Be careful with toast

[lifemagic]

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

[Guest]

I'm sure @ToastWallet will be able to help you if you send them a pm. They are active on this forum. 

[el_prez]

31 minutes ago, lifemagic said:

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

I had this issue on IOS. Updating the IOS software to the latest version worked for me in getting toast wallet out of that boot loop. I saw it somewhere else on internet, with others having issues.

[Trippy]

Is this a typical issue with Toast?

[lifemagic]

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

[el_prez]

18 minutes ago, lifemagic said:

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

Google toast wallet wont load. My boot loop resolved. 

[bb101]

1 hour ago, lifemagic said:

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

That should be standard practice for any wallet.

[MooseInTime]

Did you make a note of your toast secret (private key)? 

That's enough to restore your holdings to a new instance of toast.

The backup just regenerates the PIN and Passkey too

[Guest]

18 hours ago, lifemagic said:

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

Unfortunately wallets are complicated. We could simplify it the way ledger has with a recovery seed but this would mean you couldn't import existing addresses, or, in future use multi-sig etc. So you are stuck with needing to record three pieces of information:

Passphrase -- used to encrypt your wallet

Recovery phrase -- a second passphrase in case you forget your first one, used to encrypt an exact copy of your wallet

Backup code -- a copy of the wallet itself

You can also make a copy of your Ripple secret if you want but be careful not to leave this lying around or someone could spend your XRP.

Now to your issue: what platform are you on? Are you using the latest version of Toast?

[Burgoyne]

1. Don't use a software wallet.

2. Stop the parsimony and get a hardware wallet FROM the manufacturer–no ebay, craigslist et al.

3. Keep all passwords, pasphrases etc in a safe deposit box at the bank or a fireproof box hidden in your home.

4. Trust no exchange that is not located in your country as this means little to no chance at requital should the exchange turn out to be a ponzi, broke, hacked or taken over by a government. The latter is not nearly discussed enough.

5. Hold and don't sell until $100...lol.

 

[Guest]

16 minutes ago, Burgoyne said:

1. Don't use a software wallet.

2. Stop the parsimony and get a hardware wallet FROM the manufacturer–no ebay, craigslist et al.

3. Keep all passwords, pasphrases etc in a safe deposit box at the bank or a fireproof box hidden in your home.

4. Trust no exchange that is not located in your country as this means little to no chance at requital should the exchange turn out to be a ponzi, broke, hacked or taken over by a government. The latter is not nearly discussed enough.

5. Hold and don't sell until $100...lol.

 

We actually encourage people to use a paper wallet or hardware wallet for storing large amounts of XRP. Toast is primarily designed as a hot wallet.

That said, we'll be adding watch-only wallets and offline signing support soon.

Edited January 13, 2018 by Guest

[lifemagic]

I used the latest toast on marshmellow (that sounds absurd!).

I'm thinking to factory reset the phone, enable usb debugging and try recovery software as the key is a text file.

[Guest]

15 hours ago, lifemagic said:

I used the latest toast on marshmellow (that sounds absurd!).

I'm thinking to factory reset the phone, enable usb debugging and try recovery software as the key is a text file.

Still don't exactly understand what happened to you. Did your phone go into a boot loop or Toast itself?

[lifemagic]

Phone went into a bootloop.

[Guest]

On 12 January 2018 at 10:21 PM, lifemagic said:

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

That's good but not sufficient to prove you're ok.

 Before you send the larger amount you should also do a payment of some XRP back to the source to prove that the restored wallet has the correct secret key to sign transactions.

Eg fund the wallet with 22 XRP then delete it. Restore it. Send 1 XRP back to source.  Assuming that all goes ok you know you are good to go with the remainder.

 

On 13 January 2018 at 3:50 PM, ToastWallet said:

You can also make a copy of your Ripple secret if you want but be careful not to leave this lying around or someone could spend your XRP.

Um, er, I have enormous respect for your team and product but I think that is perhaps not the correct sentiment to adopt.

Firstly....    Don't the other written down words collectively become as dangerous?  (I could be wrong... I'm not familiar with the wallet.)

Secondly and more importantly, recording the secret takes you to a quantum level higher of recoverability.  With just the secret you can always recover your XRP irrespective of the collective fortunes of the phone OS, ecosystem, and Toast Wallet itself.  There are already multiple ways to access your funds if you have the secret.  In future there will be more and even easier ways.

Obviously the downside is that anyone else with your secret can steal your XRP so as you correctly point out,  that means you need to be very careful with it. (As you do with your Toast phrases). In particular do not ever let these secrets be seen by any camera (eg phone, laptop, certain TVs.  Also do not record them in text files ( Eg Evernote, notepad etc)