Quote:
Originally Posted by PaulyJames200x
Guys i have security questions.
1. Do almost all of you have btc in either a hardware wallet like nano ledger or trezor? Do more or less people keep btc in electrum as oppose to nano ledger?
2. Where do you guys keep your electrum 12 word seed or your 24 word seed for nano ledger/trezor. Because people say never store it online. However if you write it down on piece of paper, if theres a fire or theft, well that would be gone etc. I assume almost all of you write it down in say 2 or 3 different places? But do you put it all in your apartment/house or you might put one piece in say a safety deposit box? Because even if you put the paper in a safe in your house, well that can be opened still.
My thoughts were why not type in your seed in keepass? Because in order for someone to access it, they need to know your master password. But if something happens to your laptop like theft or damage etc and say your external hard drive, well then you have no backup then. But if you store it on say dropbox/google drive, well that way you have an online backup. Has anyone done this or recommend it? I read people say never store your seed online anywhere. But if you are emailing your seed in an open document well obviously that is a horrible idea. But if you do it in keepass and upload it in keepass, isn't that pretty safe? Because if your email somehow gets hacked, well your keepass still needs to get hacked. The other thing i thought was maybe store your seed in 2 different keepass files and put it in 2 different dropbox/google accounts? That way someone would need to hack both emails and both keepass when you have a separate password for each? Of course the issue here is you need to remember all these passwords as oppose to just remembering your dropbox/google password and your keepass.
However, i read that if you do this and say you download a keylogger, then basically the hacker could basically read every keystroke you type down and then access your keepass easily. So unless you are very careful with what you click on everytime, then i guess keeping it in keepass is not good idea due to this? Now what if someone installs malware on it. Could they get your keepass file access that way or it has to be a keylogger? Because im not sure what is really the safest way to keep your 12 word or 24 word seed because there are disadvantages for each one.
3. I read lot of cases where people clicked on phishing likes on google like when you type in binance... first link shows up is a google ad with binance which is a phishing site. Heard people talk about typing their account information in and then their account get hacked. I heard the same with fake electrum wallet whether its electrum or bitcoin cash or bitcoin gold wallet. In every case i believe, the person enteres their seed and then wallet gets hacked. I believe this is the same with the myetherwallet fake site? The thing is when i googled myetherwallet, i never saw a phishing ad for it on google. But i read countless people talk about it. And the other thing is what if you click on a phishing link whether its binance, electrum or myetherwallet... but you do not put in your seed or login information. Are you generally safe as long as you don't type anything into it? Or has there been cases of peoples electrum or binance getting hacked just for visiting the site.
Most importantly, why has google not taken down these adds? You type in binance and first link is a google ad that has the same address.
4. To those of you who use your laptop whether its for cryptocurrency or anything else, do almost every one of you have a password on it to prevent other people from turning it on? Say a thief gets your laptop. If no password, they could access it very easily. But could they hack into your keepass or similar files or not? But if they were to install a keylogger, well that would be useless since they need to return the laptop to you in order for this to happen right? So what do you guys suggest for laptop encryption? Is the windows 10 password basically useless? I read that someone could just take hard drive out and view everything on it. I also heard about bitlocker and veracrypt. Does anyone here use it and have feedback? Basically i want to make sure if someone has access to my laptop, they cannot view it without a password and all they get is the laptop and hard drive and cannot view any information.
5. Is your computer/IP connection at risk if you were to visit say streaming sites whether its watching movies/tv/porn etc if you do all of this on a completely different computer where you do not have any important information such as wallets, keepass and documents in it? Like you use a separate laptop solely to stream tv and those sites and even download videos where its possible that there could be virus/malware on it? Because someone mentioned certain viruses/malware could potentionally infect your internet connection? Or is this not true? Because obviously people would use a separate computer for their streaming and downloading habits. But most people don't have 2 internet connections. But i believe streaming and downloading torrents/tv/porn would still be safe but it would require you to make that 2nd computer use linux as oppose to windows? I know this last question is more a tech question but im sure many of you guys who use cryptocurrency stream tv/sports etc so i want to know how you can keep yourself safe.
thanks.
Best method in terms of not losing your passphrase and also keeping it safe is:
Have 3 copies of trezor. All with same passphrase in it. Keep them in separate safe locations. If anyone of them is stolen, you only need to access the other ones and send the funds away before they hack the pin on the stolen one.
If you make more trezor physical copies. You have no need for the passphrase. Just throw it away. What's the point of having the passphrase if you have say 10 trezors?
10 trezors is expensive, so an optimal solution is 3 trezors and keeping your passprhase in keepass stored on Dropbox.
You now have new attack vectors to worry about
:
1. Keepass file is relatively easy to have access to if it's on Dropbox since most people sync their Dropbox or browser remember Dropbox password.
2. Once they have access to the keepass file, they have essentially months or more time to bruteforce your password. You must have a long and very secure password. This is a huge leak for most keepass files.
3. Keyloggers like you mention.
Best practice:
1. Create a VM with no internet access on a brand new clean laptop.
2. Create your keepass w a long random secure password.
3. Put the keepass in your Dropbox so you don't lose the file
4. You will not need to access your passphrase often if at all since you have 3 trezors. So use this keepass only for the passphrase. Don't use it to store your aol or facebook logins. This will mitigate keyloggers risk.
Good luck.
Sent from my SM-G950U using Tapatalk
