Blog / Articles / How secure is your Bitcoin password?

How secure is your Bitcoin password?

How secure is your Bitcoin password?

It's crucial to encrypt your Bitcoin wallet in order to prevent theft. This can be done by clicking on "settings" in the Bitcoin wallet menu and then choosing "encrypt wallet". Essentially when you encrypt your wallet you set a password. You can still see your wallet balance and receive Bitcoins without the password, but in order to send Bitcoin you need to enter the password. Hackers have designed many programs which steal wallet files off people's computers, and if your wallet is unencrypted and you download such a program your Bitcoins will quickly disappear. Once Bitcoins are sent to a thief it is impossible to get them back, so it is important to prevent the theft in the first place.

Password protecting your Bitcoin wallet is a good first step for security, but just because you set a password doesn't mean your Bitcoins are safe. One possible way your password can be compromised is if you store it anywhere on your computer. If hackers have access to your wallet file, then they likely have access to everything else on your computer and may find the password. Additionally, don't store Bitcoin wallet files or passwords on cloud storage sites. Recently someone lost 1100 Bitcoins ($680,000+) because they stored their Bitcoin wallet file and password on Dropbox. Also, don't use your Bitcoin wallet password for any other internet accounts. Email accounts, exchange accounts, PayPal accounts, etc. are often compromised, and if you have the same password for your Bitcoin wallet you could lose your Bitcoins. If your password is too complex to remember, write the password down on a piece of paper and keep it in a safe location like a vault.

Aside from the possibility of hackers finding your Bitcoin password if you store it on your computer, it is possible for hackers to discover your password without even knowing it. This is called a brute force attack. Hackers create programs which go through every combination of characters possible in a password until they find it. Unlike some internet accounts which block your account if you type in the wrong password too many times, Bitcoin doesn't have a limit to the amount of wrong passwords you can type in, making brute force attacks possible. In order to avoid a brute force attack you shouldn't use common passwords such as "12345678", "qwerty", "abc123", "password", "letmein", etc. In fact, don't use any common words or phrases as a password, it would be easy and quick for a hacker to make a program which goes through every word in the dictionary. Your Bitcoin password should be complex and unique, and should include upper case letters, lower case letters, numbers, and special characters like $, &, @, #, etc.

Making your Bitcoin password as long as possible is the best way to avoid a brute force attack. This site calculates how long it takes for a desktop PC to crack a password with a brute force attack: If you use a series of consecutive letters or numbers your password will be cracked instantly. If your password is 6 characters it takes less than 5 seconds to crack, even if it is a complex password with upper case letters, lower case letters, numbers, and special characters. It takes 3 hours for a desktop PC to solve an 8 character password, 6 days for a 9 character password, about a year for a 10 character password, and 48 years for an 11 character password. The theme here is each additional character you add to a complex password makes it exponentially harder for a hacker to execute a brute force attack. It is important to remember that this data is only for a desktop PC cracking passwords, most of the time hackers have much more powerful equipment. There are machines which cost hundreds of thousands of dollars specifically designed for cracking passwords. Also, hackers often use botnets to conduct brute force attacks. A botnet is a group of infected computers, and the hacker can use them for whatever he wants. Oftentimes botnets consist of thousands of computers, and this greatly decreases the time it takes to crack a password.

For your password to be truly safe from a brute force attack it should at least be 14 characters long, although some security experts say 12-13 characters is long enough. It would take billions of years for a desktop PC to solve a 14 character complex password. While this might seem like too much security, hackers have equipment which can solve passwords thousands if not millions of times faster than a PC, so you might as well err on the side of caution. Some people have been known to use 50+ characters in their Bitcoin password when storing a significant amount of money, which would take on the order of several duovigintillion (10^69) years for a desktop PC to crack. This is likely overkill, and also might be dangerous. If you mess up 1 character when writing down such a long password you will never be able to access your Bitcoins again.

There are actually password recovery services available for people who lost their Bitcoin password, usually  provided by hackers who have decided to use their skills for good. They will brute force attack the password, and if they succeed they will take a percentage of your Bitcoins as payment. Usually they ask you for any part of the password that you remember, since that expedites the process. There are some password recovery success stories on the internet, and it's much better than losing your Bitcoins forever due to a lost password. The only downside to using proper password security is password recovery services will be useless, and a lost password means your Bitcoins will be locked up for eternity.

Thus, it is crucial that you use a long and complex password for your Bitcoin wallet. Don't use any common words or phrases, or consecutive series of letters or numbers. All passwords should include lower case letters, upper case letters, numbers, and special characters. In order to be safe from brute force attacks your password should be at least 14 characters long. It would take billions of years for a desktop PC to crack a 14 character password, but hackers have powerful machines and botnets which can brute force attack a password thousands if not millions of times faster than a desktop PC. Theoretically any password can be cracked, no matter how long and complex, but if you make your password long enough it becomes unfeasible for a hacker to crack it. Don't store your password on your computer or cloud storage sites like Dropbox, since hackers may be able to access it. Also, don't use your Bitcoin password for any other internet accounts, since entire databases of passwords are often compromised on the internet. If your password is too complex to remember, write it down and store it somewhere safe, and make sure you write it down correctly or you will lose access to your Bitcoins. Hundreds if not thousands of people have lost their Bitcoins due to passwords being stolen/cracked, but if you follow the guidelines in this article you can keep your Bitcoins secure.

⏴ Back to Blog