Helfen Sie mir zu verstehen, ob ich meine Kryptowährung gut absichere. 12 Wörter auf Papier und dann 12 auf Bitwarden.
- Dieses Thema hat 21 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 4 Monaten von
aktualisiert.
-
Beiträge
-
-
Hallo Krypto-Familie. Ich schätze es immer, von euch zu lernen
Helft mir zu verstehen, ob ich meine Krypto gut absichere.
* 12 Wörter auf Papier und dann 12 auf einem Passwort-Manager.
* Passwort-Manager ist Bitwardan mit 2FA
* Ich lebe in einer Wohnung, was soll ich tun, wenn ich in den Urlaub fahre?
* Ich habe eine Alarmanlage für meine Wohnung.
* Wenn ich ein Haus kaufe, würde ich mir einen Safe zulegen.
* Ich habe 2 Hauptbücher. Ein Nano S und ein Nano X.
* Gibt es hier etwas Nützliches? Alle meine Kryptowährungen sind auf dem Nano X, weil er so viel einfacher zu bedienen ist.Gibt es etwas, auf das ich achten sollte?
Vielen Dank im Voraus!
-
Seed phrase…
​
* – Do not take a picture of it.
* – Do not share it
* – Do not upload any kind of image of the seed phrase to the internet, this includes cloud storage.
* – Do not make a digital copy of it anywhere.
* – Do not make a ‚text‘ and save it on your computer.
* – Do not share these words with anyone, in anyway, shape or form.
* – No website or hot wallet or „Customer Service Desk Help Team Group Relations“ DM in the world requires your seed phrase. The only place it ever should be used is on your Ledger device to reset or to recover your accounts.
* – Make sure your will is up to date on how to access your funds. Leave instructions and a ink to the [https://www.ledger.com/academy](https://www.ledger.com/academy) . It has a lot of good info. Use it please.
* – Find alternate ways to store your seed phrase instead of just on paper, like using a fire proof metal plate with the words on the plate. Google please, there a lot of good ones out there.
* – Do not use a local engraver to engrave your seed phrase, should you decide to make your own. You can make your own and there is one out there where you use SS thick washers and stamp the words on the washers and then string them together on a bolt with a nut.
* **They are your words, and those words make you.. your own banker. Think about that.**
* – Ledger will never ask you to enter your seed phrase anywhere in any conversation you may have with them. It is not needed in ANY situation that requires customer service. (tons of scams in here and other places.)
* – If anyone DM’s you after you make a post about crypto, its a scam 99.99999% of the time.
* – Same deal, but they start off with Hello mate or Hey mate, invest in this! Say no.
* – If they can not help you here in an open discussion, it is not in your best interest. If someone wants to help they can post here in the open thread. This is the way.
* – Help others who need help, but be aware of scams.
* – Check your addresses 2-4x before sending. Do a small amount 1st to be sure.
* – Don’t manually type in the addresses. Copy and paste. It takes one mistake.
* – Whitelist your addresses if you can to help with correct destinations for your coins. Most exchanges offer this. It’s a good idea to do this.
* – Be aware that there is a copy/paste malware. This malware is called a paperclip exploit and can be very hard to notice once you are infected. It basically changes your copy paste and can target specific types, like bitcoin addresses
* – Best thing I can say is use all the common sense you have. Never hurry.Feel free to add anything to this.
-
-
You have two ways you can lose all your crypto. If the paper with the 12 words burns in a fire you lost everything (unless you can use your ledger device to move funds, this isn’t guaranteed). and if Bitwardan fails you because you can’t log in for whatever reason then you lost access to your words again. This is poor opsec.
-
Engrave or stamp your 24 word seed phrase on 2 stainless steel plates and secure them in two different locations. Then use the advanced security feature and create a complex pass phrase that you commit to memory. The pass phrase, sometimes called the 25th word, creates a whole new wallet that is separate from the wallet created with just the 24 words. Move all funds to the pass phrase wallet. Done.
-
Putting your seed or part of it on a password manager, even with 2fa , is not safe. If a maleare install a rootkit on your pc, they will have access via cession cookies even if you have 2fa.
So it is safer to keep your seed on paper (or metal) and to have 2 copies at different locations to protect from accidental destruction or fire.
