Best method for securing online private keys?

[Inca]

The answer of course is not to do so.

In reality a lot of services need to store and generate private keys temporarily.

What strategies do the more technically minded think are best to keep these secure from an attacker?

[PocketRocketsCasino]

It's best to not have private keys online at all.

If you use a wallet like Armory, https://bitcoinarmory.com/, you can create your wallets offline (an old laptop with wifi disabled is a good choice).

Then create a watching only wallet (no private keys) that you have on a different machine with internet access.
You can view your balance and incoming transactions using this wallet.

To spend the funds you create a transaction using the watching only wallet and then sign it using the offline wallet. Finally you broadcast the transaction using the watching only wallet.

That might sound like a lot of hassle but it's actually quite easy and there are video tutorials on the Armory website.
Once you have done it a few times you will be able to do it pretty fast.

[magma]

I think that we will have plenty of web based feature rich wallets in the future, but they will use multisig and not have the full set off keys in their possession, or use hardware wallets to sign the transactions. A wallet is just a graphical representation of a subset of the blockchain. You don't really need the private keys directly as long as transactions can be signed somewhere.

[Inca]

Well I meant specifically for services which are forced to temporarily hold funds, say between a buyer and a seller in an online marketplace..

[ERt1F2Wvyr]

Well I meant specifically for services which are forced to temporarily hold funds, say between a buyer and a seller in an online marketplace..

The use of multisig - https://en.bitcoin.it/wiki/Multisignature - with an independent third party escrow sounds like the best option for what your saying.

[LiteCoinGuy]

you can find all hardware wallets here:

beginners-help/overview-bitcoin-hardwar ... -t200.html

[btc]

of course you cannot!

[BitcoinNewsMagazine]

It's best to not have private keys online at all.

If you use a wallet like Armory, https://bitcoinarmory.com/, you can create your wallets offline (an old laptop with wifi disabled is a good choice).

Then create a watching only wallet (no private keys) that you have on a different machine with internet access.
You can view your balance and incoming transactions using this wallet.

To spend the funds you create a transaction using the watching only wallet and then sign it using the offline wallet. Finally you broadcast the transaction using the watching only wallet.

That might sound like a lot of hassle but it's actually quite easy and there are video tutorials on the Armory website.
Once you have done it a few times you will be able to do it pretty fast.

Armory is a great wallet but their cold storage procedure looks ancient compared to the ease of Trezor and is no longer convenient. Hopefully Armory will add Trezor support before too long. I quit using Armory and moved my bitcoin to a wallet that works with Trezor.