|31. January 2021||Published|
All things considered, the weakest part of the majority of it systems is the human part, namely you and me. Let’s look at how to store secrets and what can be done to manage secrets efficiently with decent security in mind:
- Wallet Seed/Phrase
- Hardware wallets
- Recovery of lost secrets
The most annoying thing to handle are passwords for sure. Every service using any kind of user authentication want’s you to enter a password to identify yourself. There are some rules to follow to avoid the most common issues with passwords.
Don’t reuse passwords
Passwords should not be reused. Use different passwords for all user accounts you have, this includes your node’s root & operator user, your account on all crypto related sites like bitcointalk.org, etherscan.io and beaconcha.in.
Databases of public websites get compromised pretty often, in most cases users of those websites won’t even know and databases use weak or no encryption to store user information. If this happens there is a chance user accounts and their information get’s out on public forums and other people can use this information to get some more puzzle pieces like your node’s operator user name from a beacon log you posted on discord to figure out an issue you had with finding peers. In those logs might also be an IP address and a malicious attack on your node might only be a matter of time.
Some websites let you know if an account of you got compromised, e. g. https://haveibeenpwned.com/. Please don’t reuse your passwords.
Use password generators
There is a method to guess passwords, it’s called brute force and used quite often. Let’s reuse the scenario we used in the section above and say you didn’t use the same password, but almost the same (e. g. “stereum.net33” on one site and “stereum.net34” on the other). That’s not safe. It’s easy to guess. Use password generators.
Use password managers
There are downsides of password managers:
- Less common apps won’t provide much security and updates
- Backups are very important
- Loading the password database on a compromised device will make all passwords and accounts available to the attacker
And there are ups:
- Easy to use
- Only one password and/or key unlocks all your accounts
- Usable on different devices
Suggestions (do your own research!):
- Windows: https://keepass.info uses a database that’s readable with many different clients, it’s updated frequently, easy to use, notifies about updates
- MacOS: https://strongboxsafe.com/personal/ uses same database format as keepass, also easy to use
But how to store the database?
Make sure you store it on multiple locations, some suggestions:
- Locally on your daily driver laptop/computer (just make sure no other individuals have access to this file)
- In the cloud, but make sure your database is properly encrypted
- On a usb stick you keep safe (not physically available to other individuals)
Validator keys (e. g. generated by deposit-cli offline), ssh keys (for passwordless login), password database key (to unlock your password database without a master password), there are many keys that are simply impossible to remember. Some of them are encrypted (e. g. validator keys), others are not (e. g. wallet seed) and all of them have different risk levels.
High risk keys
Those keys need to be protected with caution, but are needed for operations and cause a lot of trouble when compromised but not getting your crypto funds stolen or your bank account emptied.
Best to store these easily accessible, e. g. in your password manager (some can also store and manage files) or on an encrypted drive or on the machine (e. g. staking node) you need them on.
Critical risk keys
Your wallet seed is considered a critical risk key. If someone finds out these 24 or 25 words they can use is to withdraw funds. These keys must be kept safe and should not be on a device accessible by other people or having a connection to the internet. Consider writing down or printing those keys on paper and store them safely in a secure manner. Nobody should be able to get to these except you.
Some prefer to have a “hot” wallet with a limited amount of coins on their phone or easily accessible on a device and another “cold” wallet that’s safe from every phishing or hacking attempt.
As discussed earlier it’s important to keep seeds/phrases as safe as possible for the majority of your funds.
There is no chance to notice a compromised seed for a Ethereum 2 wallet due to the fact that withdrawal of Ethereum 2 funds aren’t possible at the time of writing. Attackers will wait until phase 1.5 or 2 to be able to withdraw funds. But first an attacker needs to either wait for the rightful owner to exit the validator account or send the exit transaction themselves making the rightful owner aware of an attack.
Because of the long period of time to wait until withdrawals are possible it’s easy to store an Ethereum 2 wallet safely. Keep in mind if you want to fund more validator accounts later on you can easily generate the maximum amount of accounts you need already at the beginning, then fund them as you wish and start staking. It’s even possible to just put those unfunded validator accounts already on your staking node along with your funded accounts. The staking node will carefully observe the Ethereum 1 chain and wait for the correct deposit until staking while already staking with the funded accounts.
This means there is no reason to store your Ethereum 2 staking wallet on an online-device or on a usb stick in your working desk drawer. Print it out or write it on paper with your hands, store the paper as safely as possible.
Ledger or Trezor hardware wallets are secure and easy to use, there is no better way at the moment to manage a hot wallet. Even with your main device compromised it’s not possible for attackers to withdraw funds from your Ledger or Trezor device without you confirming the transaction on the Ledger or Trezor hardware wallet.
But be careful, devices can still be compromised with physical access. It’s work, and certainly not easy, but doable. Watch your devices, don’t show them to other people unless necessary.
Recovery of lost secrets
The most important part of every backup is how to recover it when the original is lost. In case you lost the sheet of paper with your Ethereum 2 wallet seed on it to a fire or water incident, have another one at another location ready. Think about using a technique like 3-2-1 (3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location) to store your backups and keep the backups as recoverable as possible.
Also test the recovery process, some suggestions:
- Can you restore your password manager database only by using your backup media?
- You go out and you loose everything in your home (fire, storm, burglary, …) how do you recover your bank account credentials and codes?
- Let’s say you lost your bag with your phone and hardware wallet. What do you do to get access to your crypto funds?