Scared I'll lose my BTC

[lpn209]

I have accepted a large sum of money from a client who persuaded me to use BTC as a form of payment, I agreed after doing a bit of research and thought it would be okay, now I have an online wallet on blockchain.info, without 2FA. I would really appreciate some help. I have a few questions which I would be very grateful if someone could answer

1) 2fa on blockchain.info, is it better to use email authentication rather than sms in case you change your cell number or lose your sim card and if so should I use a totally different email address than my normal personal one and create a very difficult password for that email address linked to my blockchain wallet

2) with 2fa enabled on blockchain.info, is there any other simple way of making sure my btc is not stolen. I have very limited technical knowledge so would not be able to perform some of the cold storage options mentioned here. Is there a solution for an average Joe like me who can take simple precautions to keep my BTC safe?

Again, I would be very grateful if someone could answer these questions as I am very paranoid at the moment about holding such a large volume of BTC and worried there going to be stolen possibly by the guy that's paid me, as I know he can tell what my balance is.

Thank you

[DolanDuck]

There are a number of wallets available to store your hard earned bitcoins.

If you have a decent amount of coins to store, you should look into software wallets - BitcoinQT, MultiBit, Armory or Electrum. They are among the best place to store your money safely (provided your computer is secure as well). Chose one you think best suits you, install it and encrypt your wallet file with your strong password. You should take your wallet file and back it up (location of the file is different for different clients, so you have to do some research as to where to find that file). Back it up on a CD, safe USB drive or the like. Keep them safe. If you lose that file, you will lose your money.
A quick word on deterministic wallets. Electrum and Armory allow you to create wallets from a seed. If you use the same seed later, you can recreate your wallet on other machines. With deterministic wallets, you only need to keep that seed secure to have access to your money.
In comparison, in BitcoinQT's traditional wallet, every address you use is random, meaning that after you send 50-100 outgoing transactions your backups can be obsolete. Always keep an up-to-date backup of such wallet file if possible.
Okay, sometimes you need to have your Bitcoins with you when you leave your computer. In this case, you should look into either online or mobile wallets. A staple for both of those is Blockchain.info, but there are others to chose from.
A good rule of thumb with these is to not store more money in them than you can afford to lose. They are best used as a convenient way of accessing some money, not storing your savings. Online wallets are especially vulnerable to their servers getting hacked and people’s money getting stolen.
What to keep in mind while using online wallets:
Use a secure password (the more money you have in them the stronger the password should be)
Always keep a backup of your wallet in case you need to recover your money
Whenever possible, enable two factor authentication
Don’t use your online wallets from unsafe computers

Cold storage
Sometimes you want to store your bitcoins for a long time in a safe place. This is called “cold storage”. There are a few ways one can do this.
First of all, paper wallets. They are nice for giving people small bitcoin gifts, but also for long-term storage if properly used. What you want to do is generate and print them offline. You can save the linked page for example and run that offline. If you are really paranoid, you can put it on read-only media and access that from a different computer. For really long term storage, use archival-grade paper.
Another approach to take is using a separate computer for storing your money that is offline 99+% of the time. You could set one up easily by buying an old laptop, reformatting it, installing Linux and a Bitcoin client. Generate an address on that machine and send money to it from your main wallet. Depending on how paranoid you are you can connect that computer to the Internet afterwards to synchronize data with the Bitcoin Network and then turn it off and put it away somewhere safe until it’s needed.

Source: reddit

[lpn209]

Thanks for the reply.

For example if I used multibit would I be able to transfer my whole btc balance from blockchain.info to there with the encrytion and would the btc be safe with multibit?

Could they vanish with it? Sorry if that question sounds stupid. And if I wanted to transfer the btc into a fiat currency, how feasible would it be once I have put the funds into the multibit wallet?

And 2fa, new email account?

Thanks

[zimmah]

put most of it in armory (offline wallet with online signing) and a small amount on blockchain with 2FA for easy transactions.

