- It is commonly named to top-5 and top-10 lists of top cryptocurrency wallets,.
- It claims to be the “#1 digital wallet” for cryptocurrency.
The Blockchain wallet is what is known as a “hybrid” wallet. This means that the company stores an encrypted version of your wallet’s private key on their servers, but it does not store your password. This provides a number of benefits:
- Convenience: you can access your wallet anywhere you can get an internet connection.
- Continuity: you don’t have to worry if your laptop dies — Blockchain.com still has your wallet.
- Security: even if hackers access the company’s servers they can’t steal your password (and your coins) because they aren’t stored there.
However, there is one major drawback: if you lose your password (and you have not written down your 12-word wallet recovery phrase) the company cannot retrieve or reset your password for you.
As Blockchain.com says: “Unfortunately, we’re unable to help you re-gain access to your wallet if you’ve lost or forgotten your password. This is because we don’t have access to your wallet or your wallet password.”
If you have lost your Blockchain.com password, recovering it is essentially a two-step process:
- Find your Wallet ID
- Collect and test your best guesses as to what your password is
This guide will walk you through both steps in detail.
How to Find your Wallet ID
The simplest way to find your Wallet ID is through your email account. Blockchain.com lets you link an email address to your account so that they can send notifications when something changes.
Take a moment to write down all the email addresses that you might have linked to your Blockchain.com wallet account.
- Search each email account for a message with the subject line: “Welcome to My Wallet”. If you find it, that message will contain your Wallet ID.
- If that doesn’t work, you can take the following steps:
- Open your web browser and go to: https://blockchain.com/wallet/#/login
- It’s possible, but unlikely that your wallet id will be displayed in the “Wallet ID” field of the login form
- Click on “View Options” in the lower right-hand corner of the login form
- Look for the option that says “I’ve lost my Wallet ID: Email me a reminder with my Wallet ID to my email address”
- Click “Remind Me” next to that option
- Enter the email address you used to create the wallet, fill out the “captcha” and submit the form
- If you correctly identified the email address that you used to create your wallet, then Blockchain.com should email you the Wallet ID within a few minutes.
Once you find your Wallet ID, you’re ready to move on to making your password guesses.
How to Guess your Blockchain.com Password
Creating a good list of password guesses requires time and research. We’ll start by explaining the minimum password requirements, then move into techniques you can use to jog your memory. Your goal at this point is to cast a wide net: what is the entire set of password components (also called “tokens”) that you might have used to create your password.
Blockchain Password Requirements
As of January of 2018, Blockchain.com enforces the following requirements on new accounts:
- Passwords must be at least 10 characters long
- Certain strings (“1234567890”, “abcdefghij”, the same letter repeated 10 times) are not allowed
This appears to be largely the same set of criteria that the company required in January of 2012, when they wrote: “We require a password of at least 10 characters in length to ensure that even if our database is compromised your wallet will remain secure.”
At the risk of stating the obvious, this means that whatever password you chose for your Blockchain wallet is at least 10 characters long.
How People Typically Create Passwords
Most people have weaknesses in the way that they create and use passwords:
- They re-use the same passwords on multiple websites.
- Even when they use different passwords on different websites, they often re-use components of those passwords from site to site.
- When people use numbers they tend to put those numbers at the end of their passwords.
While this is typically interpreted as a problem, in our case it’s a benefit. If you’re like most people there’s a good chance that your Blockchain.com password is related to some of the other passwords that you have. One strategy for making a good password guess: look at the other passwords that you have created, and look for common patterns.
- Do you use the same strings (such as names of family members, sports teams, etc)
- Do you use the same numbers (years, single digits, double digits, etc)
- Do you use the same special characters (the tilde “~” or the hash “#”, for example)
Use your Browser Password Manager for Inspiration
One common source of inspiration is your web browser’s password manager. This is the tool that asks you if you want your browser to remember your password when you create an account on a new website.
Here are instructions for opening your password manager on the most widely used web browsers:
You want to do two things:
- Write down each password down.
- Look for common patterns in how you created those passwords.
- What “tokens” do you commonly re-use?
- Where do you capitalize letters?
- Where do you place numbers?
- What special characters do you use?
Create a Testing Plan
Once you have identified possible keywords and your own password creation patterns, it’s time to create a plan for how to proceed. Basically, you want to create a long list of passwords and password variations that you can systematically use to try to login to your Blockchain.com account, one after the other.
In many ways, an offline spreadsheet created in Microsoft Excel, Apple Numbers, OpenOffice, or a similar program is the perfect tool for this job. You can put each password in a new row, copy and paste the password from the spreadsheet to the Blockchain.com login form (rather than risking typos as you manually type each password), and record which passwords you have tried and which you haven’t.
The downside of using a spreadsheet is that you have now created a single file which contains the passwords for all of your accounts. If you were to lose your computer (or get hacked) this would create a serious potential security risk. If you use a spreadsheet (rather than pencil and paper) take the following precautions:
- Switch from using your browser’s password manager to a secure password manager like LastPass. Change all your passwords now.
- Set a reminder in your calendar to delete the file in a week.
- Save the spreadsheet to your desktop so that you won’t forget about it.
- Make sure to delete the spreadsheet when you’re done.
What to Put in your Spreadsheet
Your spreadsheet needs to have two columns:
Start by copying and pasting your passwords from other services into the spreadsheet. To get a feel for how the process works, point your web browser to the Blockchain.com login page: https://Blockchain.com/wallet/#/login
Copy and paste your Wallet ID into the “Wallet ID” field
Copy and paste your first password guess in the “Password” field
Click the “LOG IN” button
If that first password doesn’t work, enter “Checked” in the “Status” column of your spreadsheet and move on to the second password. Rinse and repeat.
Creating Permutations of your Password Tokens
Assuming that you have not already cracked your password, now you want to start creating combinations of the “tokens” that seem reasonable. This is known as “brute force” decrypting a password. The basic strategy is to take a set of known tokens that may be part of the password and create hundreds (or thousands or millions) of permutations of those tokens, and test them until you find the right one that unlocks your cryptocurrency.
When you’re doing this manually, you get to decide how many combinations you want to try. If you work with a company that does this at scale, we will typically try tens of millions of combinations if necessary to decrypt your password.
Before you start, consider the following questions:
Do you use the same numbers repeatedly in multiple passwords? If so, perhaps you append those same numbers to whatever passwords don’t have them.
Do you use the same special characters repeatedly in multiple passwords? Those are good tokens to add to the passwords that don’t have them.
I would recommend that you find a pattern in your set of passwords, and that you create new “batches” of about 25 passwords at a time in your spreadsheet. Once you have created a batch, go test them. Then, find a new pattern to test, create a batch of passwords and test them.
If you find your password using this approach, then congratulations! Your methodical persistence has paid off! You converted a small amount of your time into (hopefully) a substantial payday. You should now:
- Create the 12 word recovery phrase for your Blockchain account, write it down, and store it somewhere safe.
- Delete the spreadsheet with all your password guesses
A Quick Note about Primary Passwords vs Secondary Passwords
Blockchain accounts can be configured with two passwords a “main” or primary password, and a secondary password that is only required when you send funds out of the account. All of the techniques that we’re about to describe apply to both passwords, however, if you’re trying to brute force the secondary password you’ll have to actually try to send coins before you’ll be presented with the login prompt.