These days I made a fascinating and frightening discovery
I needed to clean up my computer, and I decided to format it, but in order not to have the rework of downloading all my plugins and favorites, I decided to simply copy my firefox profile to an external HD and save it to restore it on the computer later
My surprise came when when restoring the browser (on the completely formatted computer), my metamask came along, and it already had the seed! Just put the password again and that’s it, wallet recovered!
I didn’t think it was possible to extract a seed from a computer so easily, so simply and imperceptibly, and that’s why I decided to make this alert to everyone.
In addition to the obvious, if possible, having a hardware wallet, be very careful with who accesses your computer physically, and also be careful with automatic backups with firefox sync, because in the same way that just copying a folder, it is possible to have access to the entire the wallet (by simply discovering the browser’s local password) your seed may end up in the wrong hands that may have access to your sync login!
This is the vector of attack for malicious downloads (file that looks like PDF but isn’t, etc) and other malware that gets executed locally.A hardware wallet protects from this, or you can use a dedicated laptop that never downloads anything and isn’t used for anything else except to sign transactions.
I totally agree with @Sasha. First thing I ever learnt from @apboatt was to always use a dedicated device. Then again, no security measure is foolproof so you’d always have to be vigilant. They are devices after all and very as much liable to intrusion.
That’s a very easy task to do. And that issue isn’t just for the wallet security but for your credentials too. Everyone that have access to your browser’s profile files, they can easily steal any information about you… And guess what? If someone do that, he doesn’t need to know your passwords to log in the websites you are logged in, because if you have the “remember login” option checked, he will directly enter into your account without any warning sent to your mailbox. That’s a common issue, and that’s why people always say to not check that option of “remember login” in a computer that is accessible for others. There is a lot to say about this topic. Personal laptops are a little bit hard to steal this information, as someone needs to have access to the drive. If you have your BIOS (search what this is on the web, it’s a whole topic to talk about) protected with a password, no one can have access to your files except if someone removes the drive from your laptop and plug it into his computer…
I didn’t talk about malicious software. That’s the easiest way to steal information from someone because you don’t need access to the physical machine.