[lynn_402]

Thanks for the reply.

For example if I used multibit would I be able to transfer my whole btc balance from blockchain.info to there with the encrytion and would the btc be safe with multibit?

Could they vanish with it? Sorry if that question sounds stupid. And if I wanted to transfer the btc into a fiat currency, how feasible would it be once I have put the funds into the multibit wallet?

And 2fa, new email account?

Thanks

Nobody could vanish with it, since nobody other than you hold your wallet's private key. Just make sure to use encryption and have a computer that is free from malwares (use a good firewall, anti-virus, block java on your browser, and use common sense).

For when you want to transfer the BTC into fiat, you just make a the transaction from multibit to your exchange, it will be done as soon as the 6 confirmations have passed (about 1 hour)

[odolvlobo]

Blockchain.info is a fine wallet. It is about as secure as any other when you use 2FA. But, ...

Before you do anything else, back up your wallet and write down all of the recovery information. It is just as easy to lose your bitcoins as it is to have them stolen.

2FA through email seems inconvenient. Also, if your blockchain.info password is compromised, then your email might be compromised also. I prefer using my phone for 2FA. When you set up 2FA, make sure you write down all of that information in case your phone is lost or damaged.

After you have done that, then look into cold storage. It is not urgent, but it is the safest option.

[Silvercube146]

The other posts touch upon important distinctions between web wallets and online vs offline(cold storage) wallets.

The other thing to keep in mind though, is your personal choices. Since one of the strongest features of bitcoin is the avoidance of charge backs, you need to make sure you handle your newly acquired bitcoin seriously. This often makes users take a hard look at computing safety and computer security in general.

You need to learn about phishing,scams,malware,viruses,etc. This may seem like a lot but, at this point in time its important for users to educate themselves at even the most basic levels. You do not need to become a security researcher, just try to learn how to protect yourself. Also, these are the things that the average internet user should be doing to help protect themselves.

This post is not meant to scare you, just to touch on some of the all too common mistakes that happen with users new and old.

• Do not use the same password in more than 1 location
• Use long secure passwords. Generally make the password as long as your willing to deal with. Over 20 characters is probably a decent baseline(secure means many different things to people at this point, you can take the password generator approach or the xkcd approach and string together words,numbers,& symbols
• Use 2 Factor authentication on anything you possible can
• Do not use Email for 2 Factor Authentication (Its often regarded as a bad idea,since it is not as secure)
• Make sure you find a way to backup 2 factor authentication and make sure it works
• Be careful when opening links within emails(phishing emails are getting better. )
• Make sure the site you are going to is typed in correctly (bookmarks would help)
• Do not access any important sites over unencrypted connections such as free wifi at a coffee shops(you really shouldn't be doing any type of browsing on an unencrypted connection. Using a VPN in these situations is suggested)
• Pay attention to ssl certs (click on the lock that shows up when visiting a site with https to make sure the cert is valid and the site is spelled correctly
• Don't just open random donwloaded applications because YOLO (You may only live once but with this attitude so will your bitcoin )
• Within Blockchain require 2FA to do anything (this would help protect you by needing your code to send
• Within Blockchain enable notifications for everything to do with your account and routinely monitor your email (this is not fool proof of course but will give you more info)

A few other things to keep in mind. Your email account can be compromised without your knowledge. Having notifications setup can help mitigate that risk. With this in mind email as 2 factor authentication is often regarded as not a real level of security. Something like Authy or Google authenticator is a better idea as they work independent of an internet connection. Authy might be a better choice as you can back up your tokens much easier than with google authenticator (use what you like best).

Always use a long password when setting up a block chain wallet and it is in your best interest to not have the backups emailed to you. If you have the block chain wallet emailed to you someone can either intercept the backup as it was sent or compromise your account and have access to it. Now just having access to the file is not enough luckily as it is encrypted and hopefully secured by a very long password but we want to reduce risk not increase it.


