My Bitcoins are not stolen ..

[BowieMan]

It's great, that you pay such a great deal of attention to your bitcoins in order to not get them stolen. But the general publich will never want to invest such an amount of work. This needs to be solved until bitcoin can hit mainstream in any way!

[Soros Shorts]

On the topic of defeating keyloggers, I have a text file containing bits of my passphrase mixed amongst random text. When I want to enter the passphrase, I open the text file and copy & paste using the mouse the relevant pieces into the password field.

I know how most key loggers work, and most do not capture the clipboard contents.

[barangunel]

too much security but you don't really need them all

[chaosPT]

How much bitcoin are you storing with that secure way ?

[LiteCoinGuy]

to be honest, its not so difficult to store the btc safe:

just make sure your pc is maleware free , encrypt the wallet and store it offline is enough.

but: no mainstream user will go trough 10 steps to secure the btc. as more and more people join in, more and more btc will be stolen. we need mainstream-solutions were people can store it online (with insurance) or on a device like trezzor.

[BCEmporium]

I'd been keeping my bitcoins since 2011, and isn't that difficult. Just that I use Linux, have no Win computer, and store some of them under different approaches, including "in the outer space" (brainwallets)

[AliceWonder]

I'd been keeping my bitcoins since 2011, and isn't that difficult. Just that I use Linux, have no Win computer, and store some of them under different approaches, including "in the outer space" (brainwallets)

I can not recommend brain wallets because too many people will choose pass phrases that eventually get cracked, and there is no way for next of kin to get the funds if you die.

Paper wallets can be imported by next of kin and can contain private keys generated using a high entropy random generator.

[ensurance982]

I've also never had any bitcoin stolen. I try to keep them all safe in my purse!

[Bitcoinpro]

Windows 8.1

did you disable all non core services especially networking assistance etc

no doubt you just installed the most major trojan horse delivery system in the world

and your calling this setup secure some how ? i would go with linux though

also recommend some self evaluation of the programming code,

as always your level of security is proportional to the size of the funds your storing

[FUR11]

I've also never had any bitcoin stolen. I try to keep them all safe in my purse!

That's actually not a bad idea! Keep a (distributed!!!) part of your private keys with you, so you can recover it by combining it with other distributed parts of the key you hide somewhere else. That way you don't lose your stash when someone should steal your purse!

[pedrog]

The only criticism I can make is the use of closed source proprietary software...

For cloud storage something like SpiderOak does the trick.

[BCEmporium]

I'd been keeping my bitcoins since 2011, and isn't that difficult. Just that I use Linux, have no Win computer, and store some of them under different approaches, including "in the outer space" (brainwallets)

I can not recommend brain wallets because too many people will choose pass phrases that eventually get cracked, and there is no way for next of kin to get the funds if you die.

Paper wallets can be imported by next of kin and can contain private keys generated using a high entropy random generator.

If you have your wallets protected with strong passwords, if you die your next kin can't get to them either.
Paper wallets can get stolen IRL.
Ideally NEVER keep all the eggs in the same basket: never keep all your coins in the same place/method.
As secondary measure scan the public keys (addresses) to your watch-only blockchain app, if you use this, for keep an eye at cold storage.

[tavitavi]

I see alot of posts in general forum as well as Indian forum about Bitcoins getting stolen .. I am gonna explain how I store my Bitcoins .. Please find any fault with this method, and make sure to comment

This is what I follow (Semi Cold Storage)

A dedicated laptop with finger print scanner.
Installed Original Windows 8.1 ( pirated may have keyloggers)
this laptop is only for syncing Bitcoin Core ... The wallet in this PC will be used to only receive funds.
No web browsing .. Strictly syncing Bitcoin Core
copy of wallet.dat double encrypted and stored offline. (Bank Locker , not in India , just in case of natural disaster)
Daily backup of wallet.dat  to secure online storage (never use dropbox / google drive)  PM for details on this ( do not want to share in public)
password for wallet.dat not stored online , not written on papers.. use brain wallet .. make sure its 20 characters with atleast 5 special characters
All accounts made should for online storage should be new , never used , onetime password .. activated with 2FA from Android Phone
Do not Root your android phone , do not install random apps , and NEVER install anything from outside the PLAYSTORE
No WIFI .. I even removed WIFI Drivers .. Only Ethernet connection.
Firewall Installed (home network)
Just for fun - Installed Hitman Pro and Norton 360
Laptop is connected to Internet maybe once a week  , remaining time switched off and battery removed . Use http://blockchain.info/ to check daily


