I’m working with Dan Hewitt of Coinative on this. Dan gave me a little job to do over lunch so that we could crack on when he got back.
The first step is to get yourself a wallet. This is notionally a simple process and can be done at Blockchain. Click on Start A New Wallet. This is where it all started to go wrong for me.
We have to remember that in creating a wallet we are creating something secure that others can’t get at. I went through the process and then discussed it with Dan when he got back.
First of all I entered an email address. This is optional with Blockchain. I got a verification email, clicked on the link and I was away.
It already gets scary here. At the bottom of the screen is the message:
Don’t Forget Your Password!
WARNING: Forgotten passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!
Gulp. I created a ridiculously strong password in my usual “safe” place and carried on. Having entered the captcha a mnemonic appeared on the screen. I was asked to write this down and not to store it on my laptop or in an email draft.
Took me ages to write down, partly because I don’t do handwriting any more and partly because the mnemonic was so long. I took a belt and braces approach and emailed the mnemonic to my printer with a view to deleting the email after it had printed out.
All this I told Dan when he got back to the office. So this is where I went wrong.
By providing an email address I am making it known to the world who I am. Anonymity is the way forward. Also the mnemonic really should not be available anywhere electronically and I dropped my guard here – even though I had planned to delete the email once sent. By emailing the mnemonic to my printer the NSA at least almost certainly now has my details. Writing it down is the only safe way.
Similarly although the password is stored securely online in an encrypted place I need to change to something with a little more security credentials.
I took a look at Password Safe on Sourceforge but this doesn’t support Chromebook. So it looks like OnePassword then with the annual payment.
All this really does make you think about personal security. It’s money we’re talking about here. I’ve aborted the Wallet setup until this evening whilst I get on with other things. I’m anticipating it will take some time as I have lots of accounts to get set up on OnePassword.
With a bit of luck I’ll get the Bitcoin purchase done in the morning, without an email address. I’m abandoning the first wallet. Might as well do it right from the beginning. Lots security stuff to think about in this online world of ours…