Most people are not capable of keeping their wallets safe?

[cypherdoc]

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

r u not worried about that encrypted wallet on your computer while u surf?

[1714834647]

1714834647

[Alex Beckenham]

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

Well, if you're using truecrypt, you could follow the paranoid recommendations in their docs and never file-copy a container (Instead, you should make 3 different containers from scratch, then copy your files into each of them separately).

[RodeoX]

r u not worried about that encrypted wallet on your computer while u surf?

Yes. yes I am.     However I only fire up bitcoin when sending/receiving money. hope that mitigates my risk somewhat.

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

Well, if you're using truecrypt, you could follow the paranoid recommendations in their docs and never file-copy a container (Instead, you should make 3 different containers from scratch, then copy your files into each of them separately).

That's good advice.  I actually take some other steps that I will keep secret here. My most effective precaution is my Bit-poverty.
 

[newguy05]

If Alice owes Bob 100 btc and her wallet contains exactly 100 btc, she may just email him her wallet.dat.

Now it's stored unencrypted in both parties email accounts...

Plus Bob possibly now gets any future money intended for Alice as he has those old keys.

You cant fix stupid, that's like saying if alice owe bob $1000 and her bank account contains exactly $1000. She may just email her bank account login/password + debt card to him.  Then continue to deposit money into the bank account. Does that make any sense?

All average joe needs to do is install the bitcoin client on a usb dongle, plug it in when need to use and unplug immediately when done.   It's no safer/riskier than logging into your bank account from your pc.  It's expected the average user has antivirus running and keep their computer reasonably secure, if your computer is completely exposed with tons of virus/trojans, then anything on it gets compromised.

I think bitcoin is just fine the way it is.

[rebuilder]

I think it's a great idea to store an encrypted backup of your wallet in dropbox. HOWEVER, this only solves the I-lost-my-money-because-of-a-hard-drive-crash-or-fire problem, not the someone-hacked-my-computer-and-took-my-money problem.

If you store the wallet directly in an encrypted container and only mount that it when you need to send coins, that mitigates the risk. It still won't help against keyloggers, though. At the very least it's probably a good idea to schedule password changes for the container, and you'd probably want to do that change with a livecd. In fact, only mounting that container in an OS run off a CD should, provided that OS is clean, give a lot of peace of mind. There's hardware keyloggers of course, but I at least think it's unlikely someone would break into my home and install one without me noticing.

Bottom line, keep at least two wallets, one for spending and one as a vault, following more stringent security practices. You don't want to have to go home and boot up from a CD every time you want to spend some coins, so having small sums more readily available is a good idea.

[k]

would it be possible or useful to back up everyones wallet somehow in an encrypted form in the block chain such that it would always be an up to date backup and also accessible from anywhere running bitcoin. you would be forced to use a strong password/phrase somehow.

maybe a completely stupid idea. just seems appealing that you could go to any computer with bitcoin on it, enter you're passphrase and voila, you have access to your wallet.  actually just writing this now thinking that this would be pretty stupid as there could be all sorts of spyware/key loggers on an unknown computer.

[theboos]

We can expect Joe Sixpack and Grandma to learn about computer security if they own a computer. If I buy a house, it's perfectly reasonable to expect me to learn how to lock the doors and set an alarm. I agree that Bitcoin should be made more accessible so the security skills involved in computer usage transfer over, but a sufficiently stupid user will lose his bitcoins, and that seems perfectly fair.

The essentials of Bitcoin security are:

• Wallet.dat contains your money. If someone else has it, he will be able to use your bitcoins. If you lose it, your bitcoins are gone forever. If you keep it secure, NOBODY but you will be able to use your bitcoins.
• If you encrypt wallet.dat, keep the password secure. If someone else has your password and your encrypted wallet.dat, he will be able to use your bitcoins. If you lose your password, your bitcoins are gone forever. If you keep your password secure, NOBODY but you will be able to use your bitcoins.

All else follows. If you get a virus, your wallet.dat is vulnerable. If you don't back up your wallet.dat, you won't be able to get it back. If you tell someone your password or make an easily crackable password, someone will be able to spend your bitcoins. It's our job to make the essentials of Bitcoin security obvious, but nothing more. If someone doesn't understand the basics of computer security, they shouldn't be using one in the first place.

[theboos]

would it be possible or useful to back up everyones wallet somehow in an encrypted form in the block chain such that it would always be an up to date backup and also accessible from anywhere running bitcoin. you would be forced to use a strong password/phrase somehow.

maybe a completely stupid idea. just seems appealing that you could go to any computer with bitcoin on it, enter you're passphrase and voila, you have access to your wallet.  actually just writing this now thinking that this would be pretty stupid as there could be all sorts of spyware/key loggers on an unknown computer.

