Options for Securing your Bitcoin wallet

[kolloh]

Paper wallets seem to work well for me for now. Interested in possibly getting a hardware wallet down the line but will have to see.

The idea of using the TI89 was interesting, hadn't seen that one. The comments on reddit mentioned some possible security concerns with it, but it also seems like it'd be an annoying process lol.

[Light]

I won't go into the exact details, but I have a couple of BIP38 encrypted paper wallets - so if they're lost or stolen it isn't a big deal (as long as you're password is of sufficient complexity). Because I don't actively have any need to move large amounts of coins I don't run a cold storage system with offline signing, but my advice would be an offline version of Armory making use of a Linux distro (confirm SHA and MD5 sums) which you can use to sign transactions. As usual keep everything encrypted in the case of physical theft.

[inBitweTrust]

I won't go into the exact details, but I have a couple of BIP38 encrypted paper wallets - so if they're lost or stolen it isn't a big deal (as long as you're password is of sufficient complexity). Because I don't actively have any need to move large amounts of coins I don't run a cold storage system with offline signing, but my advice would be an offline version of Armory making use of a Linux distro (confirm SHA and MD5 sums) which you can use to sign transactions. As usual keep everything encrypted in the case of physical theft.

Good advice but has the downfall of human error with some people with bad memories who forget the passphrase to unencrypt their private keys.

The other way is to use either Shamir’s 2-of-3 Secret Sharing Scheme or mutisig to secure your backup of cold storage where all you have to do is remember the physical location of the keys.

Entropy uses Shamir’s 2-of-3 Secret Sharing Scheme
http://asicminer-shop.de/Mycelium-Entropy

[Sarthak]

One Question:

What do you recommend?

[inBitweTrust]

One Question:

What do you recommend?

There isn't one recommendation as people should use multiple wallets and be willing to weigh risk/convenience.

What I do now -
Spending - Use Mycelium HD wallet(with pin) on my android with 200 usd of bitcoin max. HD seed backed up physically in safe.
Spending - Use Bitcoin QT wallet on my primary computer with 200 usd of bitcoin max with a completely unique and high entropy password. There are many security practices that need to be done with primary computer.
Savings - Entropy with Shamir’s 2-of-3 Secret Sharing Scheme for my cold storage savings where 1 key is encrypted in my password manager, the second key is laminated in my safe, and the third key is laminated and secured in an offsite location.


What is slightly less secure but acceptable for many-
Spending - Use Mycelium HD wallet(with pin) on my android with 200 usd of bitcoin max. HD seed backed up physically in safe.
Spending - Use Bitcoin QT wallet on my primary computer with 200 usd of bitcoin max with a completely unique and high entropy password. There are many security practices that need to be done with primary computer.
Savings - offline computer with clean fresh linux install that never touches any external HD / memory/ network that the primary computers touch and with no extra software installed and just used to store your bitcoins. It is better to physically disable your network wifi card but acceptable to simply not connect to the network unless needing to download the blockchain.

Or using a hardware wallet, or using multiple paper wallets/coins with different ballances on them and properly secured(if they are created securely.

In other words you need to read the information in the first post and use cold storage for security of your savings.

[Sarthak]

Hey I'm using windows 8.1 RT and I cant download anything from outside except the store and the Store Doesn't have any Bitcoin related Applications! Now how do I setup a cold wallet?

[inBitweTrust]

Hey I'm using windows 8.1 RT and I cant download anything from outside except the store and the Store Doesn't have any Bitcoin related Applications! Now how do I setup a cold wallet?

All the information is listed in the first post. I would suggest you get a laptop that doesn't run windows RT either(No one should subject themselves to RT). In the meantime you will need to use a different computer or get a mycelium entropy. If you are really paranoid you may have to temporarily store your bitcoins in a multisig hot wallet service(4 examples referenced) until you can get the right resources to secure the bitcoins yourself.

[Troonetpt]

I have to say none of this scheme are simple enough, at the same time, secure enough.
We need something more simple and easy to use.

[ArticMine]

Hey I'm using windows 8.1 RT and I cant download anything from outside except the store and the Store Doesn't have any Bitcoin related Applications! Now how do I setup a cold wallet?

You can't. Windows 8.1 RT can best be described as a Portable Orwellian Telescreen. Only those applications authorized by Big Brother (Microsoft and the MPAA) are permitted and Bitcoin is not one of them. I would recommend a computer running GNU/Linux for anything related to Bitcoin.

[fox19891989]

I used poloniex exchange and enable GA(very important), it's safe and reliable, I have used there over 1 year.(maybe longer I am not sure)

Although poloniex was hacked long time ago, they didn't run away with customers' funds, it's the best altcoin exchange.

This is poor advice and likely a mistaken post. Exchanges are merely tools to temporarily use to exchange between coins or currencies and never a secure option to safeguard your savings.

Even well regulated insured exchanges are insecure against multiple forms of theft such as "legal" theft under litigation and asset forfeiture, fraud and terrorism suspicions freezing your funds, and tax theft to name a few.  

Really? I used it for over 2 years, and never been hacked, I have stored there over 100btc, Google authenticator is secure enough, to make wallet secure, GA is neccessary. 

I know some cases who lost a few bitcoin(0.X btc) in local wallet, it's not secure at all. Trojans may destroy local wallets and steal bitcoin.

