Blockchain.info was founded in late 2011 and released its Bitcoin wallet in January of 2012. The Blockchain wallet has many accolades:
- It is commonly named to top-5 and top-10 lists of top cryptocurrency wallets,
- As of January 2018 its users have created more than 21 million accounts.
- It claims to be the “#1 digital wallet” for cryptocurrency.
The Blockchain wallet is what is known as a “hybrid” wallet. This means that the company stores an encrypted version of your wallet’s private key on their servers, but it does not store your password. This provides a number of benefits:
- Convenience: you can access your wallet anywhere you can get an internet connection.
- Continuity: you don’t have to worry if your laptop dies — Blockchain.info still has your wallet.
- Security: even if hackers access the company’s servers they can’t steal your password (and your coins) because they aren’t stored there.
However, there is one major drawback: if you lose your password (and you have not written down your 12-word wallet recovery phrase) the company cannot retrieve or reset your password for you.
As Blockchain.info says: “Unfortunately, we’re unable to help you re-gain access to your wallet if you’ve lost or forgotten your password. This is because we don’t have access to your wallet or your wallet password.”
However, CryptoAssetRecover.com can help you recover your password. This article documents a process you can use that may allow you to recover your password yourself. However, our clients often reach a point where they need professional help. If you’d like to get the professionals involved, please contact us.
If you have lost your Blockchain.info password, recovering it is essentially a two-step process:
- Find your Wallet ID
- Collect and test your best guesses as to what your password is
This guide will walk you through both steps in detail.
How to Find your Wallet ID
The simplest way to find your Wallet ID is through your email account. Blockchain.info lets you link an email address to your account so that they can send notifications when something changes.
Take a moment to write down all the email addresses that you might have linked to your Blockchain.info wallet account.
- Search each email account for a message with the subject line: “Welcome to My Wallet”. If you find it, that message will contain your Wallet ID.
- If that doesn’t work, you can take the following steps:
- Open your web browser and go to: https://blockchain.info/wallet/#/login
- It’s possible, but unlikely that your wallet id will be displayed in the “Wallet ID” field of the login form
- Click on “View Options” in the lower right-hand corner of the login form
- Look for the option that says “I’ve lost my Wallet ID: Email me a reminder with my Wallet ID to my email address”
- Click “Remind Me” next to that option
- Enter the email address you used to create the wallet, fill out the “captcha” and submit the form
- If you correctly identified the email address that you used to create your wallet, then Blockchain.info should email you the Wallet ID within a few minutes.
Once you find your Wallet ID, you’re ready to move on to making your password guesses.
How to Guess your Blockchain.info Password
Creating a good list of password guesses requires time and research. We’ll start by explaining the minimum password requirements, then move into techniques you can use to jog your memory. Your goal at this point is to cast a wide net: what is the entire set of password components (also called “tokens”) that you might have used to create your password.
Blockchain Password Requirements
As of January of 2018, Blockchain.info enforces the following requirements on new accounts:
- Passwords must be at least 10 characters long
- Certain strings (“1234567890”, “abcdefghij”, the same letter repeated 10 times) are not allowed
This appears to be largely the same set of criteria that the company required in January of 2012, when they wrote: “We require a password of at least 10 characters in length to ensure that even if our database is compromised your wallet will remain secure.”
At the risk of stating the obvious, this means that whatever password you chose for your Blockchain wallet is at least 10 characters long.
How People Typically Create Passwords
Most people have weaknesses in the way that they create and use passwords:
- They re-use the same passwords on multiple websites.
- Even when they use different passwords on different websites, they often re-use components of those passwords from site to site.
- When people use numbers they tend to put those numbers at the end of their passwords.
While this is typically interpreted as a problem, in our case it’s a benefit. If you’re like most people there’s a good chance that your Blockchain.info password is related to some of the other passwords that you have. One strategy for making a good password guess: look at the other passwords that you have created, and look for common patterns.
- Do you use the same strings (such as names of family members, sports teams, etc)
- Do you use the same numbers (years, single digits, double digits, etc)
- Do you use the same special characters (the tilde “~” or the hash “#”, for example)
Use your Browser Password Manager for Inspiration
One common source of inspiration is your web browser’s password manager. This is the tool that asks you if you want your browser to remember your password when you create an account on a new website.
Here are instructions for opening your password manager on the most widely used web browsers:
You want to do two things:
- Write down each password down.
