Account security confusion

Hi, apologies in advance for any noob questions…

I have my nash account setup on their website, with 2fa. I want to make sure I have everything I need so I dont lose access to my account in the future, as I plan to stake and forget for some time.

I have written down my 12 secret words. I have not noted down the private keys for any of the accounts, I’m guessing I don’t need to?

There is an article on the site for if you lost your phone/2fa, and it says I should have a 16 character backup code from when I made my account. I can’t find this anywhere, is there any why to find this or generate it now? I would like to have this backup code in case. They say you can verify your identity if you have lost this code, but I would feel safer with it :

Is there anything else I should take in to account

you get the 16 chars when using the authenticator for the first time. same as any other 2FA using google app.

It says you get it when creating your nash account. Is there a way to get these 16 characters now?

if you don’t write 16 charaters when setting up 2FA. You need to desactivate 2fa and reactivate. This time be sure to read all instructions.

1 Like

Write down your private keys, Then if ever the exchange is down for whatever reason you can still access your funds.

2FA you will have been given a 16 digit code when first activating it. If you forgot or missed it then deactivate it and then reactivate it so you can get a new code generated.

Its a good idea to make 2 copies of everything and keep them separate… 2 separate houses is ideal incase of a fire or something.

i personally store all my private keys on my computer, on two seperate google drives, on my phone and on a microsd card.
All the private keys are obviously 256bit AES encrypted with a quite strong and long password. I dont trust a piece of paper.

Do you have tips on how to password-encrypt those private keys ? What tool do you use for that ?

Also I understood that team is working on an offline tool that could derive the keys from the 12-word seed phrase. Would it be considered safe to encrypt those twelve words only ?
I currently store all private keys and seeds in metal box under the carpet in the my basement-garage (aka the bunker). It’s not encrypted, but nobody knows where it is. :prayer_beads:

You could use Veracrypt and store them on usb stick i have a copy like this but also have the paper copies laminated and in 2 different locations. Paper cant go wrong lol

I wouldnt store them online and in the past ive had USB drives wipe themselves

1 Like

veracrypt is very good, i already use this to encrypt my computer.
for individual files (so crypto keys and 2auth keys) i use 7zip to create compressed archives with encryption on them.
For google drive i use Duplicacy to automaticly back up my PC to google, with again another set of encryption in place.

Storing your data online is secure enough, as long as you apply encryption that is used by a open source application (so no backdoors). If it would then have a security leak in encryption, it would be found. I apply 2 encryption methods (duplicacy’s method + they are encrypted by 7zip). There is no way that data can be extracted from the archives.

As for @c0r6z, i trust digital security more then paper security. when the piece of paper is stolen/found/read by someone, they have access to all the funds associated with that account.

EDIT: Just know/investigate what you are doing, and don’t EVER keep a private key or sensitive data in plain text on your computer.

1 Like

Do other people write down each of their private keys rather than just the 12 word seed? It’s just a bit of hassle to write these all down on paper and duplicate and backup etc. But I guess its true that if Nash goes down, then the 12 word seed is useless right?

For now correct, if Nash goes down the 12 words are currently useless, but they are developing a tool to extract the private keys from the 12 words in case they ever go down. Those 12 words will always work on Nash though.

1 Like