Is it an acceptable practice to store your monero cryptocurrency seed into your password manager like for example 1Password for offsite backup?
My guess would probably be yes, given that password managers are encrypted, but I don’t know anything about cryptocurrencies.
I wouldn’t trust a password manager with storing crypto seeds.
In my opinion every seed you keep digitally can be considered as Exposed.
You can use your password manager to store a secondary seed with small amount of coins but never store your “bank” seed digitally.
Same as banking passwords… But as they do not have 2fa, store it not with all passwords, but in some notes app, like Standard Notes, with 2fa enabled. And recovery codes should not be there either. Just store different eggs in different baskets. And store some passwords only in own head, like for passwords, 2fa, codes and email. 4 passwords are not hard to remember.
Never do this! Just write down the seed phrase on a piece of paper and store on two places.
1 Like
There really isn’t any risk with a good password manager other than the risk of someone gaining access to it.
In my opinion it really depends on how much money you have, if you’ve got under $1k USD of crypto assets people probably not going to bother with a specific targeted attack. Is anyone going to burn a 0day on you that costs more than the amount of money you have? Probably not.
If you have more then maybe then you should be careful to use hardware wallets and airgapping with a cold storage wallet.
This is part of the reason why fiat currencies are never going away for “some new fangled crypto” because if you have a lot of money you need to be very careful with security.
Even with credit card fraud, there are usually zero liability policies if the card holder was not at fault.
4 Likes
The caveat mentioned here is important. However, even with encryption, there might be possibilities of $5 wrench attacks, shoulder surfing, side-channel attacks, future cryptographic vulnerabilities and more.
There is also the opposite risk of loss of funds by forgetting the password database’s password, data corruption, device failure, etc.
Whether or not it is acceptable to store a cryptocurrency seed digitally depends on the amount of funds, how the seed is stored and what your risks are. For storing a seed digitally, I would generally recommend encrypting it, keeping it offline and having it stored on two or more storage devces. If the amount is large, take further measures to prevent both theft and unintentional loss.
Consider:
- the amount you want to protect
- adversaries: fire, flood, EMP, evil maids, external actors, etc.
- vulnerabilities: structural integrity of physical location, coercion, forgetting passwords and hiding spots, information about your wallet or transactions that is already exposed, etc.
- available resources: security vaults, hiding spots, encryption, storage devices, paper, long-life physical media, etc.
Depending on the above, you will have these options:
- encrypt the seed or its parts
- keep the seed or its parts offline
- transfer the seed or its parts onto a physical medium
- split your amount between separate wallets
- practise good opsec when doing anything with your wallet
- avoid situations where you can be coerced into revealing your seed
- split the seed in a way that mitigates both theft and unintentional loss
I don’t use cryptocurrency. It might be best to ask the cryptocurrency community about how to keep seeds safe.
I don’t think this is necessarily true if a seed is encrypted and stored offline.
Does this mean store two identical copies of the whole seed in separate locations, or store each half of a seed in separate locations? The former requires only one location be accessed, therefore increasing the chance of theft of funds, at the benefit of decreasing the chance of unintentional loss of funds. The latter requires both locations be accessed, therefore increasing the chance of unintentional loss of funds, at the benefit of decreasing the chance of theft of funds.
1 Like
I believe that your advice is not the best for most users.
Encrypting and separating seeds may be a cool idea now, but did you think that after 5 years or more you would just forget how you encrypted it, which algorithm you’d use, and where this one very needed part of your seed is stored?
The risk that you lose your money in this situation is much more actual than someone stealing it from you.
My advice is very simple:
-
Write down your seed on paper. The best way to do so is to find your old notebook from school or university, preferably from English class, and write it down there (it will look less suspicious) and make two or three copies of that, then hide them in different locations.
-
Before creating the wallet, add additional protection called a passphrase. Create a passphrase using 7-8 words from the EFF Large Wordlist
-
Store passphrase in your password manager (make offline and online backups of the database!!!).
The main reason for doing so is that after 5-7 years, if something happens with your wallet, you can just remind yourself, “All I need is one of three notebooks and access to my password manager database.”.
From a security perspective, if someone finds your notebook, that person cannot gain access to funds because they still need a passphrase, and if someone hacks your database, they still need your seed phrase.
It may look too hard for new users, but it’s definitely better than previous advice. Let me know what you think about it!
I dont have an opinion on this question per say. Issue with crypto is that, if that money is stolen, you cannot do anything about it. It require a lot of knowledge about security and makes you more at risk. Here is an example where people were simply forced at gun point to give their crypto waller info to criminal. That person lost 150 000$ .