Never share your real identity online .. hackers can just hack your facebook account and ask for bitcoin .. 2FA , ALWAYS

BK

Thanks, I'm just gonna email this to my grandma so she can get on this bitcoin train that is clearly flawless

[beaknuke]

perhaps u better off converting 95% of your BTC to fiat and be done with it all

[Cryptopher]

double encryption is ok.. unless the encryption becomes corrupt. or you get amnesia. Alzheimer's and forget passwords.

i would still have passwords wrote down. but done in a way that is not obvious.

some people have a random book in their house and they use the first letter of every line of a certain page to make up the password.

so for instance this post will make up the password 'dissoo'. but yea, choose a novel with atleast 20 lines per page, one of those small print novals.

or have the first letter of the first word of each page and have a 200 page novel to create a 200 character password

other methods for online passwords is to have a simple sha hashing script (check sourcecode), use the novel words idea then add the websites name to that password. and SHA it

EG
SHA("bitcointalkdissoo")

And use that sha'd phrase as the password you type into websites, that way each site is unique

If you get amnesia or are generally forgetful then if you forget the password then you're likely to forget the cipher in which you used to generate the password in the first place.

[jubalix]

why would you connect to the internet at all with hardware used for use if wallet.dat and private keys?

sign transactions, then use a usb to transfer, or copy over a single private key import and spend all back to a private key that has always been offline.

there is no need to snych the bitcoin cold storage computer to the internet ever. Put a screwdriver through your ethernet/wifi if you have it.

[chennan]

It's great, that you pay such a great deal of attention to your bitcoins in order to not get them stolen. But the general publich will never want to invest such an amount of work. This needs to be solved until bitcoin can hit mainstream in any way!

yes,many people don't like these fussy steps to secure their wallet. Easy solution needs to come out before it goes mainstream.

[Elwar]

Not sure why you would back up your wallet.dat online. That sort of defeats the purpose of everything else.

Also, your fingerprint scanner saves the fingerprint data on your computer actually making it less secure if you actually use it instead of passwords.

For me I have a separate computer that I never ever put online, it comes with physical hard drive encryption. The BIOS is password protected, the hard drive is password protected and the Linux I installed is encrypted and password protected. That is all before getting to the Linux login.

The only thing installed on there is the Bitcoin Core which I used to create Public and Private keys which are stored in an encrypted file on the computer.

I create a separate file with just the public keys which I then burn to a CD-R.

I move the CD-R to my online computer. I send my bitcoins to the addresses on that list breaking it up into small amounts as to not attract attention to a big address. I literally just burned all CDs with any public addresses in a fire yesterday.

I do not trust USB drives as I do not trust that there could not be extra software built into the hardware or part of the USB software (look up thumb drives and how Iran's Nuclear facilities were infiltrated).

I do keep some bitcoins online for day to day spending but if those were stolen it is not enough to be too upset about even though I use 2FA.

[DjPxH]

On the topic of defeating keyloggers, I have a text file containing bits of my passphrase mixed amongst random text. When I want to enter the passphrase, I open the text file and copy & paste using the mouse the relevant pieces into the password field.

I know how most key loggers work, and most do not capture the clipboard contents.

That sounds awfully dangerous. How can you be sure that the majority of keyloggers or even backdoor malware actually don't transmit your clipboard contents? This seems like one of the most dangerous or naive methods I've seen 

[Soros Shorts]

On the topic of defeating keyloggers, I have a text file containing bits of my passphrase mixed amongst random text. When I want to enter the passphrase, I open the text file and copy & paste using the mouse the relevant pieces into the password field.

I know how most key loggers work, and most do not capture the clipboard contents.

That sounds awfully dangerous. How can you be sure that the majority of keyloggers or even backdoor malware actually don't transmit your clipboard contents? This seems like one of the most dangerous or naive methods I've seen  

My hobby is reverse engineering keyloggers (hardware & software). Yeah, I shouldn't have recommended that technique because there are other classes of malware that read clipboards and input fields directly. Still, it would work against a hardware keylogger.