Here’s how safe it is to store crypto private keys in password managers:
Using a password manager for a crypto private key is not the most secure option available, but it’s probably more secure than the majority of techniques.
The major risk is that your account with the manager could be compromised.
The very best option is to store the private key completely offline.
So if you want to learn all about the security of saving crypto private keys in Last Pass or Dashlane, then this article is for you.
Let’s jump right into it!
What Is Crypto?
Crypto is a simple word that can apply to a lot of things:
In this case, we’re talking about cryptocurrency.
If you aren’t quite familiar, cryptocurrency is a form of digital money that isn’t controlled by countries or centralized banks.
Bitcoin is the most popular cryptocurrency in the world, but there are actually many different currencies in this category.
If you have Bitcoin or coins of any other cryptocurrency, then that’s the focus of today’s conversation.
Considering all of that, cryptocurrency can actually be extremely valuable, and you want to be sure you can secure it.
Today, you’re going to learn how that works.
What Is a Private Key?
Since cryptocurrency is digital, you need a way to prove that any given currency is yours.
For this, there are things called digital wallets.
These are basically programs that store the very long, complicated identifiers for digital coins.
That’s getting out of hand.
Let’s simplify the idea.
If you look at a dollar bill (or any currency bill), you can see that it has a serial number.
Digital coins also have serial numbers (although they’re a bit more complicated).
Your digital wallet stores the serial numbers for each and every coin that you possess.
That’s how you can prove that the money really is yours, and you have to be able to provide proof in order to spend cryptocurrency.
What does that have to do with a private key?
Well, the private key is the special passphrase that you can use to unlock the digital wallet.
The serial numbers on the digital coins are assigned by the program that runs the currency.
The private key is a passphrase that only applies to you and your wallet.
It’s kind of like having a safety deposit box in your own computer.
The wallet is the safety deposit box.
While the money inside the box has its own serial numbers, you need a key to open the deposit box.
That’s your private key.
The thing is, this is all digital, and so things like private keys tend to be very complicated.
In most cases, it’s not a number or phrase that you can memorize.
It’s too long.
You could potentially write it down, or you could store it somewhere on a computerized device.
That’s really going to be the crux of today’s conversation, but before we fully get into it, there are a few more concepts to cover.
What Is a Password Manager?
There is one last thing we need to get into.
What is a password manager?
It’s a digital tool—usually a program or service—that remembers passwords for you.
If you’ve ever let your phone save a password for you, then you’re using a password manager.
In particular, there are a few well-known online password managers.
LastPass and Dashlane come to mind, but with a quick Google search, you can find plenty more.
These are professional, digital services that remember passwords for you.
Let’s use LastPass as an example to show how this works.
You set up a LastPass account.
That account has its own password, so that’s the one you make sure you remember (but you should also make it secure).
You can download a LastPass app for any of your devices. With that app running, you sign in, and then LastPass takes care of all of your other passwords.
When you sign up for a new account, it will remember whatever password you pick.
When you sign into an account, LastPass fills in the password for you.
In this way, you can have unique, complicated passwords for all of your stuff, and you don’t have to manage all of them.
It’s both convenient and secure (and yes, I use password managers).
With that in mind, a lot of people consider putting their crypto private keys into their password managers.
After all, that seems like the very kind of thing these managers are built for.
But, things aren’t quite that simple, and cryptocurrency has a way of complicating things.
If you’re considering using a password manager for your private key, you need to ask yourself one very important question.
How Safe Is Storing Crypto Keys in Password Managers? (5 Things)
Now we can really get into the purpose of this whole conversation.
Is it safe to store a crypto key in a password manager?
This question doesn’t have a direct, simple answer.
If it did, I would have given you that simple answer and skipped all of this extra information.
As it is, safety is a relative term, and the only way to really assess storing a crypto key with a password manager is to compare it with other common options.
People have a lot of different takes on how to secure a crypto key—ranging from brilliant to terrifying simplistic.
So, we’ll look at the full range and see where password managers rank.
That should give you a better idea as to how safe this practice is.
#1 Online Document
The simplest thing you can do with your crypto key is copy it and paste it into a document.
If that document is linked to the cloud, then you’re storing the key in an online document.
Let me clarify something.
These days, the majority of documents actually are online.
If you use Microsoft Word, Google Docs, Pages, or most of the other major word processors, they all automatically connect to the cloud.
When you’re writing a term paper for school, that’s a nice feature.
It means that you won’t lose all of your progress if the battery on your laptop dies in the middle of your work.
When it comes to crypto keys, it’s a bit of a detriment.
The problem with storing such an important key in an online document is that these documents are made for sharing.
It’s pretty easy to get access to them.
Even if you don’t make access easy, it’s still not that hard for someone to try to get access to your cloud account if they really want to.
