. Then there were a lot of statements about password managers being hacked. Not all of them, but it's a matter of time, isn't it? After all, if you're so loyal to your managers, then you're somehow breaking the rule, not your keys, not your coins. You're trusting third parties to store your seed phrase. But how much can you trust them? Won't they decide one day, having lost their minds (as an example, a joke), to stop such protection in their software? How do you like that ? I know it sounds ridiculous, but these are third parties, and you can't control them. Isn't it safer to store everything yourself? As the expression goes, if you want something done right, do it yourself.

My caveat would be all this stuff is for more advanced users.

Advanced users try not to use either Windows or PDF.

[michellee]

Your private information will be your responsibility so you should think where you can store it. But it is better not to store them by online especially if that is your seed phrase and all things related to your wallet or credentials. You can use offline ways to store all of those important things and not just let password manager or online storage to do that.

They can use an online ways but you don't have to follow them as you have a safe way to store your data. Besides that, with so many ways available, you can choose one or more ways to store your data privately.

That is why you need to find what method you can use to store your private data from the hacker and protect it. You make a choice so you need to select carefully.

[BlackBoss_]

The conventional wisdom is to never store your seed phrase online.

It's true.

However, millions if not billions of people rely on password managers to store critical username and password information for
their bank accounts, email account, Amazon, ebay, Apple and Android accounts, crypto exchanges, school and work emails, etc.

Sounds true too.

PMs also store all your personal identifying information including name, address, phone number, etc.

Are there people who have need of storing their own names, home addresses and phone number in a password manager?

Honestly, I don't have this indeed and I strongly believe that most people don't have to do this too.
Storing your seed phrase, private key in a password manager is risky and it is not recommended. Not all password managers are open source and good enough to use.

How to back up a seed phrase.

[CryptoBuds]

To be fair, no method or way can absolutely guarantee the safety of our seed phrase. Each method has its own advantages and disadvantages and we just need to choose the solution that suits us, there is no need to follow others if we feel unsafe or inconvenient...

I've also been using PM (1Pass and BW) for over 10 years and haven't had any issues, but honestly, I'm not confident using it to store seed phrases either. Because to me, the password and the seed phrase are not the same. You can get my account password but not sure you can access it because it has other security layers like 2FA, passkey...But with seed phrases, things are much easier so I don't think storing seed phrases on PM is a good idea.

[ABCbits]

I assume you're talking about online-based password manager, so i'll also answer no. Many of them aren't transparent enough (such as lack of open source frontend/backend) and some of them have history of getting hacked. As for people who choose to use local/offline password manager, i expect they're willing to take their time to store their seed phrase in more secure manner.

I have been using PMs myself for over 20 years with no issues. So if they have such a stellar track record of security then why not
use a PM to store your seed phrase? Most PMs allow you to store personal notes so that is where your seed phrase would go.

If you don't mind, what password manager do you use? Is it online-based or not?

[headingnorth]

The average person probably has at least a hundred different online passwords which would be virtually impossible to keep track of
without a password manager. I have never heard of a password manager being hacked into so they seem to be extremely secure.
I have been using PMs myself for over 20 years with no issues. So if they have such a stellar track record of security then why not
use a PM to store your seed phrase? Most PMs allow you to store personal notes so that is where your seed phrase would go.

Wrong, there have been a lot of Password Manager that has been hacked in the recent years.

• NortonLifeLock Data Breach
• LastPass Notice of Security Incident
• Bitwarden Autofill Feature Can Expose Passwords to Malicious Attackers
• Okta October 2023 Security Incident Investigation Closure

Those are just some of the breaches from either the Password Manager themselves or 3rd party involving their project like 1Password-Okta incident. So the obvious answer is not to store your seed phrase in a Password Manager or anything that is online.

I stand corrected. But with Bitwarden the hack was not an actual hack, because the flaw was detected
by the open-source community before it could be exploited. So I don't count it as a hack.

The Lastpass and OKTA breaches involved customer names and emails according to the links you provided.
So the result being customers may have been exposed to phishing and social engineering attacks, but no passwords
or anything stored in their vaults were likely compromised by hacking.

Most password managers offer 2 factor authentication so I highly suggest enabling that option for anyone using one.
Again, for those who don't feel comfortable using PMs it is simply an option. For many others sticking with offline-only storage is totally fine.

[Aanuoluwatofunmi]

The conventional wisdom is to never store your seed phrase online.

That being said, what are now the available ways we can securely save our keys without leaving them vulnerable to a third party?

here are some tips already discussed on the available storage means to safely secure our private keys and seed phrase.

seeds backup tools
https://bitcointalk.org/index.php?topic=5263482.0

storing seed phrase with washers
https://bitcointalk.org/index.php?topic=5389446.0

additional security to your seed phrase
https://bitcointalk.org/index.php?topic=5230920.0

At least, be able to discover on using any of these for your safety.