Protecting your bitcoin is very important and a task that can be very simple to put into practice. Above all because Bitcoin It is one of the currencies that more difficult They've been putting it on thieves since the money was created, but just like any system, your security can be busted.
We are not questioning Bitcoin, on the contrary, we question the human factor. Due to not following minimum good security practices, the bitcoins that have been stolen are counted at almost 1000 billion dollars. So it never hurts to prevent and protect your bitcoin in the best possible way.
In fact, anyone who has followed the currency since its inception will know that there have been no few, nor small, "blows" that have occurred in its short history, and all always due to human error in large bitcoin concentration points.
Big thefts in the bitcoin world
It is important to emphasize that To date, no (even theoretical) way has been found to violate the cryptographic security on which Bitcoin is based. In fact, the security of Bitcoin is superior to that used by financial systems around the world. Yes! Bitcoin is so secure (cryptographically speaking) that before a flaw was found in Bitcoin, the cryptography used in all the fundamental pillars that currently support humanity would fail. We are talking about a failure that would affect banks, aviation, telephony, international security. Absolutely everything would go down, due to failure in cryptographic principles. Up to this point the development of this technology has come in order to protect your bitcoins against any catastrophe.
If you want to know in particular the most famous cases of theft of Bitcoin and other cryptocurrencies, we have prepared a special post for it:
After this introduction, now we go to the bulk of the matter ...
How to protect your bitcoin?
The best way to protect your bitcoin is to be proactive. Not only by having your funds in the purses and accounts of exchange houses, you run the risk of losing them.
Just like in the real world, everything is susceptible to being hacked online, no matter how well protected you think it is.
However, if you follow these recommendations, you will make it extremely difficult for anyone who intends to steal from you.
1. Manage your own passwords
This advice is very basic, but sometimes we forget. In fact, it is the best way to protect your bitcoin.
You must be very (but very) cautious (e initially mistrust) of online services where you can store bitcoin, whatever type they are: wallets, exchange houses, bets...
Take a good look at the service and its reputation before sending a single satoshi or telling someone to send them there.
Remember the previous robbery cases, they all had very good reputations. Even trusted sites can be compromised by a criminal. You must understand that the moment you do not have the bitcoins, they can disappear. So, as much as possible, keep your bitcoins as little as possible in third hands.
And watch out for him phising. Check out our guide chapter on Bitcoin scams.
2. Keep your software updated
Another way to protect your bitcoins is to use an updated Bitcoin client and wallet software. This regardless of whether you do it through your computer or smartphone.
In other words, with this program, you will store your private keys and operate with them to make movements of your bitcoins. Well, in this case, worry that everything on your computer or mobile phone is up to date and free of malware of any kind.
Do you use a web wallet? Your operating system may be infected or outdated, the browser may have a malicious extension that you do not know.
Do you use an installable program? The wallet may be out of date, maybe you downloaded a compromised program or update. Or also, inside your computer or phone you may have another application that is corrupt or that updates in the future automatically and infected to copy your private keys.
3. Encrypt your private keys
Currently, any self-respecting wallet program will automatically create your private keys. Not everyone follows good practices in creating these private keys, preventing it from being easy to replicate, but the best known ones do.
What is important to understand is that, once created, they are saved on your device in plain text, in some internal file or database.
Wallets that incorporate good practices to prevent this have the option of encrypting the file where you keep your keys.
I guess at this point, and after reading the Bitcoin Bit2Me Guide tutorial on how to store bitcoin, you will understand what danger there is if someone gets these plain texts. Effectively, you run out of bitcoin.
However, the same purses usually have a process to encrypt the private key with a password or PIN, that way when making a shipment, it will ask you for it; but if someone steals your private keys, they must know that key. This means that your private key is modified based on that password or PIN, ceasing to be useful as is.
The bad part is that if someone gets the encrypted private keys, they can use brute force for days, months (or as long as it takes) without you even realizing it and could actually decrypt them. In mobile phone wallets it is even simpler, since a 4-digit PIN code is deciphered in a matter of minutes, and all this without giving you any kind of notice that your passwords have been compromised.
However, if you can and your wallet allows it, use a complex password to encrypt the keys.
If the wallet or wallet generator you use gives you only the option to choose your private key, it will be time to choose a complex text (complicated to generate by brute force), for example a text of 200 alphanumeric characters (with rare characters at can be). Using something like one or more dictionary words or numbers like "123456" is a very, very bad idea.
To make your life easier, you can use password managers like LastPass o KeepPass, which are very secure if used well and help you generate strong passwords and remember them with minimal risk. Now, if you save the password that encrypts your private key printed on paper in Lastpass, it would be difficult for a criminal to gain access to both things, but be careful, if you lose access to Lastpass you won't be able to remember the password. If you don't trust these apps, you can use standard AES encryption to protect your bitcoin. To do so, just download OpenSSL (o FreeSSL) and do the encryption process.
Now, if you are going to manage large quantities, we recommend that you follow tip number 7.
