For the truly paranoid, there's really only one way to do something like this:
Purchase TWO "indestructable" USB sticks (i.e. waterproof, shock proof, etc)
Completely reformat these USBs (in case they were compromised before being put in the packaging. Seriously. 1 2
Using an open source password manager like KeepassXC, make TWO different password databases, one for your passwords, and one for your 2FA stuff (so not everything is in one database, or if that database is screwed then you're completely screwed).
Screenshot every single 2FA QR code and secret code and put it in your designated 2FA password manager database (yes they can have little files in the entries, not just passwords).
Using Veracrypt, make an encrypted volume on one of your USB sticks and put the 2FA database on there. Put this database in a safe place and destroy (read: completely erase with a tool like 'Eraser') any trace of the QR snapshots, as well as the database from your computer. Your second USB drive should at minimum have an encrypted backup of your password database so you don't lose it, and optionally the 2FA database in a HIDDEN VOLUME ONLY (this just ensures you have a backup).
Use ONLY an open source 2FA app like FreeOTP.
Ideally, do all of the above on an airgapped computer (or network disabled AppVM in Qubes) where the internet is not needed.
If you want to be truly safe, never never NEVER use a proprietary option when an open source option is available, even if it's more convenient. The steps I outlined take a bit longer, but in the end it's many times more secure (assuming of course very strong passwords on both password databases and Veracrypt volumes).
Just the two cents from a very privacy and security focused person. :)
If you need more backups, either do more USB sticks or store encrypted versions online somewhere. Never trust that a company doesn't have complete access to their database, or doesn't have a backdoor to any claimed encryption. Never trust in the competency of even a well-meaning company. There is story after story after story of people who have been shocked at the sheer incompetency of people who 'knew what they were doing'. Encrypt everything yourself with vetted open source software. Trust no one.
Paranoid crypto starting kit :P
Lol
The truly paranoiac would have a split secret between different devices: you have M devices and need N out of those to recover all your secrets.
Hmm something to think about
Thanks for sharing... I am still not convinced for decentralised exchange...r u?
Im sketchy on most of those as well.
Wow.. That seems excessive to me, but some might like it.
When you you have millions in crypto and live in a area with s high concentration of hackers you wouldn’t think so.
True indeed. And it probably will get worse when crypto becomes mainstream.
Really need to do some investigation about the storage of my cryptos. For the moment most of them are one the exchanges. I do now that's it not how it should be.
Tricky stuff. Imagine bitcoin at $50k, better believe hackers will come out in full force.
Very good post, thanks for sharing.
very useful tips sir, thanks for share.
very good information thanks
We should move to decentralized exchange as well .
I am heavily invested in DEX.
Good blog