- Look for common patterns in how you created those passwords.
- What “tokens” do you commonly re-use?
- Where do you capitalize letters?
- Where do you place numbers?
- What special characters do you use?
Create a Testing Plan
Once you have identified possible keywords and your own password creation patterns, it’s time to create a plan for how to proceed. Basically, you want to create a long list of passwords and password variations that you can systematically use to try to login to your Blockchain.info account, one after the other.
In many ways, an offline spreadsheet created in Microsoft Excel, Apple Numbers, OpenOffice, or a similar program is the perfect tool for this job. You can put each password in a new row, copy and paste the password from the spreadsheet to the Blockchain.info login form (rather than risking typos as you manually type each password), and record which passwords you have tried and which you haven’t.
The downside of using a spreadsheet is that you have now created a single file which contains the passwords for all of your accounts. If you were to lose your computer (or get hacked) this would create a serious potential security risk. If you use a spreadsheet (rather than pencil and paper) take the following precautions:
- Switch from using your browser’s password manager to a secure password manager like LastPass. Change all your passwords now.
- Set a reminder in your calendar to delete the file in a week.
- Save the spreadsheet to your desktop so that you won’t forget about it.
- Make sure to delete the spreadsheet when you’re done.
What to Put in your Spreadsheet
Your spreadsheet needs to have two columns:
Start by copying and pasting your passwords from other services into the spreadsheet. To get a feel for how the process works, point your web browser to the Blockchain.info login page: https://blockchain.info/wallet/#/login
Copy and paste your Wallet ID into the “Wallet ID” field
Copy and paste your first password guess in the “Password” field
Click the “LOG IN” button
If that first password doesn’t work, enter “Checked” in the “Status” column of your spreadsheet and move on to the second password. Rinse and repeat.
Creating Permutations of your Password Tokens
Assuming that you have not already cracked your password, now you want to start creating combinations of the “tokens” that seem reasonable. This is known as “brute force” decrypting a password. The basic strategy is to take a set of known tokens that may be part of the password and create hundreds (or thousands or millions) of permutations of those tokens, and test them until you find the right one that unlocks your cryptocurrency.
When you’re doing this manually, you get to decide how many combinations you want to try. If you work with a company that does this at scale, we will typically try tens of millions of combinations if necessary to decrypt your password.
Before you start, consider the following questions:
Do you use the same numbers repeatedly in multiple passwords? If so, perhaps you append those same numbers to whatever passwords don’t have them.
Do you use the same special characters repeatedly in multiple passwords? Those are good tokens to add to the passwords that don’t have them.
I would recommend that you find a pattern in your set of passwords, and that you create new “batches” of about 25 passwords at a time in your spreadsheet. Once you have created a batch, go test them. Then, find a new pattern to test, create a batch of passwords and test them.
If you find your password using this approach, then congratulations! Your methodical persistence has paid off! You converted a small amount of your time into (hopefully) a substantial payday. You should now:
- Create the 12 word recovery phrase for your Blockchain account, write it down, and store it somewhere safe.
- Delete the spreadsheet with all your password guesses
If you reach a point where you’re running out of new ideas to test, or you have simply exhausted your patience, don’t despair. This process of brute-forcing a password is our bread and butter. We’re happy to take your password guesses and make tens of millions of attempts to recover your wallet.
Here’s how our service works:
- Introduce yourself by email (firstname.lastname@example.org) or using our contact form.
- We’ll send you a copy of our contract, and we’ll ask for your Wallet ID and your password guesses.
- We will brute force your password, by comparing increasingly large batches of guesses against your wallet. We typically with a few thousand guesses, then a few hundred thousand, then millions, then tens of millions.
- We charge a 20% fee for wallets with a balance of 10 Bitcoin or less, and a sliding scale for balances above 10 Bitcoin. You only pay if we recover your wallet.
We often recover wallets within just a few hours of our clients’ initial contact.
Curious about what our other clients say? Check out our Testimonials page.
A Quick Note about Primary Passwords vs Secondary Passwords
Blockchain accounts can be configured with two passwords a “main” or primary password, and a secondary password that is only required when you send funds out of the account. All of the techniques that we’re about to describe apply to both passwords, however, if you’re trying to brute force the secondary password you’ll have to actually try to send coins before you’ll be presented with the login prompt.
CryptoAssetRecovery.com has experience cracking both primary and secondary passwords.