Ask The Hive: How often do you backup your passwords and what is the process?
How often do you backup your passwords?
A sad prelude to this 'Ask The Hive' post which should hopefully inspire people to make sure they have a solid password backup and recovery process.
source
At the end of last year, a user here (Steem at the time) contacted me on Discord and said that their hard disk was fried and that they weren't sure their backups were up to date. They usually backed up their passwords to multiple USB sticks but on trying to use what they thought was the latest backup, were faced with the message of doom:
Users accustomed to account recoveries were contacted for help, each of the keys in the backup locations were tested, and the busted hard disk was removed and passed to a techie to try to recover the data.
All methods tried were unsuccessful, and the person has finally conceded that the account passwords are now lost.
I feel bad for them. They were/are aware that one copy of their passwords was not enough and that occasionally hard disks can corrupt. They had other locations offline for which to store multiple copies, but somewhere along the line the process of doing this failed.
The account name shall remain undisclosed, but I will tell you that they had over 60,000 STEEM (and now HIVE) in total, and a raft of various Steem/Hive-Engine tokens running into thousands of dollars. And, to make matters even worse, the account held all their Steem Monsters cards - over $15,000 worth at today's prices.
Very harsh, and the toughest of lessons learnt the hard way. Not only is it important to regularly backup your key information, you also need a good process to follow each time.
So, how often do you back up your critical files and data, where to, and what is the process?
Cheers
Asher
Not got an account yet? Sign up to Hive!
I try to at least have three offline backups. My laptop, a hardrive and my phone.
Three should be enough, right? As long as the process is solid you would have to be pretty damn unlucky to lose the lot in one go.
Probably not as often as I should... But I do it in multiple ways.
If I backup certain files on my computer, I usually transfer them to my phone and/or on of my old crappy laptop that barely runs. :D
A photo is pretty solid, as long as it's printed kept somewhere safe and done each time.
Another person with 3/4 locations, should be ok!
That's just a few of the things I've tried.
All this and still time to invent the wheel, you must get up really early in the morning.
Up with the sun again today, and I actually slept this time.
Been doing the same. Cracking the whiskey open at 3pm helps.
Had a beer the other day while golfing snowballs. That was fun.
Snow in May? Absurd!
Yes but I don't suggest writing your keys into the snow with urine because it eventually melts then turns into a puddle of lost hopes and dreams.
Sounds like a river I often take a trip to.
We've all been there. Nice place.
A bit posh: https://twitter.com/AIMStockWatcher/status/1259861322155601920
Why isn't anyone talking about using password protector services like Dashlane and Lastpass?
They are now :)
What's your process then? Do you back up the config file to various locations?
Yes I do. I back it up in my computer and my smartphone. But I also save them on a password protector service like Lastpass.
For non-serious passwords, I simply use ProtectedTexts. They're faster.
Sounds decent. I can't remember if Lastpass is a web service or something you can manage locally, and then copy the (presumably encrypted) master file to other locations.
I print it on paper. It is in a plastic waterproof contrainer which I keep in my fire box.
I also have small books in there for normal passcodes for non crypto apps etc. (I don't trust myself to write down complex codes, so I print most).
I then keep an encrypted copy on 2 usbs (7zip sha256 encryption for all password files) which I check once a month. Both are extra durable.
One is kept in my fire box, the other in my office at work in a locked drawer in a locked room. The one at work is additionally encrypted.
I have a procedure before I check them and update them on a computer that hasn't been connected to the net since I formatted it, it's alsonthe computer I use to print.
I also have a ledger nano S for crypto. My passphrase for that is engraved on steel plates. I tested it recently.
Additionally, I have other security measures I don't want to get into. However, I ain't losing a password.
Sounds like you are all over it!
How long does it take to update everything when say you update your keys here?
For Hive, 1 min. I only make the 1 usb .zip file immediately and update keychain and my phone wallet because we have a month recovery incase I screw up in the meantime. I can check it on my offline computer later. Soon I'll figure out Hive for ledger since neteuso made something for this.
Yeah, I forget about the month recovery but don't plan on having to use it if at all possible.
I've seen Hive for Ledger being mentioned, not sure if it's a part of the Vessel redevelopment.
I rarely backup my stuff mostly it's just copied to a second drive on my computer, As for my passwords they are all stored in a google doc stored on google drive.
Hmmm. Well Google probably wont lose your files, so as long as you have the password for them safe, it's an option. Personally I've opted against them having a copy of my keys - not sure what the consensus is here.
I do it every day - I have a program set up to automatically copy and sync a file from a password-manager (encrypted of course) to other harddrives on other computers. So I have several harddrives on several computers and also external harddrives with the same files. And also some usb sticks.
