10 sats \ 2 replies \ @pajdo 12 Jul 2023 \ on: How do you protect your bitcoin? bitcoin
I use single-sig + passphrase

Seed backup:

  • Cryptosteel Capsule
  • Steel plate
  • DIY Stainless Steel Washers
  • MicroSD with encrypted seed backup (7zip, AES-256) - generated from Coldcard, protected by 12 words, never to be inserted into anything other than Coldcard, or Tails (in case of emergency)
  • Coldcard Mk4

Passphrase (six BIP-39 words):

  • Keeping in memory
  • DIY Stainless Steel Washers
  • Password manager, archived and stored under random name
  • KeePassXC vault inside of a Cryptomator vault stored in multiple cloud services and local flash drives
  • Standard Notes protected note

12 words for encrypted backups

  • KeePassXC vault stored in multiple cloud services (different from ones storing the passphrase)
I keep separate accounts for KYC, "Light" KYC, and P2P No KYC.
All other wallets are derived using BIP-85 from seed+passphrase as a master parent seed.
All online services are protected by YubiKeys or YubiKey Authenticator 2FA TOTP codes and very strong diceware master passwords.
Not ideal, probably too many backups, but I'm still learning. Will be moving to multi-vendor 2-of-3 or 3-of-5 multisig in the future, when I get more comfortable with it. And I should probably delete this comment soon.
write
preview
0 sats \ 1 reply \ @chungkingexpress 12 Jul 2023
Thanks for the writeup. What do you define as "Light" KYC?
reply
0 sats \ 0 replies \ @pajdo 12 Jul 2023
Purchased through sevices like Relai/Pocket/Bitkipi which have my bank details, but no other information
reply