Better idea is to widely distribute your encrypted wallet.dat (P2P file storage comes to mind) and then download it if you move to a new computer. This protects fairly well from loss but you still need to remember your password (obviously).

[FlipPro]

I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves? Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?

[phatsphere]

I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves?

No, technically, there are no bitcoins in a file and there are also no bitcoins really floating around. The system is based on transactions. They have two ends: input and output and they form long chains which are public knowlege. (see blockexplorer website)
Your actual wallet contains the private keys to all the addresses, from where you would be able to send money to somebody else. I.e. the open ends of transactions where you can proof that you are the receiver and you are able to append another chain to somebody else (and also yourself, too).
Where does the chain start? Well, each new generated block ("mining") starts with a loose end.

Your backup basically contains those private keys and about 100 more which will be used for future transactions. So, even when you loose your wallet file and your backup is some transactions behind, you should not loose something.

Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?

Well, the client reads the wallet file and checks all transactions if it is able to append to the chains. Then it sums up all the amounts in the open ends. I don't know what you mean with computer ID ... that's irrelevant. The wallet file is client dependent (assuming there will be independent and completely different btc clients in the future ... so you have to make sure that the wallet file can be read by the client software, that's all)

Self management depends on you. The file itself is unencrypted ... which is a flaw in the system. Hence, you have to make sure that nobody could use it if your hard-drive is stolen ... hence disk encryption. When you upload it somewhere, make sure that you encrypt the file prior to sending it.

Final words, I'm also a newbie, so, maybe somebody will correct me on some details

[Maged]

Final words, I'm also a newbie, so, maybe somebody will correct me on some details

Really? That just about nailed it. Good job!

[TTBit]

If bitcoin could be put on an ironkey like device, would that help?

https://www.ironkey.com/

[lemonginger]

yes bitcoins will never see mainstream adoption as long as people can literally delete a file or forget a password and lose all their money, no matter what you geeks think. I agree that more services like mybitcoin will emerge, and I suspect the next iterations o cryptocurrencies (the ones that do catch on after BTC crashes and burns) will have much different ways of dealing with this.

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

[MacFall]

All average joe needs to do is install the bitcoin client on a usb dongle, plug it in when need to use and unplug immediately when done.

...Except as I just found out, that requires running bitcoin.exe with cmd with modifying instructions to relocate the data directory to the USB dongle, which is a real bitch. Average Joe doesn't even know what the F cmd is, much less how to use it.

I don't think it would be hard* to add something onto the client that will do that for the user automatically (on install have an option to run it from C:/ or elsewhere), and it would go MILES towards helping Average Joes and Janes use bitcoin securely more easily. Without ease of use, bitcoin will remain a niche commodity - and bitcoin needs greater market depth more than anything else.

*Note: I say this as a non-programmer. I have no idea how hard it would actually be. But I can't see why it would be hard.

[theboos]

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

[lemonginger]

We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

That's fine, if you want bitcoin to only be used by libertarian nerds.

[TraderTimm]

That's fine, if you want bitcoin to only be used by libertarian nerds.

That's what I like about you, no broad generalizations. Because, as we both know, only someone who has no argument to stand behind resorts to that kind of thing.

[Ian Maxwell]

The phrase "BITCOIN IS LIKE CASH" needs to be drummed into people from the day they download the client, if not sooner.

If you lose your cash, it's your problem.
If your cash is destroyed in a fire, it's your problem.
If you lock your cash in a safe and lose the key, it's your problem.
If you give someone your cash and he doesn't deliver, it's your problem.

But I agree that right now most people can't keep their wallets safe. Most people never back anything up, and eventually lose all their data as a result. Backup solutions are getting better and easier to use, but most people still aren't using them. Hell, I should know better, but I didn't get a wallet backup into place until I noticed that with the appreciation I suddenly had a lot of money invested in them, and I still don't have a real system.

There may actually be a business opening here for a secure wallet backup service that uses client-side encryption. (The client software would of course have to be open source, to prove it really was encrypting the data.) But then we'd still be trusting ordinary users to know the difference between a legitimate backup service and a scam. Personal responsibility is always dangerous in this way.

[phatsphere]

Final words, I'm also a newbie, so, maybe somebody will correct me on some details

Really? That just about nailed it. Good job!

Thx. I've a master in mathematics, that helps understanding the paper and the crypto background 

[phatsphere]

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

exactly what i think. my "dream" is some kind of banking or credit card, that has an intrinsic unique key and a passphrase -- just like EC cards today have. your actual wallet is stored at a central bank and thats where the real transaction happens.
the device where you put the card in just get's a token for verification and that also enables instant payouts. especially, the "bank", where your wallet actually is, pays for you and also manages your wallet to get the confirmations later.

even better: replace "card" with "smartphone"