Jump to content

Be careful with toast


lifemagic

Recommended Posts

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

Link to comment
Share on other sites

31 minutes ago, lifemagic said:

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

I had this issue on IOS. Updating the IOS software to the latest version worked for me in getting toast wallet out of that boot loop. I saw it somewhere else on internet, with others having issues.

Link to comment
Share on other sites

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

Link to comment
Share on other sites

18 minutes ago, lifemagic said:

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

Google toast wallet wont load. My boot loop resolved. 

Link to comment
Share on other sites

1 hour ago, lifemagic said:

No idea if it's typical. It might be. I became confused as they talk about a pass phrase and a recovery phrase and even now, I'm not absolutely sure which is which. Mainly, a phrase is a sentence, thus I assumed the six nonsense words is what I required to write down. Then I saved what comes up for saving. Really, they need to make it clearer. Perhaps, with the actual thing needed for recovery (not actually a phrase but a string of characters) they could name it 'recovery string' and then display it rather than put it in a text box, as most people would write it down rather than save it. The default for saving is almost always the device. If you have Toast, PLEASE write down the STRING of characters now. 

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

Ah, the benefit of hindsight!

Please be careful. 

That should be standard practice for any wallet.

Link to comment
Share on other sites

18 hours ago, lifemagic said:

Hi. Pretty certain I just lost all my Ripple, so a word to the wise. I downloaded toast, wrote down the pin, six words, passworx etc. and then that long number pops up in a box to go to the clipboard for saving, which I did, in the text editor. Of course it's saved by default to the device. Now I'm stuck in a bootloop, that one thing I didn't write down is the only thing that restores.

 

The ironic thing. If it hadn't have popped up in a window for copying, I would have written it down. 

If you have toast wallet, please write down that long number, and then look after it.

 

Unfortunately wallets are complicated. We could simplify it the way ledger has with a recovery seed but this would mean you couldn't import existing addresses, or, in future use multi-sig etc. So you are stuck with needing to record three pieces of information:

Passphrase -- used to encrypt your wallet

Recovery phrase -- a second passphrase in case you forget your first one, used to encrypt an exact copy of your wallet

Backup code -- a copy of the wallet itself

You can also make a copy of your Ripple secret if you want but be careful not to leave this lying around or someone could spend your XRP.

Now to your issue: what platform are you on? Are you using the latest version of Toast?

Link to comment
Share on other sites

1. Don't use a software wallet.

2. Stop the parsimony and get a hardware wallet FROM the manufacturer–no ebay, craigslist et al.

3. Keep all passwords, pasphrases etc in a safe deposit box at the bank or a fireproof box hidden in your home.

4. Trust no exchange that is not located in your country as this means little to no chance at requital should the exchange turn out to be a ponzi, broke, hacked or taken over by a government. The latter is not nearly discussed enough.

5. Hold and don't sell until $100...lol.

 

Link to comment
Share on other sites

16 minutes ago, Burgoyne said:

1. Don't use a software wallet.

2. Stop the parsimony and get a hardware wallet FROM the manufacturer–no ebay, craigslist et al.

3. Keep all passwords, pasphrases etc in a safe deposit box at the bank or a fireproof box hidden in your home.

4. Trust no exchange that is not located in your country as this means little to no chance at requital should the exchange turn out to be a ponzi, broke, hacked or taken over by a government. The latter is not nearly discussed enough.

5. Hold and don't sell until $100...lol.

 

We actually encourage people to use a paper wallet or hardware wallet for storing large amounts of XRP. Toast is primarily designed as a hot wallet.

That said, we'll be adding watch-only wallets and offline signing support soon.

Edited by Guest
Link to comment
Share on other sites

15 hours ago, lifemagic said:

I used the latest toast on marshmellow (that sounds absurd!).

I'm thinking to factory reset the phone, enable usb debugging and try recovery software as the key is a text file.

Still don't exactly understand what happened to you. Did your phone go into a boot loop or Toast itself?

Link to comment
Share on other sites

On 12 January 2018 at 10:21 PM, lifemagic said:

I think best practice now, if I ever risk it again, is to send a token amount (which I did) for testing, but then, DELETE THE WALLET, restore it with the info you have written down, then transfer the large amount. 

That's good but not sufficient to prove you're ok.

 Before you send the larger amount you should also do a payment of some XRP back to the source to prove that the restored wallet has the correct secret key to sign transactions.

Eg fund the wallet with 22 XRP then delete it. Restore it. Send 1 XRP back to source.  Assuming that all goes ok you know you are good to go with the remainder.

 

On 13 January 2018 at 3:50 PM, ToastWallet said:

You can also make a copy of your Ripple secret if you want but be careful not to leave this lying around or someone could spend your XRP.

Um, er, I have enormous respect for your team and product but I think that is perhaps not the correct sentiment to adopt.

Firstly....    Don't the other written down words collectively become as dangerous?  (I could be wrong... I'm not familiar with the wallet.)

Secondly and more importantly, recording the secret takes you to a quantum level higher of recoverability.  With just the secret you can always recover your XRP irrespective of the collective fortunes of the phone OS, ecosystem, and Toast Wallet itself.  There are already multiple ways to access your funds if you have the secret.  In future there will be more and even easier ways.

Obviously the downside is that anyone else with your secret can steal your XRP so as you correctly point out,  that means you need to be very careful with it. (As you do with your Toast phrases). In particular do not ever let these secrets be seen by any camera (eg phone, laptop, certain TVs.  Also do not record them in text files ( Eg Evernote, notepad etc)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...