> All my crypto is on the Nano X
No, they are on the blockchain. Only your keys (ie seed) are stored in your ledger. I hope you understand that
-
I’d recommend this playlist for security info as one way to store your private keys https://youtube.com/playlist?list=PLBTp6wwfQk3hG9cZQWZjj35-pPlVtrfyo
He has step by step walk throughs on his own website the privacy guides. Everything he shares is military-grade security standards. Be warned though, some of it can be technical and you’ll be going down the rabbit hole with his videos if you really get into the security stuff
-
One way I’ve thought of doing mine is taking each letter of the words, pick a random number, and then skip that many letters in the alphabet. For example one of your words is cat and you decide to skip 3 letters. C=F, A=D T=W. You would write down FDW instead. As long as you can remember to subtract 3 you have your seed written down in a way no one else will figure out even if they find it. Hope that makes since.
-
-
-
As other users have pointed out, you’ll want to avoid ever creating ***any*** sort of digital copy or footprint of your recovery phrase at any point in time. This ranges from the notes app on a device to cloud-based storage, or even taking a photo of it with an old phone. These are not safe and defeat the purpose of your Ledger device:
To serve as a hardware wallet (and essentially a mini computer) that [generates your unique 24 word recovery phrase](https://support.ledger.com/hc/en-us/articles/4415198323089-How-Ledger-device-generates-24-word-recovery-phrase?docs=true) and allows you to sign transactions on the blockchain – ultimately allowing you to manage and access your cryptocurrencies and digital assets.
It is imperative that you do not under any circumstances share this with anyone and you’ll want to keep it in a safe place. Based off of your post, you’ve chosen to split it up – and so this somewhat changes the risk model with respect to self-custody.
**Importantly** – you mentioned that you entered 12 words into Bitwarden. This is ***not*** advisable and can put your funds at *risk*, however if you didn’t enter all 24 words, this doesn’t mean your recovery phrase is technically compromised – it’s just a very bad idea to ever enter any portion of your recovery phrase into a(ny) digital application – including a password manager like Bitwarden. Remember, your physical Ledger is there to generate, secure, and allow you to control your 24 word recovery phrase without ever relying on any other device or application.
**It would also be ideal to generate a fresh, new 24 word recovery phrase for your Ledger so that you know with absolute certainty, that your recovery phrase is without a shadow of a doubt – safe to use.**
There are pros and cons to splitting your 24 word recovery phrase, but in this case I think one of your main concerns is about the instance of being on vacation, living in an apartment, and – as other users have mentioned as well – the [passphrase](https://www.ledger.com/academy/passphrase-an-advanced-security-feature) is a great option in this type of situation.
You could create a passphrase, send the funds from your 24 word recovery phrase accounts **to** your passphrase accounts, and this means if for any reason your apartment is compromised while you’re away – your funds are technically safe with your passphrase.
Importantly however, this means relying on having your physical Ledger with you while you’re on vacation – that way, if for some reason your 24 word recovery phrase is compromised (at home and on Bitwarden) – you can still access and move your funds using your physical Ledger (with the passphrase entered into it, to access your passphrase accounts and send the funds out to a new wallet).
-
People are gonna disapprove of using Bitwarden, but this is actually close to my setup and I’ve never had any problems with it. I only have a couple differences:
* Instead of the 24 word Ledger seed phrase, I generated a 12 word seed phrase using the standalone, offline version of [Ian Coleman’s BIP39 tool.](https://github.com/iancoleman/bip39)
* Memorized the seed phrase (12 words is easier than 24) and use it with a 70 bit passphrase.
* Only backed up in a Bitwarden secure note with 2FA, no paper copies. Paper copies are easily lost or stolen. Did not use my main email to sign up for Bitwarden.
* Paid for Premium and set up social recovery with Emergency Access, set to 7 days for one of my alternate emails (in case I lose access to my authenticator), and 30 days for someone I trust (in case I die).Imo this is by far the best setup for 99.9% of people. The attack surface is very small and there are very few points of failure.
-
As I understand it, your setup has two single points of failure. If you lose the 12 words on paper, OR if you lose access to Bitwarden, you’ve lost your Bitcoin.
Also, NEVER enter your seed words on a computer, phone, or other computing device. ONLY store it in in a hardware wallet, and back it up on physical media like paper or metal.
-
This just gives you another way to lose your seed phrase. Yes it makes it so if a thief or hacker gets half they can’t steal, which is good thinking, but now if you lose or something happens to one, you’re in trouble.
I’ll say this as I say to everyone. Take 1-8 hours over over your next 2 weeks or less and memorize your 24 words. Practice in 6 words increment until your memorize the first 6 words. I can concrete the first 6 words in your brain in under 30 minutes. After the add the next 6 and practice 12 (you’ll already have the first 6 down so its really just another 6), and so on. People, it is literally possible to memorize your seed phrase of 24 words in one day. It took me about 3-4 days about 30 minutes or less to fully have 24 words memorized.
