How often do you backup your passwords?
A sad prelude to this 'Ask The Hive' post which should hopefully inspire people to make sure they have a solid password backup and recovery process.
source
At the end of last year, a user here (Steem at the time) contacted me on Discord and said that their hard disk was fried and that they weren't sure their backups were up to date. They usually backed up their passwords to multiple USB sticks but on trying to use what they thought was the latest backup, were faced with the message of doom:
Users accustomed to account recoveries were contacted for help, each of the keys in the backup locations were tested, and the busted hard disk was removed and passed to a techie to try to recover the data.
All methods tried were unsuccessful, and the person has finally conceded that the account passwords are now lost.
I feel bad for them. They were/are aware that one copy of their passwords was not enough and that occasionally hard disks can corrupt. They had other locations offline for which to store multiple copies, but somewhere along the line the process of doing this failed.
The account name shall remain undisclosed, but I will tell you that they had over 60,000 STEEM (and now HIVE) in total, and a raft of various Steem/Hive-Engine tokens running into thousands of dollars. And, to make matters even worse, the account held all their Steem Monsters cards - over $15,000 worth at today's prices.
Very harsh, and the toughest of lessons learnt the hard way. Not only is it important to regularly backup your key information, you also need a good process to follow each time.
So, how often do you back up your critical files and data, where to, and what is the process?
Cheers
Asher
Not got an account yet? Sign up to Hive!
I do it every day - I have a program set up to automatically copy and sync a file from a password-manager (encrypted of course) to other harddrives on other computers. So I have several harddrives on several computers and also external harddrives with the same files. And also some usb sticks.
I'm also planning on adding a cloud backup of the same files. Then I will first encrypt the password-manager file with a (>128 bit) password on an airgapped computer running a live-dvd of linux. I also use the same airgapped setup when accessing my crypto cold-storage.
Nice. Above and beyond what most people are doing I think, Sounds like you have a lot of copies, and so a bit of automation is helping save some time and stress, as long as you got it set-up right :)
Not going into detail, but I use encrypted online backups and various offline backups, on paper and USB, including some in a safe deposit box in a former bank vault. I've learned that losing a key is a greater risk than having it stolen. Luckily, that was just a small amount of shitcoins like Peerplays, and one Steem account I never saved the password for.
And of course, keeping it on an exchange is a greater risk than keeping it on your own wallet.
I don't trust password managers, which are a single point of failure. I should mention that they're generally recommended by information security professionals.
You sound pretty sorted.
I'm not a huge fan of password managers, although you can presumably take a backup of the storage file which would likely be encrypted.
I print it on paper. It is in a plastic waterproof contrainer which I keep in my fire box.
I also have small books in there for normal passcodes for non crypto apps etc. (I don't trust myself to write down complex codes, so I print most).
I then keep an encrypted copy on 2 usbs (7zip sha256 encryption for all password files) which I check once a month. Both are extra durable.
One is kept in my fire box, the other in my office at work in a locked drawer in a locked room. The one at work is additionally encrypted.
I have a procedure before I check them and update them on a computer that hasn't been connected to the net since I formatted it, it's alsonthe computer I use to print.
I also have a ledger nano S for crypto. My passphrase for that is engraved on steel plates. I tested it recently.
Additionally, I have other security measures I don't want to get into. However, I ain't losing a password.
Sounds like you are all over it!
How long does it take to update everything when say you update your keys here?
For Hive, 1 min. I only make the 1 usb .zip file immediately and update keychain and my phone wallet because we have a month recovery incase I screw up in the meantime. I can check it on my offline computer later. Soon I'll figure out Hive for ledger since neteuso made something for this.
Yeah, I forget about the month recovery but don't plan on having to use it if at all possible.
I've seen Hive for Ledger being mentioned, not sure if it's a part of the Vessel redevelopment.
I use a remote back up service for my computer, but I do not include my password files in my back ups because I worry that if someone hacked the backup software, they would get everything.
I keep a back up of passwords on an an external hard drive that I keep at home. I also have an encrypted copy on a secret drive on a remote server.
I was thinking about storing a print out of my most important passwords in a safety deposit box, but I am not sure how safe safety deposit boxes really are.
Of course, it is also possible to encrypt strings of text before printing them out.
It is best to limit the number of backups you make. Just make sure one is remote.
I would worry about using external back up programs because it is super easy to accidentally expose the data on an external back up drive.
Sounds like a good system you have.
Yes there is a potential downside of having many backups in that you increase (a little) the chance of one being found. A remote backup though is a good plan.
I rarely backup my stuff mostly it's just copied to a second drive on my computer, As for my passwords they are all stored in a google doc stored on google drive.
Hmmm. Well Google probably wont lose your files, so as long as you have the password for them safe, it's an option. Personally I've opted against them having a copy of my keys - not sure what the consensus is here.
Probably not as often as I should... But I do it in multiple ways.
If I backup certain files on my computer, I usually transfer them to my phone and/or on of my old crappy laptop that barely runs. :D
A photo is pretty solid, as long as it's printed kept somewhere safe and done each time.
Another person with 3/4 locations, should be ok!
That's just a few of the things I've tried.
All this and still time to invent the wheel, you must get up really early in the morning.
Up with the sun again today, and I actually slept this time.
Been doing the same. Cracking the whiskey open at 3pm helps.
