[EDIT: Some information in this post is no longer relevant, or has been supplanted by more secure methods. Please do your own research regarding the most up-to-date Bitcoin security practices]
…because he’s me.
As more people join the Bitcoin movement, the need grows for PSAs about securing wallets.
In addition to the upsetting stories of true scams, every day I hear about how another person has lost his coins just because he wasn’t properly versed on the techniques necessary to keep his coins safe.
How to be your own banker
The reason that so many coins are lost or stolen is because with the sudden freedom to control your own money comes an enormous responsibility to keep it safe.
In the Bitcoin world, you have to become your own banker, which means you must develop a system that balances two very real threats: 1) The threat that your coins will be stolen, and 2) The threat that your coins will be lost.
After hearing me fanboy over Bitcoin for over a year, my father finally decided to purchase a small amount. Through my conversations with him, we were able to develop a plan to store his coins for the long term, one that took a little time to set up but was not overly technical. I would like to describe this system in the hopes that it will either give people some new ideas, or present a road map for putting coins in a safe place, giving the owner months or years to do more research before moving them again.
WARNING: ANY TIME YOU MOVE BITCOINS, YOU RISK LOSING THEM. THIS IS ONLY MEANT TO BE A SUPPLEMENT TO YOUR OWN RESEARCH.
For our purposes, we aim to put our coins in “cold storage,” which means that we don’t plan on sending them anywhere for a while. If you wish to secure a “hot wallet” that contains multiple addresses that you use regularly, please do your research on the various desktop and online clients available to find a solution that works for you.
The philosophy surrounding cold storage is that you want a way to retrieve your private key (i.e. 5J2TGo17A8peGDPBXAPHnwNqEE4W2T2phdgdH9xqBcnB2RzQBSF) and public key, or address (i.e. 1J5Zg16HmfJ2DoQSjhJj27NdJasgWYuyed). Just stick to one address for now. It’s easier to keep track of it that way.
To store these two important strings, I am going to describe how to create 1) A brain wallet, 2) A paper wallet, and 3) A secret wallet. Feel free to use one, two, or all three. But remember that the fewer “copies” of your private key that exist, the higher the likelihood that you will lose them. By the same token, the more that exist, the higher the likelihood that they will be stolen.
1) Brain wallet
This is an ingenious way to literally keep a backup of your private key in your brain. In the event of total system meltdown where you lose all files, hard drives, cloud drives, and get extradited to Siberia, your brainwallet provides you with the ultimate assurance that you can access your coins.
I highly recommend that all cold storage addresses be brain wallets. Some people disagree because they worry that pass phrases can be hacked. But I believe that by following some simple rules, you can avoid this misfortune. For the sake of brevity, I’m not going to discuss the issues in great detail, but will rather provide you with one path that I believe is quite secure.
a) Choose a passphrase. This needs to be something that you can remember for the rest of your life that nobody would be able to guess. It must be at least 30 characters long, but I would recommend more. Include upper and lower case letters, numbers, and special characters. Pass phrases are also sensitive to spaces and punctuation so be extra mindful of what you are typing. A misplaced comma will result in a completely different address. Memorize this passphrase well.
b) Go to bitaddress.org and save a copy of the webpage (keep in mind that this website is trusted by the community today, but make sure this is still the case before you use it). Then close your browser and turn off your wi-fi. Open the saved file and click on Brain Wallet. Click “show” so you can see what you are doing. Enter your passphrase but DO NOT TYPE IT IN THE CORRECT ORDER. You may have malicious key logging software on your computer that records your every keystroke, so you’ll never want to just type your passphrase outright. For instance, if my passphrase were: “I am awesome 123 $% birdwatching.” then I might enter it in bits and pieces while moving the cursor to different spots, then add a few letters before deleting them, so that any key logger would record gobbledegook like “12a3birgrd %$awevsdIsosdsdm eamwjyatching.” which wouldn’t give your pass phrase away to whoever is spying on you.
