For those that store your information on an online manager

[yhiaali3]

I wonder how someone can store passwords for their accounts worth millions of dollars on a password manager or cloud or something like that, this is very dangerous.

The person in this case didn't just store passwords in a password manager, they stored their private keys in a password manager, which is crazy when you think about it. The password manager was hacked and the funds was stolen, people need to understand that anything online is prone to hacking, it may not have happened yet, but that does not mean it is safe.

This is even more crazy, storing private keys on the cloud or password manager is irresponsible and absolutely crazy.

I honestly don't understand how these people after all this huge amount of news we hear about hacking platforms and third party services on the internet I wonder how they are still using these services.

[Faisal2202]

Passwords should be stored in recommended password managers, but seed phrase or private keys should never be stored in any password manager. It is not so hard to back up your seed phrase offline, buy a stainless steel and engrave your seed words on it yourself, that is very safe.

There are some wallets I guess which allow us to set passwords especially using these password managers and when someone try wrong passwords for multiple times they even erase the data or lock it for a specific period of time, that's why people use these password managers.

You might have heard of a news where a person locked his wallet using some password manager and now forgot the password to unlock it, he also hires hackers to break the security protocols of it to unlock but failed to do so, point is sometimes these are good but here in this case it's not.

[Z-tight]

I honestly don't understand how these people after all this huge amount of news we hear about hacking platforms and third party services on the internet I wonder how they are still using these services.

So many people do not learn, they just buy BTC but they do not want to learn how to keep it safe. It is the same way people store their funds in centralized exchanges, despite all the events of collapsed and bankrupt exchanges, or when people store their main stash in a hot wallet.

[NotATether]

Such an idiot, him.

He thought that keeping his seed phrases electronically stored was a great idea?

If that's the case, then I'm not surprised how his account was drained. His email addresses are well-known, so that means he was always going to be a high-value target for anyone trying to make a ton of money.

It's not a good thing that this happened, but you can take a stand against this by not using Lastpass. I already canceled my subscription for it a while ago.

[ABCbits]

This is insane. Someone as rich as him could afford better and more expensive security option (such as hardware wallet).

Such an idiot, him.

He thought that keeping his seed phrases electronically stored was a great idea?

If that's the case, then I'm not surprised how his account was drained. His email addresses are well-known, so that means he was always going to be a high-value target for anyone trying to make a ton of money.

It's not a good thing that this happened, but you can take a stand against this by not using Lastpass. I already canceled my subscription for it a while ago.

It doesn't stop there. It also means he either never research about LastPass or intentionally ignore past LastPass security incident that happen almost every year.

[Aanuoluwatofunmi]

I don't know maybe it's because of lack with the required information about how to avoid using the centralized platforms in making storage for our sensitive information or maybe the people are just willing to tempt taking the risk for nothing, because these people have every access that can use to get all of our online information on their platform, then why should we be careless in rendering them the full access to what belongs to us from the first place, the earlier we realized these the better for us.

[Z-tight]

It doesn't stop there. It also means he either never research about LastPass or intentionally ignore past LastPass security incident that happen almost every year.

People are lazy, they don't do research and they do not also follow events that happen in the industry, and many times they regret it in the end when it comes back to bite them. It does not cost much to get a hardware wallet, or to buy a stainless steel and engrave your seed words, but many people want to do things the 'convenient' way.

[bhadz]

This is why I don't use them, very risky at all. So, I will go with the old traditional way of writing my passwords and seeds on a notebook instead of an online manager. Or if I'll keep some information on my PC, I'll make sure that it won't be broadcasted in the web or I won't be publishing it online. That's very risky to think of when most important details of ours, logins, passwords, etc. To be published online.

[Bobcrypto]

Passwords should be stored in recommended password managers, but seed phrase or private keys should never be stored in any password manager. It is not so hard to back up your seed phrase offline, buy a stainless steel and engrave your seed words on it yourself, that is very safe.

Besides all this options that has been used to store passwords, seed phrases and private keys, I think the best option, in my opinion is a written down password, seed phrases and private keys. This should be written on a sheet of paper and store in a safe places.
Storage managers is has it own risk especially if it is linked to the Internet, instead of storing your crypto assets where you can easily forget or misplaced your password, private keys, it best to have it written down on paper or a notebook and store in safe places in your home.