4. Use double authentication
Are you a person who likes risk and have you deposited your bitcoins in a web service?
In this case we recommend that you use a second level of security as a minimum.
The double authentication factor is a process used to verify your identity when accessing a web service. It is a very smart way to protect your bitcoins and any sensitive information.
It sounds incredible, but it almost doesn't matter if you use lengthy or complex passwords today. 99% of passwords are stolen through phishing processes (we recommend the chapter dedicated to scams with Bitcoin), with malware or snorting the network, not by brute force.
With the second security factor it would be avoided that, if someone obtains your password, they can access your account, since they need a second unique key provided at the same time through an alternative route.
For example, blockchain.info allows you to do this by SMS, Yubikey, Google Authenticator or by email.
Google Authenticator It is free, cross-platform and is compatible with many other services such as Twitter or Dropbox, in addition to Google services.
Once synchronized with the service, after the password it will ask you for a unique code that changes every 60 seconds. This code is given to you by the program you use to manage this second security factor. In this way, if someone gets hold of your password, they will not be able to move the bitcoins, since they do not have that unique code.
It does not give you infallible security, since the criminal who has access to this second key that is generated could also access it, but it greatly increases your security due to the complexity of this happening.
But watch out! This is useless if what they corrupt is the server of the service where you have deposited your bitcoins. Therefore, a good rule of thumb in Bitcoin is to delegate your bitcoins to as few sites and as few as possible.
You may have already come to this conclusion:Never save my savings (large amounts) in an online service«.
5. Make backup copies
If you use a wallet that is not hosted by an online service, it is advisable to make different backups stored in different places.
Once you have made these copies, encrypt them with other services to make them practically incorruptible like these.
You can save the copies in cloud storage services, USB sticks, SD cards, etc.
Do you use a HD purse? You only need to make a backup of the seed (you can do it at any time). Once this is done, you forget about any other backup.
Do you use a purse that is NOT HD? You will need to back up almost every transaction you make. If you don't know what an HD wallet is, we recommend you go back to the chapter on How to store bitcoin (You may decide to switch to one of this type).
Having backups is always important, and more for your money, but it is also important to take care of them. I guess you don't want to be like James howells, who threw away a hard drive with 7.500 bitcoins (which were worth almost 8 million dollars) and is still going through dumpsters in his country to try to locate it. Backing up your wallet on a regular basis is another very smart way to protect your bitcoins.
6. Use multi-signature addresses
They are without a doubt one of our favorite options at Bit2Me. Due to the balance between their low complexity of managing them and the security they provide, they are also useful in multiple use cases, for example, to safely store and protect your bitcoins.
In Bitcoin there is a second type of addresses, calls addresses multi-signature. While a simple address has a private key associated with it, multiple private keys can be associated with multi-signature addresses, that is, it takes several keys to sign a transaction and that it is carried out (validated by the nodes. and be included in the blockchain).
For your understanding, imagine the typical end of the world scene where there is a button that requires three keys to be pressed. Without the necessary keys the button does not work. If one of the holders goes crazy or the key is stolen, the button will still not work, it needs all three.
Best of all (and thanks to the magic of cryptography) is that a multi-signature address can be created with three private keys, but it only requires the signature of two to authorize a Bitcoin transaction. It is what is known an address 2 of 3 (3 keys, 2 are necessary). But there is not only this type of multi-signature address, they are fully configurable, example: 1 of 2, 2 of 2, 3 of 5, 5 of 9 ...
A multi-signed Bitcoin address does not start with 1, but with 3, example: 3DS7Y6bdePdnFCoXqddkevovh4s5M8NhgM
With this premise in mind, the following use case can be applied. A 2 of 2 multi-signature address, with two private keys and requiring both to send a transaction. One of the keys is managed from the mobile phone and the other from the computer. Whenever you require a shipment, you must have both devices. This way, a criminal should have access to both devices. This is a very advanced way of protecting your bitcoins and other cryptocurrencies.
Now, the problem in this example is that you could lose access to either one, for example you lose your mobile phone. One solution might be to have a backup of the two private keys, but it's more interesting to use the power of multi-signature addresses with a little extra creativity.
What do we mean? For example, a solution might be to create a multi-signature address 2 out of 3 (with 3 private keys and requiring 2 to make a transaction). In this way, you manage one from the computer, another from the mobile phone and the third you print and store safely. If you ever lose access to any of the 3 private keys, you can use the other two to retrieve the funds and move them to a new multi-signature address. If someone gets one of the keys, it will be useless.
One of the best wallets that allows you to manage multi-signature addresses very easily is Copay. This wallet is open source and promoted by the company BitPay.
Another good wallet with a free software license to manage multi-signature addresses is electrum.
If you want to know more about the cryptography that does this magic, we recommend you read about the Sharing of secrets and Shamir's scheme.
7. Keep them off the grid
This is one of the most complex processes but it can add a very large layer of security to protect your bitcoin.
The idea is simple: if it is necessary to prevent my private keys from being stolen, I will store them in a place disconnected from the internet.
