Security Foundations: How to Secure Your Wallet Recovery Phrase for Cryptocurrency Wallets




About this tutorial:

Video duration: 01:34:26
CIA Triad

Bruce Schneier

(hacking society)
(Security Mindset)

Steve Gibson

BIP39 Standard

PGP RFC and Tools

Secure Operating…

Post Author: OfficeTutes.com

Apple lover, ICT and LEAN consultant, MS Office lecturer My other website with video tutorials - Tutorials, guides and news for iPhones and iPads

47 thoughts on “Security Foundations: How to Secure Your Wallet Recovery Phrase for Cryptocurrency Wallets

    Elizabeth Woods

    (September 11, 2020 - 10:04 pm)

    After watching, this episode, this will put onto good sleep tonight my old brain is overload with thus security informations no doubt I will watch this a few more time to follow it throuhg I have all the security gadget ready to go. Thanks Charles.

    Danny Mack

    (September 11, 2020 - 10:04 pm)

    I recommend @cybersmooth on instagram he helped me recover my blockchain password thanks to him

    Andre Donald

    (September 11, 2020 - 10:04 pm)

    Leonard_hacker06 on Instagram helped me recover my bitcoin wallet password for me. The guy is legit. Follow him up guys

    John Smith

    (September 11, 2020 - 10:04 pm)

    Am really happy right now because hackpinky on Instagram got me 4btc on my Bitcoin wallet. 🤭

    John Smith

    (September 11, 2020 - 10:04 pm)

    Am really happy right now because hackpinky on Instagram got me 4btc on my Bitcoin wallet. 🤭

    John Smith

    (September 11, 2020 - 10:04 pm)

    Am really happy right now because hackpinky on Instagram got me 4btc on my Bitcoin wallet. 🤭

    John Smith

    (September 11, 2020 - 10:04 pm)

    Am really happy right now because hackpinky on Instagram got me 4btc on my Bitcoin wallet. 🤭

    PaulRevere RidesAgain

    (September 11, 2020 - 10:04 pm)

    lol…Ok, 2 questions. #1 What? and # 2, What if i die? Love Cardano btw, this video shows just how incredibly intelligent this man and folks like him truly are…

    CryptoTimesNow

    (September 11, 2020 - 10:04 pm)

    I got an error at Installing Kleopatra from USB bootable UBUNTU. I had to connect to the Internet and disconnect after I installed the Kleopatra.

    How can we fix this issue without connecting to the Internet?

    I'm referring at https://youtu.be/fqrAzBAi64c?t=2909

    The error I got:
    sudo apt-get install -y Kleopatra

    Reading package lists… Done
    Building dependency tree

    Reading state information… Done

    E: Unable to locate package Kleopatra

    Fix I applied:
    1. Connect to the Internet
    2. Run the following commands
    a. sudo add-apt-repository universe
    b. Sudo add-apt-repository multiverse
    3. Sudo apt update
    4. Sudo apt-get install -y kleopatra
    Disconnect from the Internet

    More details at https://itsfoss.com/unable-to-locate-package-error-ubuntu/

    Rita Shine

    (September 11, 2020 - 10:04 pm)

    When you make the right decisions and take the right steps in the bitcoin trading, the chances of losing your funds becomes slimmer and almost impossible especially when you invest with an expert like Mr Chris Dave …

    Adejo Isaac

    (September 11, 2020 - 10:04 pm)

    All thanks to flashtoolz on instagram he help me recovered my bitcoin wallet

    Robertson Greg

    (September 11, 2020 - 10:04 pm)

    I highly recommend SUCCESSTOOLS77 on Instagram he is the best hacker I have ever seen he is the trust worthy hacker he help me recover my coins

    Betish Vanessa

    (September 11, 2020 - 10:04 pm)

    I contacted major_pro1 on IG and he got me in my blockchain after I forgot my password

    Betish Vanessa

    (September 11, 2020 - 10:04 pm)

    I contacted major_pro1 on IG and he got me in my blockchain after I forgot my password

    Matthew Stanislaw

    (September 11, 2020 - 10:04 pm)

    Unbelievable that you are just now making it to 30k subs on youtube…still flying under the radar which is how it ought to be for NOW….but soon enough we'll be knocking on the doors of Eth and Btc…since the others didnt let us in we had to roll over them…the same thing will happen with those…we don't need anyone to let us in cuz we're building our OWN house…brick by brick

    John William

    (September 11, 2020 - 10:04 pm)

    brantech on IG helped restored my BTC wallet

    John William

    (September 11, 2020 - 10:04 pm)

    brantech on IG helped restored my BTC wallet

    darshinii RK

    (September 11, 2020 - 10:04 pm)

    7 6 5 5 0 7 3 5 1 5 help me recover my Bitcoin back from a scammer who scammed me off

    Anna Jayson

    (September 11, 2020 - 10:04 pm)

    My wallet gave me issues could not fix it for days fancybear_cyberr helped me got through.

