Your deep web market account or TorWallet account is only as secure as the password you choose! Most people who lose Bitcoins have chosen an insecure password which a hacker has brute-forced. Any decent script-kiddie can bruteforce a password like ‘letmein123’ in about 5 minutes!
You absolutely MUST learn to create secure passwords!
The general rule for creating a secure password is:
- At least 12 characters long
- One uppercase letter or more
- One special character (!, &, etc) or more
If you create a truly excellent random password, such as [email protected]@Ldsj^kdk1lksnvm1 , it will be more or less uncrackable but hard to remember. You can save it in a notepad on your computer but you need be sure that your computer is encrypted with Truecrypt. Or you can create an encrypted container on your computer with Truecrypt and save your passwords there.
You can also create a password which is easy to remember but still very hard to crack. For example: Dog……….!123 (66.3 bits of entropy) This is a hard password to crack but it is easy to remember verbally; ‘Dog with a capital D and 10 period dots followed by an exclam and one two three’. Note that this password is actually much more secure than a shorter, more random password like [email protected] (44 bits of entropy)
You can check your password strength here: http://www.passwordmeter.com/
You can check the entropy of your password here: http://rumkin.com/tools/password/passchk.php Passwords should have at least 100 bits of entropy to guard your Bitcoins!
You should never use the same password for multiple sites. For example, let’s say you sign up for Alphabay and Dream Market and use the same password. The admin of Alphabay could try your password on other markets and access your accounts. And yes, admins do this sort of thing all the time.
So … the BEST strategy is to either encrypt your entire PC or create an encrypted file container (with truecrypt or some other excellent encryption software), and save your extremely random passwords there. Use a random password with 100 bits of entropy or more for each account you create. Make a flash drive BACKUP of this encrypted file container so you don’t lose access to those sites in case your hard drive fails. Be sure that the flash drive backup is encrypted also.
You can also use an encrypted software called Keypassx for managing your various passwords, although I prefer the notepad/encrypted file container system.