I'm also planning on adding a cloud backup of the same files. Then I will first encrypt the password-manager file with a (>128 bit) password on an airgapped computer running a live-dvd of linux. I also use the same airgapped setup when accessing my crypto cold-storage.
Nice. Above and beyond what most people are doing I think, Sounds like you have a lot of copies, and so a bit of automation is helping save some time and stress, as long as you got it set-up right :)
Not going into detail, but I use encrypted online backups and various offline backups, on paper and USB, including some in a safe deposit box in a former bank vault. I've learned that losing a key is a greater risk than having it stolen. Luckily, that was just a small amount of shitcoins like Peerplays, and one Steem account I never saved the password for.
And of course, keeping it on an exchange is a greater risk than keeping it on your own wallet.
I don't trust password managers, which are a single point of failure. I should mention that they're generally recommended by information security professionals.
You sound pretty sorted.
I'm not a huge fan of password managers, although you can presumably take a backup of the storage file which would likely be encrypted.
Trying to get our keys by seeing the physical location?
It's on a USB disk that's encrypted and I plan on taking to the bank and putting it in a safety deposit box(I get one for free from my bank) once corona is over.
Huh? lol. No I'm not after anyone's keys if that's what you mean!?
One stick or more? Keeping one 'off-site' in a secure location sounds like a plan.
Meant it as a joke. See where people keep their keys and go after them :).
But yea, offsite storage is safest. Its on one for now, but I should defiantly increase it since they are so tiny.
:D
If I ever found some keys or cash, i'd try to return it (and hopefully get a reward!).
I think 2 offline is the minimum, but that's what I have at present.
I guess I only backed up my passwords once, on a USB stick. It's a good reminder though. What would you suggest as the best option, and quite accessible for a non technical guy?
Once is better than not at all!
I would go for at least two offline backups, USB sticks in different locations. And If you have a printer, a copy on paper too in a safe or somewhere hidden.
There are a couple of replies here which make me think that is not enough, but I think for most it should be ok.
A copy on paper seems so obvious but haven't yet done that. Makes sense, USB and paper could be the most at hand options for me .
As long as what is kept offline is updated when you get new passwords or change the others, I think that's a pretty decent set up - until you have 1 million hive :)
Do passwords change on Hive?
Only if you or someone with your master password makes the change.
The Steem passwords were carried over, but if you change your passwords on Hive or Steem, they will not change in unison.
It's funny that I can only reveal in my wallet my private active key. I don't get why the others are hidden.
You can reveal them all on peakd, but you'll need the master passowrd.
OK. Thanks. I realized that I have them all from Steem but I don't know if they're the same.
Yes they will be unless you have changed them in the meantime :)
I didn't. Alleluia Alleluia Alleluia Alleluiaaaaa
Unfortunately, I copy all the important files when it's too late :)
All except the keys STEEM \ NIVE they are in my possession on paper.
lol. That's a lot of files.
A paper copy is a good plan - fire proof safe? :)
I did not think about it ...
Having lost 25 Bitcoin, let's just say I've learned a thing or two... (This was back when the BTC price was around $1, so nobody worried about it too much at the time).
Ouch. Although probably better it was back then instead of now. Did you buy 25 more or spend it on a 24 pack of beer? :)
Lol! Too cash poor at the time. I started mining in my computer (you could still do that back then) then deposited the Bitcoin on Mt. Gox. we all know what happened to them...
Harsh :(
I've mentioned this before, but back in 2009/10 I bought parts for a new rig and this time let the small shop I favored put it together for me. On collection he asked what I wanted this (rather chunky rig at the time) for, and asked if I was going to mine BTC. I just laughed and said, it's only 15 cents, I'll just buy some. Yeah that didn't happen :)
I usually back up every month, I have a keypass database which is kept on my system as well as in my hard drive. That keypass database takes the master password which is usually stored on my memory or in a pendrive.
I try to do monthly at the beginning of the month. Depending on your process, it can be a chore, but totally essential. Sounds like you have a decent set-up :)
I kept all my passwords in an excel spreadsheet and notepad. never copied outside my computer. On seeing all the comments I think I have to take the necessary steps...at least to a USB
Yeah I think you should - if the computer is stolen or sets on fire...
It's advised that the master passwords should be offline only and I would get a couple of USB sticks.
cabbage
Sorry, the password must be more than 8 characters.
boiledcabbage
Sorry, the password must contain 1 numerical character.
1 boiled cabbage
Sorry, the password cannot have blank spaces
50fuckingboiledcabbages
Sorry, the password must contain at least one upper case character.
50FUCKINGboiledcabbages
Sorry, the password cannot use more than one upper case character consecutively.