    ALI FAITH

    (September 11, 2020 - 10:04 pm)

    Just got help from fancybear_cyberr on instagram wallet problem solved

    Greg Jane

    (September 11, 2020 - 10:04 pm)

    I’m greatful to fancybear_cyber on instagram help out with my wallet

    Anthony Cole

    (September 11, 2020 - 10:04 pm)

    Fancybear_cyberr on insta just solved my problem ✔️

    Mark Engelberg

    (September 11, 2020 - 10:04 pm)

    I find it unclear what you do if you lose your yubikey. The double-encrypted file requires the yubikey to decrypt, so what happens if the yubikey is destroyed?

    emlortnoc tonod

    (September 11, 2020 - 10:04 pm)

    Charles what is the best book to get prepared for CISSP?

    emlortnoc tonod

    (September 11, 2020 - 10:04 pm)

    Charles you are a great human being. This video will improve the security life of millions people.

    Betish Vanessa

    (September 11, 2020 - 10:04 pm)

    I contacted major_pro1 on IG and he got me in my blockchain after I forgot my password

    Tine Rižnar

    (September 11, 2020 - 10:04 pm)

    @Charles Hoskinson What I do not understand is: What happens to master-password if you lose yubikey. Master-password is SALT+YOUR password. So if I didn't miss anything, you are now fucked, since all other accounts such as (email, bitwarden, lastpass) require master-password. So lose the yubikey and its game-over? I think you are brilliant Charles but it feels like this whole strategy is purely depended on ones ability to NOT lose the yubikey. To be honest, I would rather risk forgetting the password then losing yubikey. IN my mind the chances of losing a yubikey far exceed the chance of forgetting the password. As for the password, i suggest picking 3 different poets, and just memorizing the 3poems (which is super easy, and you cannot forget it at all. SO your Salt is then 3 random poems + your password (2word + 10 numbers).
    After all, security is only as good as its weakest link– And yubikey in my opinion is extremely weak link, since people lose keys and phones all the time, now imagine that you lose keys to your house and thats it, never again will you be able to enter your own house. What is worse and is borderline retarded (not calling you retarded, I have utmost respect for you – just idea seems bad in this case) is that according to yubikey website, THERE IS NO WAY OF BACKING UP A YUBIKEY. What is even worse, is that internet is full of people whose yubikey simply stop working due to overheating or a bad usb port. Which means, you do not even have to lose yubikey, basically its enough just to leave it in a car with your keys on a hot summer day, and your crypto is gone forever. We need a better solution, this one is pretty complicated for noob ( meaning 90% of crypto users) and those 10% like me and you, end up wasting quite a lot of time setting up a system that is wholly depended on a link that is profoundly weak ( not from a hacking standpoint, I completely agree its as secure as it gets in this regard), you can lose it super easily, it can get damaged , and unlike a paper wallet, you cannot even back it up. I think its perfectly fine using yubikey as 2fa when using exchanges( since even if you lose your key, the exchange can help recover the funds) , but for everything else it is gambling, pure and simple. And as ingenious as yubikeys are, they have their limits, and in this situation the limits are pretty obvious.

    Alex K

    (September 11, 2020 - 10:04 pm)

    Charles are 3rd party softwares, with closed sources, outside of your threat model or are you aiming the demonstration at what most people are more likely to adopt? 🙂

    Using lastpass / google authenticator / Windows you are trusting their code not to be tampered with by Gov actors – something which one should find hard to do after the Snowden leaks… Often people have governments outside of their threat model, but once some zero-day is known – everybody can use it, whether a gov actor put it there or not is irrelevant. Browser add-ons are challenging for the same reason – for a passmanager plugin to fill your password field, it needs to parse html of every site you are browsing – you are trusting the plugin code to not send data off elsewhere at that point.

    In the case of a google authenticator on a google android phone the seeds may as well be accessible to the operating system's storage – something other apps (including a lastpass app) have unlimited access to, once they get "storage access" permissions.

    I think a better recommendation, starting off at a secure foundation you mentioned with the live system, could be keepassxc and freeotp+, combined with the database on your private cloud storage or public cloud (ideally encrypted client-side in this case) and hardware similar to Librem phones/notebooks.