For this we can differentiate in 3 ways to store the keys:
- Paper wallets: Consists of printing the key on one or more papers and storing them in safe places.
- See the chapter dedicated to paper purse.
- Take into account the process of creating this paper wallet, because if you use a device connected to the network or that could be infected, your bitcoins may disappear.
- Brain wallets: Memorize the private key. For this, mnemonic keys used in HD type purses can be used.
- Remember that we are not machines and the human being forgets, so be careful with this.
- Keep in mind the process of creating these words, because if you use a device connected to the network or that could be infected, your bitcoins may disappear.
- Hardware: They are physical devices that store your keys and never leave them. To do this, they connect via USB / OTG and your wallet passes the transaction to them so that the device signs it with the private key.
- They are one of the best options for this type of process.
- They are expensive.
- You can do the same, but with extra work, using another computer disconnected from the internet through what is known as «Transactions offline«:
- You create a new transaction on a computer connected to the Internet and with the Bitcoin wallet.
- You copy the transaction on a USB and sign it with the computer disconnected from the Internet.
- You use the USB again to bring the signed transaction to the computer connected to the Internet so that it can be sent to the network.
- It is an expensive process, but quite safe.
- In our Bitcoin Guide we have prepared a chapter on hardware wallets (recommended if you are interested in this route).
The concept of keeping private keys off the network can also be used for multi-signature address private keys, and at the same time they can be encrypted. In other words, some recommendations are combinable.
Think about your will
We do not want to be fatalistic, but it is important to consider all possibilities. Too much security without a plan B can be dangerous. In the event of a fatal event, the bitcoins you have stored over a lifetime may be completely lost. inaccessible even for your family members, because the place where you keep these private keys (and the passwords to decrypt the keys if you have encrypted them) is so private that nobody, apart from you, knows it.
This is a controversial point, because those same people in whom you leave your trust as a plan B could be the one who steals you.
In this case it may be a good idea to use the multi-signature wallet where you can create a configuration of copies of keys stored in safes or places that will be inherited after your death.
One of the great revolutions in this line is the Smart Contracts, which will be able to send your bitcoin to whoever you decide once you die.
Like everything in this life, single failure points are always bad when it comes to security. Think about it also when storing your private keys, but be careful not to neglect these other storage points.
How complicated!
Possibly, at this moment, you have in your mind something like: “Is it really that complicated? Do I have to have all this in my head to have bitcoin?
It all depends on how seriously you want to take the security of your bitcoins. Possibly the more bitcoin you want, the more security.
Our recommendation is to start from the simplest. If you are going to store a couple of hundred euros, do not complicate yourself as much: use a lightweight HD wallet on your computer (Electrum) or mobile phone (Mycelium or Copay). Back up the seed, encrypt it if you like, and save it well. Finally protect the wallet with a pin or password. With this you have something fairly safe, as long as you do not have the infected device, and it is a simple process that takes no more than 3 minutes to complete.
As an addition, and if you do not mind spending money, you can use a hardware device to store the keys (for example Trezor).
If you are going to store larger quantities, we recommend you create a cold wallet through a 2 of 3 multi-signature address (for example with Copay). If the amount to be stored is going to be very large, put two of the keys encrypted and printed on paper, safely and separately from each other. Do not use copay on the same computer to obtain the 3 keys, you must use for example: a tablet, a smartphone and a computer. Finally you eliminate the purse of two of the devices and only leave one in which it is most comfortable for you, for example the smartphone, to see the balance and even have the address at hand to send you funds, but you can never operate without one of the two other keys that you can load on time on another device.
I have been robbed, what do I do?
Remember that the movements of money in Bitcoin are irreversible, if they steal you, you cannot call any central authority to cancel the shipment and return you. Not the same Satoshi Nakamoto can do this.
Now, Bitcoin is not anonymous, it is a pseudonym, and the most important transparent and all movements are reflected, that is: they can be traced.
If your bitcoins have been stolen, you should contact the Police, specifically the Logical Security department (or its counterpart in your country), who is the one who specializes in these aspects.
It is true that it is a complex and slow task, and in very few cases the Police have managed to recover the bitcoins, but in recent months (and increasingly) international authorities in several dozen countries are already organizing themselves in the tracking and resolution of this type of case developing specific tools for the analysis of The blockchain.
Conclusion
Although the technology of Bitcoin is safe in itself and the main online wallets have improved a lot when it comes to security, you will never be 100% safe from the bad arts of hackers, thieves and friends of outsiders in general.
And it is that money, today, is not protected with weapons and security cameras, it is protected with mathematics.
As usual, common sense is also a good advisor when it comes to protecting your bitcoins.
Of course, the level of paranoia must always be commensurate with the amount of money to be handled and will depend on each one. Remember that in Bitcoin your bank is you, you take care of your security and you can define your own protocols.
Along with it and these 7 recommendations (some combinable), you will greatly limit the room for maneuver of anyone interested in getting your bitcoins.