Had a beer the other day while golfing snowballs. That was fun.
Snow in May? Absurd!
Yes but I don't suggest writing your keys into the snow with urine because it eventually melts then turns into a puddle of lost hopes and dreams.
Why isn't anyone talking about using password protector services like Dashlane and Lastpass?
They are now :)
What's your process then? Do you back up the config file to various locations?
Yes I do. I back it up in my computer and my smartphone. But I also save them on a password protector service like Lastpass.
For non-serious passwords, I simply use ProtectedTexts. They're faster.
Sounds decent. I can't remember if Lastpass is a web service or something you can manage locally, and then copy the (presumably encrypted) master file to other locations.
I guess I only backed up my passwords once, on a USB stick. It's a good reminder though. What would you suggest as the best option, and quite accessible for a non technical guy?
Once is better than not at all!
I would go for at least two offline backups, USB sticks in different locations. And If you have a printer, a copy on paper too in a safe or somewhere hidden.
There are a couple of replies here which make me think that is not enough, but I think for most it should be ok.
A copy on paper seems so obvious but haven't yet done that. Makes sense, USB and paper could be the most at hand options for me .
As long as what is kept offline is updated when you get new passwords or change the others, I think that's a pretty decent set up - until you have 1 million hive :)
Do passwords change on Hive?
Only if you or someone with your master password makes the change.
The Steem passwords were carried over, but if you change your passwords on Hive or Steem, they will not change in unison.
It's funny that I can only reveal in my wallet my private active key. I don't get why the others are hidden.
Trying to get our keys by seeing the physical location?
It's on a USB disk that's encrypted and I plan on taking to the bank and putting it in a safety deposit box(I get one for free from my bank) once corona is over.
Huh? lol. No I'm not after anyone's keys if that's what you mean!?
One stick or more? Keeping one 'off-site' in a secure location sounds like a plan.
Meant it as a joke. See where people keep their keys and go after them :).
But yea, offsite storage is safest. Its on one for now, but I should defiantly increase it since they are so tiny.
:D
If I ever found some keys or cash, i'd try to return it (and hopefully get a reward!).
I think 2 offline is the minimum, but that's what I have at present.
Having lost 25 Bitcoin, let's just say I've learned a thing or two... (This was back when the BTC price was around $1, so nobody worried about it too much at the time).
Ouch. Although probably better it was back then instead of now. Did you buy 25 more or spend it on a 24 pack of beer? :)
Lol! Too cash poor at the time. I started mining in my computer (you could still do that back then) then deposited the Bitcoin on Mt. Gox. we all know what happened to them...
Harsh :(
I've mentioned this before, but back in 2009/10 I bought parts for a new rig and this time let the small shop I favored put it together for me. On collection he asked what I wanted this (rather chunky rig at the time) for, and asked if I was going to mine BTC. I just laughed and said, it's only 15 cents, I'll just buy some. Yeah that didn't happen :)
I've sent all of mine, via Facebook, to my friends so have multiple copies all over the place that I can access when required.
(Not really of course.)
I have mine printed and stored in my safes. Seems fairly secure.
Yep, deffo good enough. Does Bro get trusted with a copy? :)
Nah, he hasn't got a copy although I was going to take him a copy when therein July. Will have to work out a way to send it securely. He needs to though, otherwise if /when I die Faith won't know what to do.
Yep! I have them on four usb sticks. one hidden so far away the even my wife won't find it lol.
The problem is that I will forget where I stashed it. Another lol.
haha :)
Well yes, you need to be able to find them to update or in case of an emergency!
Well let's just pray that it wouldn't come that Ash.
Touch wood!
Once a week I do backup. I use KeePass and the database is backed up on two hard disks (outside the system) and on a pendrive.
Sounds good to me. I like the idea of a regular planned backup.
I kept all my passwords in an excel spreadsheet and notepad. never copied outside my computer. On seeing all the comments I think I have to take the necessary steps...at least to a USB
Yeah I think you should - if the computer is stolen or sets on fire...
It's advised that the master passwords should be offline only and I would get a couple of USB sticks.
I try to at least have three offline backups. My laptop, a hardrive and my phone.
Three should be enough, right? As long as the process is solid you would have to be pretty damn unlucky to lose the lot in one go.
I usually back up every month, I have a keypass database which is kept on my system as well as in my hard drive. That keypass database takes the master password which is usually stored on my memory or in a pendrive.
I try to do monthly at the beginning of the month. Depending on your process, it can be a chore, but totally essential. Sounds like you have a decent set-up :)
The reason crypto won't get mainstream right here.
Too easy to lose it all?
Too complicated with keys and passwords for an average web user.
I am using Samsung pass or Google Chrome for this
And an offline backup?
I don't understand or have information about that
A bit posh:
Unfortunately, I copy all the important files when it's too late :)
All except the keys STEEM \ NIVE they are in my possession on paper.
lol. That's a lot of files.
A paper copy is a good plan - fire proof safe? :)
I did not think about it ...
all the time but i wont share it
Must be a complex procedure with all those alts :D
usually only online backups with drive and keeping a hard copy at the safest place but not very often
Weekly.
I print it out and keep one in a safe, one in a firebox and one in another location. I gave a copy to my "person" with the step by step instructions on how to power down, move money, and get it out, should something untimely happen to me.