Then click view. What you will see are two numbers. One is your unique bitcoin address, where you will send your coins, and the other is your private key. Guard this private key with your life, as anybody who has it can take your coins.
Congratulations, you just made a Brain Wallet. Now, let’s make some copies of it for the future.
2) Paper wallet.
a) With your wi-fi off, print out the page on bitaddress.org that shows your private and public key.
b) Put this somewhere extremely safe… like a safe.
3) Secret wallet.
a) Copy and paste your private and public keys into an excel spreadsheet. I recommend also including some brief explanation such as: “Dear wife. If you are are reading this, I am dead. With the private key, you or anybody else can retrieve all coins at this address. Do not show it to anybody unless you trust them unconditionally.”
b) Password-protect this spreadsheet with a password that you have never used for anything that is at least 14 characters long. Do not write this password down anywhere. Name the file something innocuous such as “Camping Items.xlsx”
c) Email this file to loved ones that you would want to receive your coins if something happened to you. Do not include any text in the email that indicates what is in the file. Call them on the phone and tell them the password to the file, and to memorize it. If they must write it down, insist they put it in a safe. Remember, anybody with this password + your excel file can access your coins.
At this point, everything is set up. Remember, each of these techniques comes with pros and cons. Each has weaknesses that can be exploited (i.e. Somebody breaking into your safe, or a relative being careless with the secret file’s password), so please consider the risks. Before you fund your wallet with a significant portion of your Bitcoins, please read the section below.
How do I fund my cold storage brain wallet and then retrieve the coins later?
So now what should you do? Now it’s time to let your cold wallet sit for a while, and test out your funding and retrieval methods with a small amount of Bitcoins on a throwaway wallet. If you have any coins, then you are already using a “client,” or “wallet.” We’ll send the coins from here.
Make a new address at bitaddress.org (it can just be a “single wallet”) and print a PDF copy to your desktop. We aren’t going to be too careful with this wallet, since we’re only going to use it once. Now, send a modest number of coins (i.e. 0.01), to this address.
If you aren’t using it already, I recommend opening a My Wallet at Blockchain.info, it’s the most secure online wallet that I know of and it is very easy to “import” new addresses into it. When signing up, make sure to write down everything blockchain.info tells you to, and don’t forget your password. The reason is that they don’t actually have access to your coins and cannot retrieve them for you if lose your password.
Once in My Wallet, click on Import/Export and then copy and paste your new throwaway wallet into the Import Private Key field. Once you have done that, you should be able to view the 0.01 coins and send them back to your original wallet, minus the transaction fee. As a matter of habit, make sure you send back ALL the coins in the wallet. This is because Bitcoin works a bit funny where if you only send some of the coins, the unspent amount is sent as change to a new address. It’s not really an issue with Blockchain.info, but if you are using some other service to do a “raw” transaction you might inadvertently try to send just a few coins from your wallet, and then lose the rest.
Completing this test is essential before you send the bulk of your coins to your cold storage brain wallet.
Wait two weeks and then see if you are able to recreate your brainwallet (remember to be careful: turn off wi-fi, don’t type it in order) using the passphrase you memorized, then check it against your paper wallet or secret wallet. Do they match? If so, then you can be relatively confident that it’s safe to fully fund your brain wallet.
For a little bit of fun, I created a weak Brain Wallet and funded it with 0.101 Bitcoins. I didn’t publicize this fact earlier because I would prefer that a new user to be the one to find it. Using what you’ve learned in this article, you should be able to move coins from this Brain Wallet into your own wallet. The wallet address is: 1Jxf3cUzufPm9Bx9BVn2xVogrKV6FbWfuS and you can view the balance of it here: https://blockchain.info/address/1Jxf3cUzufPm9Bx9BVn2xVogrKV6FbWfuS
The first person to guess the pass phrase gets to keep the coins. Hint: The passphrase can be found in this article.