These kinds of accounts are hacked all the time—partly because most people don’t practice good digital security.
If you have ever had any of your personal accounts hacked, then you know that an online crypto key is risky.
#2 Offline Document
In that case, it’s better to keep the key offline, right?
Copy it into a note document that isn’t online.
Do that, and then no one can hack you!
Unfortunately, this option really isn’t any better.
Have you ever had a computer virus, adware, or any other type of malicious software on any of your computers?
Well, you might want to rethink keeping a crypto key on an unsecured offline document.
If people can get malicious software onto your computer then they have the means to steal that private key.
And you had better believe that modern malware knows to look for things like crypto keys.
In fact, the very worst thing you can do with your crypto key is to label it as such (or put it in a “passwords” folder).
On top of that, if anyone can ever physically access your computer or device, then they can grab the crypto key right off of it.
This just isn’t a secure way to store the key.
#3 Secured Password Folder
The good news is that you can store a crypto key in an offline folder and then secure that folder.
In fact, if you have access to encryption software, then you can password-protect the specific file or folder that holds your crypto key.
This option is much better than anything we have discussed so far.
Modern encryption is pretty thorough.
It’s not foolproof, and if someone accesses your device maliciously, they’ll definitely try to copy anything labeled as a crypto key.
But, cracking the encryption is hard.
It’s technically possible, but it takes a lot, and on average, an offline, encrypted file is much safer than the previous options.
If you’re not sure how to encrypt, this is something that comes with business versions of Microsoft Windows and all versions of macOS.
You can also get encryption apps or programs for this purpose.
There’s one thing to remember, though.
If you encrypt a file and then forget the password, you’ve essentially lost the file.
So, you need to protect the password to your encryption as effectively as you protect the crypto key, and this creates a bit of a loop.
Ultimately, you might want to find a better option.
#4 Online Password Manager
At this point, we’ve covered some terrible ideas and one viable, suboptimal idea.
Compared to all of that, a password manager actually looks pretty good.
Password managers are designed with a lot of security in mind, so it’s possible to keep the key safe.
They use high-level encryption so that if hackers got into the server, it would be impossible to identify your key.
On top of that, they use state-of-the-art security systems to prevent hacking in the first place.
A good SaaS (software as a service) provider also has measures so that they can’t see your stuff either.
Even top-level employees don’t have the ability to look into your account and see your stored password or information.
They can see that you have an account and that you’re paying your bill, but the information that you want to keep secret is in fact secret.
This applies to password managers and online document services, by the way.
How does that work, though?
Why can’t the employees see your stuff?
That boils down to the fact that the server automatically encrypts your information before storing it.
So, the servers that employees really can access don’t store your secret information in a way that is readable to the employees.
On top of that, the server needs your encryption key in order to decrypt the data.
You can think of it as though the server is a vault, and you have the key.
The employees don’t have their own duplicate keys.
In that way, SaaS providers are more like online safety deposit boxes.
The issue with SaaS security is that you have to do your part.
If your password is weak or you don’t use multi-factor authentication, people can crack your account and steal your passwords.
But if you do use the features available, then an online password manager is a better place to store a crypto key than any option so far.
It’s not the best option, but it’s above average.
In fact, plenty of people store crypto keys in password managers without issue.
Let me emphasize one thing really quickly.
Use multi-factor authentication.
It makes a huge difference.
If you’re not familiar with the concept, here’s a quick breakdown.
Normally, when you have an online account, you need to know the right username and password to log in.
You’ve done this plenty of times.
With muti-factor authentication, you add a step to the process.
After you sign in with the username and password, you are then sent a message either to an email account or a mobile phone (via text message).
That message has a temporary password that you have to input in order to finish logging in.
This adds security because anyone trying to break into your account would need your username, password, and access to the temporary password.
It’s a much higher bar to clear.
#5 Physical Note
Lastly, we have the physical note.
You can write the crypto key on a piece of paper.
Believe it or not, this is the best option—provided you follow through and take good care of the piece of paper.
If you write down the key and just leave it on your desk, then that’s a bad plan.
But, if you write down the key, put it in a folder, and then lock that folder in a fireproof and waterproof safe (you can get relatively affordable safes at office supply stores and hardware stores), then you’re in really good shape.
After all, people can’t remotely hack a piece of paper.
And since it’s in that fancy safe, it’s not going to be accidentally destroyed.
Also, breaking into safes isn’t entirely easy.
Someone has to get into your house (or office or wherever you keep the safe) in the first place.
So, this really is the best option of all.
There’s an alternative version of this that works too.
Some crypto keys are really complicated, and simply writing them down isn’t exactly viable.
In such a case, you can save the crypto key to a flash drive.
Then, you can take that flash drive and store it in your safe.
Ultimately, the key is still offline, unhackable, and quite safe from harm.