50FuckingBoiledCabbagesShovedUpYourArse.IfYouDon’tGiveMeAccessImmediately
Sorry, the password cannot contain punctuation.
NowIAmGettingReallyPissedOff50FuckingBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessImmediately
Sorry, that password is already in use.
Ha!
Damn right it's already in use, but I am changing it sharpish!
That's so brit, Ash :)
Not to worry, it's fine, I am British after all :)
Alright.... here is the rest then :)
“Perfect.”
— Translation: Well that’s that, ruined then.
“A bit of a pickle.”
— Translation: A catastrophically bad situation with potentially fatal consequences.
“Not too bad, actually”
— Translation: I’m probably the happiest I’ve ever been.
“Honestly, it doesn’t matter.”
— Meaning: Nothing has ever mattered more than this.
“You’ve caught the sun.”
— Translation: You look like you’ve been swimming in a volcano.
“That’s certainly one way of looking at it.”
— Translation: That’s certainly the wrong way of looking at it.
Saying, “I have the 5p if it helps?” and never being quite sure if it helps.
“If you say so.”
— Translation: “I’m afraid that what you’re saying is the height of idiocy.”
“With all due respect.”
— Translation: You have absolutely no idea what you’re talking about.
Saying “you’re welcome,” as quietly as possible, to people that don’t say thank you, but using it as a form of punishing them.
Meanings of “I beg your pardon?”
I didn’t hear you.
I apologise (apologize).
What you’re saying is making me absolutely livid.
“It could be worse.”
— Translation: It couldn’t possibly be any worse.
“Each to their own.”
— Translation: You’re wrong, but never mind.
“Pop round anytime.”
— Translation: Please stay away from my house.
“I’m just popping out for lunch, does anyone want anything?”
— Translation: I’m getting my own lunch now, please remain silent.
Saying, “I might get some cash out actually,” despite approaching the cash machine and being 100% certain of getting cash.
“No, no, honestly, my fault.”
— Translation: It was exceedingly your fault and we both know it.
“No, yeah, that’s very interesting.”
— Meaning: You are boring me to death.
“Just whenever you get a minute.”
— Translation: “Now! You silly cow!”
“No harm done.”
— Translation: You have caused complete and utter chaos.
“I’m sure it’ll be fine.”
— Translation: I fully expect the situation to deteriorate rapidly.
“Sorry, I think you might have dropped something.”
— Meaning: “You have definitely dropped that specific item.”
Pretty accurate!
I've said many of those and the meaning is as described :)
The reason crypto won't get mainstream right here.
Too easy to lose it all?
Too complicated with keys and passwords for an average web user.
Yep! I have them on four usb sticks. one hidden so far away the even my wife won't find it lol.
The problem is that I will forget where I stashed it. Another lol.
haha :)
Well yes, you need to be able to find them to update or in case of an emergency!
Well let's just pray that it wouldn't come that Ash.
Touch wood!
I've sent all of mine, via Facebook, to my friends so have multiple copies all over the place that I can access when required.
(Not really of course.)
I have mine printed and stored in my safes. Seems fairly secure.
Yep, deffo good enough. Does Bro get trusted with a copy? :)
Nah, he hasn't got a copy although I was going to take him a copy when therein July. Will have to work out a way to send it securely. He needs to though, otherwise if /when I die Faith won't know what to do.
I use a remote back up service for my computer, but I do not include my password files in my back ups because I worry that if someone hacked the backup software, they would get everything.
I keep a back up of passwords on an an external hard drive that I keep at home. I also have an encrypted copy on a secret drive on a remote server.
I was thinking about storing a print out of my most important passwords in a safety deposit box, but I am not sure how safe safety deposit boxes really are.
Of course, it is also possible to encrypt strings of text before printing them out.
It is best to limit the number of backups you make. Just make sure one is remote.
I would worry about using external back up programs because it is super easy to accidentally expose the data on an external back up drive.
Sounds like a good system you have.
Yes there is a potential downside of having many backups in that you increase (a little) the chance of one being found. A remote backup though is a good plan.
Once a week I do backup. I use KeePass and the database is backed up on two hard disks (outside the system) and on a pendrive.
Sounds good to me. I like the idea of a regular planned backup.
all the time but i wont share it
Must be a complex procedure with all those alts :D
I am using Samsung pass or Google Chrome for this
And an offline backup?
I don't understand or have information about that
usually only online backups with drive and keeping a hard copy at the safest place but not very often
Weekly.
I print it out and keep one in a safe, one in a firebox and one in another location. I gave a copy to my "person" with the step by step instructions on how to power down, move money, and get it out, should something untimely happen to me.