A password manager like keepass http://keepass.info , lastpass https://lastpass.com , 1password https://agilebits.com/onepassword is also a great idea. With these you can easily create long unique passwords for each site and still easily manage them. Each of the listed password managers have their pros and cons.

For a comparison of antivirus check out av-test.org http://www.av-test.org/en/home/ & av-comparatives.org http://www.av-comparatives.org/. Comparing the real world test results is often a good place to start when deciding between different antivirus software. Do your best to avoid ones with consistent false positives too, as they can become bothersome.

If you already know all these things disregard this information.

With all that being said. Enjoy being able to send money freely from all around the word within seconds with barely any fees.  

Coincase Bewark of a phishing attack http://blog.coinbase.com/post/47145265173/beware-of-a-phishing-attack
xkcd password strengthhttp://xkcd.com/936/
xkcd password reuse http://xkcd.com/792/

[monbux]

Cold storage is more or less your only truly safe option, a desktop wallet is fine for relatively small amounts but shouldn't be trusted for large amounts. If you're paranoid about storage and don't want the hassle of scaling the mounts of geekdom there is a fully insured wallet/storage service with a (reportedly) reputable and long established company in London. Can't remember the name of them off the top of my head but will look it up now and edit this post.

Are you talking about "trezor"?  It's not a bitcoin wallet, but it's supposed to make all your bitcoin transactions 100% secure.  Also, I would recommend you store funds on [multiple] cold storage(s) and leave some on blockchain.info for day to day spending.

[Testing123]

Since you use the words "a large sum of money", I suggest you to really take some time to understand more about paper wallet or offline wallet.
Learn how to create the wallet safely, how to make backups and how to spend the bitcoin in it.
Do enough testings to make sure you truly understand how they works, before asking your client to send you bitcoin.

[Testing123]

Cold storage is more or less your only truly safe option, a desktop wallet is fine for relatively small amounts but shouldn't be trusted for large amounts. If you're paranoid about storage and don't want the hassle of scaling the mounts of geekdom there is a fully insured wallet/storage service with a (reportedly) reputable and long established company in London. Can't remember the name of them off the top of my head but will look it up now and edit this post.

Are you talking about "trezor"?  It's not a bitcoin wallet, but it's supposed to make all your bitcoin transactions 100% secure.

For those having no idea what Trezor is, you could check the thread https://bitcointalk.org/index.php?topic=122438.0 and the website http://www.bitcointrezor.com.

[lpn209]

Thanks to everyone who posted. I am very grateful for your assistance. I was unable to post on here yesterday as there was an ip issue with logging in or something like that, no I checked my computer was not compromised 

The general consensus seems to be to enable 2FA on blockchain, which I will go ahead and do and use cold storage. which I will now look into.

[tatu]

You have to wait 6 minutes after logging in and posting or youll get that ip issue.

[lynn_402]

Thanks to everyone who posted. I am very grateful for your assistance. I was unable to post on here yesterday as there was an ip issue with logging in or something like that, no I checked my computer was not compromised 

The general consensus seems to be to enable 2FA on blockchain, which I will go ahead and do and use cold storage. which I will now look into.

Congratulations on doing the effort to stay safe; you most likely won't be part of the sadly quite high percentage of people who lost their coins.

[lpn209]

Thanks to everyone who posted. I am very grateful for your assistance. I was unable to post on here yesterday as there was an ip issue with logging in or something like that, no I checked my computer was not compromised 

The general consensus seems to be to enable 2FA on blockchain, which I will go ahead and do and use cold storage. which I will now look into.

Congratulations on doing the effort to stay safe; you most likely won't be part of the sadly quite high percentage of people who lost their coins.

Thanks Lynn, I certainly hope so.

[lpn209]

Can anyone from the UK confirm whether blockchain.info supports UK mobile numbers for 2FA? As I have tried entering my mobile number on a few occasions now and each time there is an error. Thanks