Is it an acceptable practice to store your monero cryptocurrency seed into your password manager like for example 1Password for offsite backup?
My guess would probably be yes, given that password managers are encrypted, but I don’t know anything about cryptocurrencies.
I wouldn’t trust a password manager with storing crypto seeds.
In my opinion every seed you keep digitally can be considered as Exposed.
You can use your password manager to store a secondary seed with small amount of coins but never store your “bank” seed digitally.
Same as banking passwords… But as they do not have 2fa, store it not with all passwords, but in some notes app, like Standard Notes, with 2fa enabled. And recovery codes should not be there either. Just store different eggs in different baskets. And store some passwords only in own head, like for passwords, 2fa, codes and email. 4 passwords are not hard to remember.
Never do this! Just write down the seed phrase on a piece of paper and store on two places.
There really isn’t any risk with a good password manager other than the risk of someone gaining access to it.
In my opinion it really depends on how much money you have, if you’ve got under $1k USD of crypto assets people probably not going to bother with a specific targeted attack. Is anyone going to burn a 0day on you that costs more than the amount of money you have? Probably not.
If you have more then maybe then you should be careful to use hardware wallets and airgapping with a cold storage wallet.
This is part of the reason why fiat currencies are never going away for “some new fangled crypto” because if you have a lot of money you need to be very careful with security.
Even with credit card fraud, there are usually zero liability policies if the card holder was not at fault.
The caveat mentioned here is important. However, even with encryption, there might be possibilities of $5 wrench attacks, shoulder surfing, side-channel attacks, future cryptographic vulnerabilities and more.
There is also the opposite risk of loss of funds by forgetting the password database’s password, data corruption, device failure, etc.
Whether or not it is acceptable to store a cryptocurrency seed digitally depends on the amount of funds, how the seed is stored and what your risks are. For storing a seed digitally, I would generally recommend encrypting it, keeping it offline and having it stored on two or more storage devces. If the amount is large, take further measures to prevent both theft and unintentional loss.
- the amount you want to protect
- adversaries: fire, flood, EMP, evil maids, external actors, etc.
- vulnerabilities: structural integrity of physical location, coercion, forgetting passwords and hiding spots, information about your wallet or transactions that is already exposed, etc.
- available resources: security vaults, hiding spots, encryption, storage devices, paper, long-life physical media, etc.
Depending on the above, you will have these options:
- encrypt the seed or its parts
- keep the seed or its parts offline
- transfer the seed or its parts onto a physical medium
- split your amount between separate wallets
- practise good opsec when doing anything with your wallet
- avoid situations where you can be coerced into revealing your seed
- split the seed in a way that mitigates both theft and unintentional loss
I don’t use cryptocurrency. It might be best to ask the cryptocurrency community about how to keep seeds safe.
I don’t think this is necessarily true if a seed is encrypted and stored offline.
Does this mean store two identical copies of the whole seed in separate locations, or store each half of a seed in separate locations? The former requires only one location be accessed, therefore increasing the chance of theft of funds, at the benefit of decreasing the chance of unintentional loss of funds. The latter requires both locations be accessed, therefore increasing the chance of unintentional loss of funds, at the benefit of decreasing the chance of theft of funds.