[ZAINmalik75]

We are not talking about passwords here, but seed phrase or private keys, there is nothing wrong in storing passwords in a password manager, what is wrong is storing sensitive data in it. The best way to back up a seed phrase is offline, engraving it in a stainless steel or writing it down on paper.

Speaking of private keys alone, you are right they should never be stored online and storing them in some online password manager is a big mistake, like it was done on purpose. They should engrave it on some material even if written on paper and then kept on different places by writing different pairs on different papers and then placing them on different places so that accessing to one could not do any harm.

I don't prefer these online managers for anything, even I have a small portfolio but these people are risking others funds so therefore they should not bet trusted again.

[Z-tight]

Besides all this options that has been used to store passwords, seed phrases and private keys, I think the best option, in my opinion is a written down password, seed phrases and private keys. This should be written on a sheet of paper and store in a safe places.

With hd wallets you shouldn't back up your private keys, just your seed phrase alone is necessary. However, i get your point, though some people will prefer engraving their seed words on stainless steel to writing it down, in order  to protect it from flooding, fire or other types of natural disaster, but i believe most people write it down.

[NotATether]

It doesn't stop there. It also means he either never research about LastPass or intentionally ignore past LastPass security incident that happen almost every year.

And he was also too lazy to export his data from LastPass and switch to another password manager that does not have these kind of reputation issues (1Password, Dashlane, Bitwarden, Proton, Nordpass etc).

With hd wallets you shouldn't back up your private keys, just your seed phrase alone is necessary. However, i get your point, though some people will prefer engraving their seed words on stainless steel to writing it down, in order  to protect it from flooding, fire or other types of natural disaster, but i believe most people write it down.

It'll protect you from natural disasters, sure, but it won't protect it from theft. Also if your house burns down, how are you going to find your stainless steel phrase amid all the rubble?

[Forsyth Jones]

This sounds new to me, that people take the risk of saving wallet seed phrase with an online platform???
As I started reading the contents of your post beginning from the topic, I was wondering if it is now something bad to store passwords and codes with an online manager. Because I am a big fan of storing passwords with google. But reading down, I comprehended the motive of your post. And right now I'm still wondering how could users possibly trust a platform to the level of saving his/her wallet seed phrase with them. There's a statement some crypto enthusiasts around me always say and it goes "Never Disclose your Wallet Seed phrase to Anybody"
Saving wallet seed phrase with an online platform, I see it a form of laziness.
No matter how a wallet seems useless to me, I always write down my seed phrase and keep it somewhere very safe and secured how much more a wallet that contains something tangible.

Your concern is justified, saving mnemonic phrases or WIF private keys in online managers has a high chance of being rekt.

I recommend stopping using browser password managers, although they've evolved over time, they still cannot compare to the security of an offline password manager like keepass, which works even without an internet connection, since the database is saved locally.

Offline password managers have strong encryption such as AES, ChaCha20, etc. So you can save anything there, not only passwords, but OTP codes, attachments including images, files and texts.

It is better to encrypt the mnemonic phrase in a keepass database in an air-gapped offline environment. It's much safer than leaving it in online password managers or scattered around unencrypted.

[joniboini]

I recommend stopping using browser password managers, although they've evolved over time, they still cannot compare to the security of an offline password manager like keepass, which works even without an internet connection, since the database is saved locally.

I installed a Keepass extension on my browser, so I don't have to copy and paste every password I need. I believe it should be safer since it doesn't put anything on our clipboard just in case a malware is lurking around. We do have to open/run KeePass in the background, but it is not a huge deal, even if you're running a potato computer. Still, I wouldn't recommend anyone to store sensitive data like seedphrase etc, though. CMIIW.

[Forsyth Jones]

I installed a Keepass extension on my browser, so I don't have to copy and paste every password I need. I believe it should be safer since it doesn't put anything on our clipboard just in case a malware is lurking around. We do have to open/run KeePass in the background, but it is not a huge deal, even if you're running a potato computer. Still, I wouldn't recommend anyone to store sensitive data like seedphrase etc, though. CMIIW.

I also use a keepass extension for the browser, specifically the extension for KeepassXC, KeepassXC-Browser. However, it doesn't work on some sites, so I've to use the copy/paste function. An alternative is to use the auto-type feature.

It’s worth mentioning that there are several variations of keepass, but the most famous ones are Keepass2 and KeepassXC. I have both installed, and the one I use the most is KeepassXC.