For extra security Keep you 24 words on paper stored away in the safest place you can come up with. Safest from criminal activity, and also in a accident preventive location.
For extra extra security turn the letters of your words into numbers or symbols of your choice, so if someone gets your seed physically they won’t be able to crack the code still, or will take them more time which will by you time to move your assets before they do.
For extra extra, extra security, you can cross out 1-3 words on your actual off of your 24 words. Even though you would already have your 24 memorized, cross out the 1-3 most easy words for you to remember, like the first 3 words on your sheet. Now your sheet is coded, and insufficient in information from a physical thief to do anything even with your sheet. But even if you somehow forget your 24 words, you’ll always remember the first 3 you wrote down and and with know the coding on your sheet to recover all 24 words if there was an emergency.
Get a hardware wallet, reset the hardware wallet 3 times to be safe and never put your 24 words on anything but the paper, ONE TIME. Never on your phone, never on the computer. Keep your hardware/cold wallet ALWAYS SEPERATE from your physical 24 words. That way if something happens to one. You always have the other to send your crypto or regain access to it.
If you guys put in the few hours work, your brain can memorize your seed forever. People can easily memorize the 50 words/ 50 states of the United States. 5 year olds have done this and have memorized it for life. Believe in yourself You can easily do LESS than of half this and memorize 24 words. Then you can sleep a lot better at night and eliminate that stress! My heart goes out to all people who have lost crypto and or had it stolen. We all have made mistakes, but we all have prevented them too! If you have a solid amount of money in crypto that would upset you if it got stolen, memorize your damn words. Make the choice to secure your crypto as best as you can. It’s worth it and I you will be very surprised at how well and quickly you can memorize your words to where it becomes permanent. Cheers
-
-
-
-
-
I think seed + passphrase is optimal and simple option.
Engrave 24-word seed into steel, 2 copies. One save at home, second at parents’s house or bank trezor.
Additional passphrase you save in Bitwarden AND memorize.
​
I think is quite bulletproof. If someone finds one of steel seeds, cant access fund. You still have 1 seed, its quite improbable that you will loose access to both seeds simultanously.
If someone hacks your Bitwarden, it cant access fund, because he dont have seed. If you forgot passphrase, its still in Bitwarden. If Bitwarden goes out of bussiness, you still memorize your passphrase.
On vacation have only your Ledger with you, with good/random PIN, to spend on vacation. If you forget PIN/lose Ledger, you will just wait to come home. Nothing would be lost. In fact, you can have one seed on paper with you in your wallet. No one will simultanously steal your seed from wallet and hack into Bitwarden. Unless 5$ wrench attact :-))
-
The method I recommend is to split the seed using Shamir Sharing Secret. You can use any arbitrary n of m combination. 3 of 5 & 5 of 7 are two common choices. Adding a strong passphrase you store separately is a good option.
Make sure when to generate the secret, you do it from a air-gapped computer (not connected to Internet) from a live Ubuntu USB.
-
Hot take, assuming you consider your home to be a hostile environment that’s not safe to store a seed phrase, here’s what I’d do personally:
Set up new 24 words on a ledger device, engrave them on a steel plate, hide somewhere safely in your home. These are your base accounts, tied to your master ledger PIN (let’s assume this pin is 1111 for ease of reference)
Transfer a bit of ETH, a bit of BTC to these base addresses. Do a couple of transactions. Make it look convincing (hint, these will be decoy accounts later)
Set up a decently complex passphrase, store that in Bitwarden (or heck, generate it from bitwarden). Tie this to your ledger as an alternate PIN (say, 2222).
These passphrase accounts will be your real accounts. Use the 2222 PIN anytime you want to use the “real” ledger accounts.
That’s the game plan.
—
Why? Well if someone finds your 24 words in your home, they would need your passphrase as well in order to access your real accounts. However, there are decoy accounts there so the thief won’t even KNOW there might be a passphrase to look for. If you ever see that BTC and ETH move from your base accounts, your coal mine’s canary is dead and it’s time to evacuate your funds from your real account.As a bonus, let’s say you bring your Nano X on vacation hanging around your neck from a chain (as you do). Some thug comes up and demands you unlock your Ledger or else they’ll bonk you on the head with their modestly priced wrench. You can always pop in the 1111 PIN and hand it over, and they’ll walk away with some BTC and ETH. They’ll never know about the 2222 accounts and never will.
Much better than just splitting 12 and 12. The way you did it basically feels like simply just moving from 1 to 2 points of failure in my mind.
-
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.