    Sine Asli

    (September 11, 2020 - 10:04 pm)

    The security courses need to take into consideration the user. I would love to have a sectioned, shortened version. No more than 10 minutes each section. With better graphics. The biggest obstacle for the adoption of blockchain technology is the user's ability to secure it. particularly in Africa. Hopefully, eventually, it will become part of our education and upbringing.

    tubefish666

    (September 11, 2020 - 10:04 pm)

    As often can be seen, the most important lectures have a low view count while BS distributers are getting 100000 of views 😉 Charles's course about securing your crypto system is a must see for everyone who has to defend against loss of security/wealth.

    If you are waiting until your crypto accounts/email addresses which are "secured" by SMS 2FAs are taken over by script kiddies, then you at least can whine on Twitter about your lost wealth 😉

    Dimitri Katsaros

    (September 11, 2020 - 10:04 pm)

    There are a couple of barriers to entry and one big weakness to usability:
    1.) I don't see this being used by people who are not technically-minded. Think of that relative or friend that is always calling you for tech support.
    2.) For those who can implement these measures *now*, one's mind is the weakness. It may be easy to remember those passwords now, but what about memory loss as one ages, gets into an accident, or — the worst — dies. All of that incredibly secured crypto is now incredibly unrecoverable.

    Brad wills

    (September 11, 2020 - 10:04 pm)

    To convert your non spendable btc back to spendables go to Davidhack0_ on !G

    Brad wills

    (September 11, 2020 - 10:04 pm)

    i got my non spendable btc changed to spendables with the help of Davidhack0_ on !G

    Brad wills

    (September 11, 2020 - 10:04 pm)

    Davidhack0_ on !G helped me unlock my non spendable btc, He's the best out there

    William Diaz

    (September 11, 2020 - 10:04 pm)

    Thank you, this information will help ma lot of people.

    Matthew Moon

    (September 11, 2020 - 10:04 pm)

    Thank you, Charles! Opinion: I would think that using a large safe to secure the Apricorn flash drive wouldn't really be necessary. With its PIN and tamperproof design, why go through all the trouble with a large safe? They're cumbersome and need to be locked down or installed in a wall, etc. I would store it in a small safe in a drawer or something similar. If stolen, it's unusable to the thief, except for resetting it and using for himself. All the data on it is duplicated elsewhere.

    Ian Hignett

    (September 11, 2020 - 10:04 pm)

    Brilliant Charles. This is exactly what I needed. Thanks.

    MsANGLEPOISE

    (September 11, 2020 - 10:04 pm)

    Charles, pls Can you put the "blackboard" on a file available for download. To be able to "zoom out" a bit on the procedure to follow . There is a lot of info. thanks in anticipation

    Cole Cramer

    (September 11, 2020 - 10:04 pm)

    This method may be fatal if you lose your yubikey and ledger together you might lose everything and be locked out? Please verify!

    I am attempting the scenario of a lost yubikey, what I am reading is once you put the keys on the smartcard you cannot remove them like he explained you could at 1:14:03

    I tried taking these “cold secret keys” from the time stamp back into Kleopatra without the yubikey like he says to do here: 1:24:37 and it did not work. Everything I am reading about creating a backup yubikey for PGP says you must import keys into them and have the backup saved separately before you do this because you will not be able to get the backup once it’s on the smart card. This could lead to the scenario where you are unable to unlock your keys.gpg file if you lost your yubikey using the method Charles described.

    mike robinson

    (September 11, 2020 - 10:04 pm)

    Good video

    James Buchanan

    (September 11, 2020 - 10:04 pm)

    So how do i using lastpass in my secure enclave?

    Olufemi Steven

    (September 11, 2020 - 10:04 pm)

    Thanks for the lecture. Atomicwallet.io also taught me how to protect my wallet recovery phrase.

    Lemonade

    (September 11, 2020 - 10:04 pm)

    Voldemort should have watched this video, and his horcruxes would have been safe.

    BryRi

    (September 11, 2020 - 10:04 pm)

    there's some good content on the AtomicWallet.io blog that also talks about this topic.

    Grego Arsa

    (September 11, 2020 - 10:04 pm)

    This is awesome Charles! The corporate employees in Amazon also use both these Yubikey + FIPS to work remotely.

    Morad Afellad

    (September 11, 2020 - 10:04 pm)

    Love the video and the security it brings to the table. For those who started to play with this. I've run into an issue where I was not able to download kleopatra. After some search I had to type following command. sudo add-repository universe

    Bobby Fischer

    (September 11, 2020 - 10:04 pm)

    This might be a stupid question but isnt it the safest to just write your recovery prhase down on a piece of paper?

Leave a Reply

Your email address will not be published. Required fields are marked *