[inBitweTrust]

I used poloniex exchange and enable GA(very important), it's safe and reliable, I have used there over 1 year.(maybe longer I am not sure)

Although poloniex was hacked long time ago, they didn't run away with customers' funds, it's the best altcoin exchange.

This is poor advice and likely a mistaken post. Exchanges are merely tools to temporarily use to exchange between coins or currencies and never a secure option to safeguard your savings.

Even well regulated insured exchanges are insecure against multiple forms of theft such as "legal" theft under litigation and asset forfeiture, fraud and terrorism suspicions freezing your funds, and tax theft to name a few.  

Really? I used it for over 2 years, and never been hacked, I have stored there over 100btc, Google authenticator is secure enough, to make wallet secure, GA is neccessary.  

I know some cases who lost a few bitcoin(0.X btc) in local wallet, it's not secure at all. Trojans may destroy local wallets and steal bitcoin.

And we are also all very well aware of the thousands of users who lost everything with hot wallets and exchanges that get "hacked".
Your advice is very odd considering what has happened over the last 3 years where more was stolen with exchanges and hot wallets than any other way. poloniex has multiple red flags as well and thus even more suspected than exchanges like coinbase.

Do you work for, work with , or have some special financial relationship with poloniex ?

[louise123]

This is one long but very useful post.
I have a lot of reading and safety measures to take.

So far I have my wallet stored on off-line (never used) equipment and on usb.

Is that not safe enough?

[cinder]

This is one long but very useful post.
I have a lot of reading and safety measures to take.

So far I have my wallet stored on off-line (never used) equipment and on usb.

Is that not safe enough?

Odd of both usb broken and equipment failed at the same time is small but non-zero.

[louise123]

This is one long but very useful post.
I have a lot of reading and safety measures to take.

So far I have my wallet stored on off-line (never used) equipment and on usb.

Is that not safe enough?

Odd of both usb broken and equipment failed at the same time is small but non-zero.

So what do you suggest?
Paper wallets?
Multisig paper wallets maybe? (for extra security)

What would be a fail-proof solution in your guys opinion?

[inBitweTrust]

So what do you suggest?
Paper wallets?
Multisig paper wallets maybe? (for extra security)

What would be a fail-proof solution in your guys opinion?

You are somewhat secure.

As long as all the devices are secure and you backup your HD seed or another wallet backup in another usb stick and store that in a secure location offsite and encrypted with a high entropy unique password than the only risk you may have is the original machine being compromised (unlikely as long as you took a few precautions) or you forget your passphrase.

This is where using either mutisig or Shamir’s 2-of-3 Secret Sharing Scheme comes into play because it protects you from both physical theft, hardware failures, or you developing amnesia and forgetting the passphrase.

It is also a good idea to split up your balances so not all of it is saved in one device in case it gets exploited and all your private keys stolen in one transaction. With paperwallets this is easier done.

[ajareselde]

This is one long but very useful post.
I have a lot of reading and safety measures to take.

So far I have my wallet stored on off-line (never used) equipment and on usb.

Is that not safe enough?

Odd of both usb broken and equipment failed at the same time is small but non-zero.

So what do you suggest?
Paper wallets?
Multisig paper wallets maybe? (for extra security)

What would be a fail-proof solution in your guys opinion?

There is no such thing as a fail proof solution. If you're not dealing with some great amounts of bitcoins, i would just recommend paper wallets.
There's no point in having bank-alike security/safety for amounts of a couple of thousands USD at best. You're overthinking it.

cheers

[freakying99]

I like brain wallet the best just make sure you never fall into a coma or start to forget things. maybe writing it down on a paper and placing that under a magnet on the fridge is a good idea too,.

[louise123]

So what do you suggest?
Paper wallets?
Multisig paper wallets maybe? (for extra security)

What would be a fail-proof solution in your guys opinion?

You are somewhat secure.

As long as all the devices are secure and you backup your HD seed or another wallet backup in another usb stick and store that in a secure location offsite and encrypted with a high entropy unique password than the only risk you may have is the original machine being compromised (unlikely as long as you took a few precautions) or you forget your passphrase.

This is where using either mutisig or Shamir’s 2-of-3 Secret Sharing Scheme comes into play because it protects you from both physical theft, hardware failures, or you developing amnesia and forgetting the passphrase.

It is also a good idea to split up your balances so not all of it is saved in one device in case it gets exploited and all your private keys stolen in one transaction. With paperwallets this is easier done.

Got it. Thanks.

One more question: Isn't multisig the same as Shamir’s 2-of-3 Secret Sharing Scheme? (this is the first time I have heard of this by the way)

[inBitweTrust]

One more question: Isn't multisig the same as Shamir’s 2-of-3 Secret Sharing Scheme? (this is the first time I have heard of this by the way)

No they are completely different.

Bitcoin supports two multi-signature schemes:
M-of-N Standard Transactions
https://github.com/bitcoin/bips/blob/master/bip-0011.mediawiki

Pay to Script Hash
https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki
---------------------------------------------------------

SSSS - Shamir's Secret Sharing Scheme found here:

https://github.com/cetuscetus/btctool/blob/bip/bip-xxxx.mediawiki

[NapoleonBonaparte]

Paper wallet still the safest if you know how to keep it safe.