Secure my bitcoins?

[Moser]

As bitcoin spreads more and more, malware , tailor-made attacks and scams have been delivered to deprive as many users as possible of their bitcoins. To secure those in your possession, let's start with the basics:
 

Use strong passwords and above all create one to use only with bitcoins . Would you use the same son bike padlock key to lock the safe with your savings?

Create at least two accounts . On the first, high security, keep most of your bitcoins: that will be the "savings fund" from which to draw funds once in a while. The second will be the "current account", on which to keep the money to spend in everyday life.

DO NOT use your bitcoins on unsafe computers , such as those in hotels or internet cafes. If you need it, use a separate wallet to keep a few pennies on

Keep an anti-virus and anti-malware updated on the computers you use to manage your bitcoins. If possible, do not install applications that are cracked or from unsafe sources

Keep an eye on saving passwords : using ultra-complicated passwords is useless if you activate automatic login or save browser passwords.

That said, the techniques to be implemented to keep bitcoins safe depend on where you keep them. In this FAQ I will consider the bitcoins kept in the hard disk of a dedicated computer or not, in a site and in a USB stick. I also note that talking about bitcoins "held" somewhere is incorrect, but I still use it to facilitate understanding. 

Bitcoin kept in the hard disk of a computer not dedicated
In this scenario most of your bitcoins are kept in the client (strictly ORIGINAL) installed on one of the computers in your possession or on which you have access, which you regularly use. The level of security guaranteed by this system depends entirely on you , but I do not recommend it for large amounts.
First of all, you should know that your bitcoins (or rather, the keys needed to use them) are stored in a single file, wallet.dat , present in your user directory. Here is a list of where to find it based on your operating system: 

Windows XP : 😄 \ Documents and Settings \ <user name> \ Application data \ BitCoin \ 
Windows Seven / Vista : 😄 \ Users \ <username> \ Appdata \ Roaming \ BitCoin 
Mac OSX : ~ / Library / Application Support / Bitcoin / 
Linux : ~ / .bitcoin / 

Note that if someone can get their hands on this file, it has the ability to transfer instantly and irremediably all bitcoins stored there. Understand that securing this file must be your absolute priority . 
in addition to those already mentioned before and valid in a general sense, here are the steps necessary to ensure reasonable security with this method: 

1.Crypt the home
Regardless of everything else, anyone with privileged access (or physical) to the computer can easily read the data of any user, and therefore also your wallet.dat. This is unless your user folder is encrypted. This can be done with virtually all modern operating systems, to do it on windows just go to control panel -> users. 

2. Create a dedicated bitcoin user
This simple trick allows you to ensure the security of your wallet even if the user you normally use is compromised by malware installed in userspace. This does not protect you from any system-level malware (which can be done by installing crack or dubious applications), so it's not an absolute protection.
To do this, go to the user management of your PC and create a new user. DO NOT give it special privileges, leave it as a limited user. Of course, protect the user from a password and encrypt personal files. Once this is done, log in the newly created user and start the bitcoin client. Copy-paste in a shared file the address to receive payments (you can create and mark more than one, virtually infinite), log out and, once logged in your "normal" user, send to one of the addresses marked all the bitcoins. 

3. Consider using a virtual machine
This is the improved version of point 2. Using a virtual machine you will be able to create not a user dedicated to bitcoins, but even a dedicated operating system, perhaps different from the main one. This will protect you from the vast majority of malware you may have taken on the "original" computer. However, it is not a 100% safe system (which one is it?) But it is still one of the safest. If you want to use this method, the easiest way is probably to use damn small linux embedded, by downloading the bitcoin client for linux. For the rest, the same considerations as in point 2 apply. 4. 

Attention to backups
People often forget that a backup is a 1: 1 copy of the data on the computer. When backing up your user data (and if you store bitcoins in your computer, it's critical that you do), be sure to encrypt the backup, or at least the wallet.dat file. To encrypt backups you can use the trivial password of winrar, or more refined systems such as truecrypt or gpg. 

Bitcoins kept in a site
In this scenario most of your bitcoins are kept on a site (be it bitmarket, mtgox, a pool, ...). The security problems of this solution are both due to you and to the security of the site in question. Personally, I do not recommend this method for handling large quantities of bitcoins. For reasons see the Mybitcoin incident .
In any case, here are the specific rules to follow if you want to use this system, in addition to the general ones: 

1. Carefully choose the site on which to keep the Bitcoins. 
A quick search on the internet will tell you if the site in question has ever had problems of reliability or security, and if they have solved them efficiently or if they have resubmitted. 

2. Make sure the site works EXCLUSIVELY with the secure http (https) from the time of login. 
Worry if the certificate suddenly becomes invalid, do not accept it without asking questions. 

3.Check the password recovery system.
Password recovery is the main method of compromising an account: study its operation and identify any security flaws. Is an email sent to the address used at the time of registration? Be sure to use a strong and unique password for that email and that the service used is safe and reliable. A general question is asked (like your maiden's name ...)? Consider responding with a second password that has nothing to do with the question. 

4.Use the privacy mode
Before logging into the site in question, activate the privacy mode of your browser. 

5. Consider using an on-screen keyboard to enter the password
This will protect you from most keyloggers. Almost all modern operating systems have one installed by default, on windows you find it in accessories. 

Bitcoins kept in a dedicated PC
This system is an improvement of the first method. Here the bitcoins are always stored in the hard disk of a computer (therefore in a wallet.dat file), but in this case the computer is dedicated exclusively to storing and managing bitcoins. This is a fairly secure system, recommended for considerable amounts, and is a great way to reuse an old notebook that you do not know what to do with it. Alternatively, you can buy a nettop with a few hundred euros. Here are the tips to follow if you use this method: 

1.Use an operating system other than Windows
Since the PC will only be used for bitcoins you have no excuse: using an operating system other than Windows is a secure, immediate and consistent increase in security. The natural choice is Linux, for the "beginners" of this operating system I would recommend Ubuntu, others will choose a distribution of their preference. 

2.NON install anything
Less software installed, the higher the security. As a result, free hand on the unmounts. Browsers, mail readers, office programs, multimedia players ... all possible security risks. If you store the addresses of your "secondary" protector in the address book, you will never need to copy other bitcoin addresses.
The only software that I can recommend, in addition to the bitcoin client, is a firewall. And a light antivirus if (at your own risk) use Windows for this delicate task. 

3. Encrypt, encrypted, encrypted If
possible, encrypt the entire disk. Linux allows it. Otherwise, just encrypt the home (see "Bitcoin kept in the hard disk of a non-dedicated computer"). 

4.Backup. Let them. Cifrateli. 
Making backups is basic, and just as basic is encrypting them. You can use the trivial password of winrar, or more refined methods like truecrypt or gpg. 

5. The network
As long as you use the accounts in reception only, it is not necessary that the computer is connected to the internet even for a second: the client is perfectly able to create valid addresses without ever being connected to the internet, addresses that you can copy with a file text or by hand and use in total security. Obviously the amounts transferred will not be displayed until the client downloads the block chain, but the bitcoins will be safe and your computer with them. 
The disadvantage of this approach is that the first time you want to send money you must first download the block chain, an operation that can also require several days of 24/24 connection.