You are viewing a single comment's thread from:
RE: Tomshwom's Advanced Crypto Security Guide (Part 2) - Wallet Analysis
My Ledger Nano s arrived today finally: https://steemit.com/cryptocurrency/@valderrama/my-ledger-nano-s-has-finally-arrived
I'm hoping I can set it up tonight.
Awesome, remember to store your seed securely!
I will store it in 1Password. :)
That's a pretty good idea, but for the sake of argument, it's possible that the seed will be picked up by a keylogger when you type it into the 1Password client, or sniffed from the clipboard if you copy/paste it. I'm not super familiar with 1Password's sync requirements, but you could try adding your seed to the client with your internet physically disconnected from your system. I would first download/update malwarebytes, disconnect from the internet, run malwarebytes to make sure nothing is found, put the seed into 1Password, reconnect to the internet and allow the local DB to sync to the cloud (if that's how 1Password works when offline).
Still, any time you access 1Password you are allowing potential keyloggers to pick up information that could directly or indirectly leak your seed. Because of this, I recommend using an offline password manager (1Password 4, KeePass) to store the seed and move the database to a flash drive (multiple for redundancy). Do this when your system is offline, making sure to reboot before and after you plug in and format the flash drive, then store the password to that database in your 1Password cloud. That way, your 1Password database can be compromised and you won't lose your funds, or your flash drive could be stolen but it will be useless without the password and your redundant backups will ensure you still have your seed.
Excellent remarks. I will definitely take this into consideration!
Also imagine your phone gets stolen in an unlocked state (or someone saw your pattern from five seats over). Now an attacker has access to your phone and likely your password manager (1Password) and hence your seed too.