Bitcoin user may lose $220 million if he can't recall his password — here’s how to secure your data online

“Reusing passwords isn’t a great idea.”


Stefan Thomas, a programmer who lives in San Francisco, owns more than 7,000 bitcoins, which are currently worth $220 million. But he can't find the password he needs to access his digital wallet, according to a report in The New York Times.

He isn't the only investor with a story like this, either. Of the roughly 18 million bitcoins circulating, 20%, worth about $140 billion, are stuck because investors have lost keys, according to data cited by the Times.

Wallet Recovery Services, which helps users find lost passwords, said it's received a striking 70 requests a day from people locked out of their accounts and unable to retrieve their money.

Thomas uses a service called IronKey to store his passcode, according to the Times. The program gives users 10 guesses to input the right PIN before it locks up and permanently encrypts the contents, and the German-born computer wiz has already used eight.

While bitcoin and other digital currencies have special tech measures in place that make it much harder to recover private keys — locked-out investors can't simply ask to reset their passwords with the help of their mother's maiden name — the idea of users losing their money forever is a blunt reminder even to those with ordinary bank accounts to take steps to secure their information.

Use apps to keep track of passwords for you

Remembering online passwords isn't always easy, especially if you have separate codes for separate logins, like one for financial accounts and another for social media. The typical person, in fact, has between 70 and 80, recent data from password manager NordPass shows. That's more passwords than words in the average pop song.

If you're having trouble keeping track, Ted Rossman, a Bankrate industry analyst, suggests getting some help: "A best practice with passwords is to use a password manager such as LastPass or Dashlane," he says. "These are very secure and have the added advantage of setting and remembering strong, unique passwords for you."

Each service assigns encrypted passwords to keep your accounts safe and are much better alternatives to using the same password for multiple accounts, he says.

Don't reuse the same password

Many people do use one universal code, though, according to a Bankrate survey of over 2,500 U.S. adults conducted last year. A full 80% of respondents say they rely on the same password at least some of the time.

"Reusing passwords isn't a great idea, but almost everyone does it," Rossman told Grow in November. "The real worry is if there's a data breach like Marriott and that was also your bank account password." He was referencing the 2018 data breach at the hotel, which exposed millions of customers' credit card and passport numbers. "It complicates the situation."

It's likely OK to reuse some logins, Rossman says, "but make sure your more sensitive/important sites (like financial accounts) have strong, unique passwords."

How to spot a phishing scam

Video by Ian Wolsten

He also points to another worrying stat in the Bankrate survey: Nearly half, 45%, of respondents saved their passwords on their personal computer, phone, or another device. That's a big "no-no," since it can make it easy for hackers to gain access to your data if you lose your computer or your phone is stolen.

Not only can avoiding this help secure your information from theft, it can also "save you from yourself," Rossman says, since it becomes "easier to make impulse purchases if your login and payment information is already saved."

Be on the lookout for dangers

As the use of online services expands amid coronavirus quarantines, it becomes harder to keep track of all your accounts at all times. But doing the big stuff well can cover up smaller sins.

The first thing to look for after securing your passwords is to see if the website you're using is safe. Make sure the site you're on is encrypted, meaning the URL starts with "https:" not "http:." Encrypted files disguise the content of any information you enter to protect potentially sensitive information from being read or accessed by another party.

Reusing passwords isn't a great idea, but almost everyone does it.
Ted Rossman

Also, aim to use home internet instead of public Wi-Fi for anything important. It's possible for crooks to hack into the internet connection and see what you're seeing. Use a VPN for added security or wait until you're in a more secure location, especially when accessing sensitive information like finances. 

Lastly, consider using debit for purchases or freezing your credit, which makes your credit reports invisible to lenders so they don't accidentally extend a line of credit to anyone posing as you.

"We're not going to be perfect with our data security," Rossman says, "but freezing our credit and checking our credit reports and bank/credit card statements regularly are important steps."

Bitcoin's value has been unpredictable over the last year: It fell close to $3,800 in March before spiking up to more than $40,000 this month, according to crypto tracker Coinbase. Investing experts Mark Cuban and Warren Buffett have both warned against bitcoin because of its notorious volatility.

If you're considering jumping on board the crypto train, experts say to make sure you understand exactly what you're investing in and that you put the vast majority of your money in less risky, long-term vehicles. While it could be possible to make money with bitcoin, it's only smart to invest what you can afford to lose, one way or the other.

More from Grow: