Understanding is Safer than Following Steps
There are many tutorials online that will take you through the process of securing your wallet, step-by-step – and many of them are quite useful in that regard. However, your fortune could be at risk if you try to follow one of these tutorials after something goes wrong. To avoid that potential risk, it is critical to understand what it is that you are securing and what types of security risks threaten that security. That understanding can provide you with the insight you need to make your own decisions about which precautions you should take and determine the best bitcoin wallet for you. Understanding why you are doing something also makes it much less likely that you’ll make mistakes or follow the wrong instructions.
What Is a Wallet?
Unlike a conventional wallet, a cryptocurrency wallet never actually holds any cryptocurrency. And to make things more confusing, the term ‘wallet’ is used both for software applications, as well as for a pair of public and private digital keys. For clarity, this article will use the terms ‘software wallet’ and ‘key pair’.
The only place your cryptocurrency value ever exists is on the blockchain. It does not matter how many software wallets you have or how many copies of your key pairs you make, the value is always on the blockchain. And if someone changes that value on the blockchain, there is nothing that can ever be done by anybody that will change it back for you. There’s no undo button.
A key pair is made of a private key and a corresponding public key. These are generated by software using some complex and interesting mathematics. The public key is then encrypted into a string that detects typos as well. The encrypted public key is called an address. This address is where value is sent. The address is the only information that you should share.
So, protecting your wallet is really all about protecting your private and public keys. This is achieved by protecting how they are stored in your software wallet and by protecting how they are stored as basic text strings.
More Than One Way to Lose Your Money
Even if you do everything you need to do to protect your software wallet and key pairs, there are still many ways to lose your cryptocurrency. These include being tricked into believing a fake website is actually the one you trust (phishing), or having your cryptocurrency stolen when a trusted website is hacked by criminals.
Keeping your software wallet and key pairs safe is only possible if you also keep the environment where you do this secure. It is possible for malware on your computer to record everything you type and figure out your passwords. Other malware can inspect everything you copy for strings that look like cryptocurrency. And some viruses can lock up everything on your computer until you pay a ransom demand in cryptocurrency.
Because cryptocurrencies are decentralized, there is no organization to protect you or undo something that went wrong. Nobody can restore your stolen funds. If you forget your password, you can’t just provide your email address and get a new password sent to you. You must be responsible for your own security.
If you’re not confident that you can keep your computer safe from viruses and other malware, or you’re not sure how to detect phishing websites or choose trustworthy companies, then it is possible that cryptocurrency has not yet become mature enough to meet your needs.
Convenience or Security
Keeping anything secure requires some effort and inconvenience. Good security provides a tool that makes it much easier for the authorized person to gain access than an unauthorized one, but there is always a trade off with convenience. In that regard, it’s a bit like adding more locks to your door; it makes it more secure, but it’s annoying as well.
If you’re only storing a small amount of cryptocurrency and you want to use it often to learn about it or to try and make it grow, then high-level security will introduce too much inconvenience. But when the value of your cryptocurrency is high enough, the extra security becomes worth the effort. So, it is up to you to find the balance that suits you from the advice given below. And remember, your personal responsibility even extends to deciding how much trust to put in this article.
Choosing Your Wallet
There are many different wallets designed to meet your need for convenience or security. Web based wallets where your cryptocurrency is kept on an exchange can be extremely convenient because they enable you to log on from anywhere and quickly trade with other cryptocurrencies. But keep in mind that many millions of dollars have been stolen from these organizations in the past.
Possibly the next most convenient type of software wallets are the ones that run on mobile devices. Most of these enable you to own your own key pairs, which means you maintain control over your cryptocurrency. But it is important to know if the software also sends these key pairs to an online server, and at what stage encryption is applied if at all. Beware of any service that enables you to recover your key pairs if your mobile device is lost or stolen.
There are many different cryptocurrencies now available, so you’ll need a multicurrency wallet if you want to manage them all from the one program. This won’t enable you to manage every imaginable cryptocurrency, but it will accommodate many of the popular ones. Unfortunately, this also means that if this software is compromised or your password is stolen, you could lose everything. It can also be very difficult to know which software to trust. Maybe the best way to look at this is to ask yourself this question: how much could the software providers make by taking everyone’s cryptocurrency, compared to what they would lose by people no longer trusting their software? Do you trust every member on their team?
The people with the most to lose are those who run the project that develops and maintains the cryptocurrency. If trust in their currency is lost, they typically have a lot to lose as well. This is one of the main reasons why core wallets are popular. These are wallets created by those invested in the project and who understand their cryptocurrency. Unfortunately, some of these wallets come with less features and may not look as fancy.
Not all platforms are equal, but the following chart will provide some general direction on which may work best for you.
For those storing DNotes long term, I recommend using DNotesVault.com. It combines the ease of use a web wallet provides and combines it with most of the protections you can achieve using an offline storage procedure, with the addition of having a guarantee fund to ensure the safety of your DNotes.
Passphrases and Storage
All of these wallet options require you to choose a passphrase, though some still call it a password. It was once reasonable to consider that an eight-character password could not be discovered by checking all possible combinations. And for online services that only gave you three guesses before making you wait a day or llog in some other way, this could still be true.
But where a password protects a file that can be attempted an unlimited number of times, computers are now fast enough to break in by trying all possible combinations. But every character you add to your password multiplies the number of attempts required to check all possibilities by at least 26+26+10 or 62. And because there are many more possible words than there are letters and numbers, checking all possible combination of words becomes very time consuming. Currently, recommendations call for between six and twelve words. Be very suspicious of any wallet the sets the limit on the number of characters in your passphrase too low.
It is possible that more cryptocurrency has been lost by people forgetting their passwords than by people having their passwords cracked by brute force. So, the risk of forgetting must be considered as well. That is why a collection of words is safer than eight random characters. But you still need the randomness of selection to keep you safe. PizzaAndChocolateAreMyFavourites is an easy passphrase to crack. There are online websites that generate random words for you, or you might choose the extra security of using diceware. This is a document that lists words based on numbers you can roll with a dice.
Once you have chosen your passphrase, it is very important to never forget it. Setting a regular reminder to recall it is important. Otherwise, it needs to be written down and stored securely. There are many applications that enable you to save all of your passwords in one encrypted file. This is useful and much safer than using the one password for more than one purpose. But take great care which software you trust. And remember you’re still going to have to remember the passphrase to get into it. So many people believe the safest option is to write your passphrase on a piece of paper and keep it secure. You may choose to break it into parts and keep the parts in separate secure locations. Or to encode your passphrase using a technique you will not forget.
And just as you would never leave your house key hanging on a nail next to your front door, you should never store your passphrase anywhere near the location where you maintain your encrypted files.
The biggest concern with storing large amounts of cryptocurrency is the possibility of losing it due to a software attack. This could be a virus, malware, or even a bad actor. The most likely avenue for this sort of attack is via an Internet connection. To avoid all possibilities of a software attack, creating and storing key pairs is done on a computer that has never been connected to the Internet. Then as a further precaution, the other avenue of attack is also blocked, by not installing other software on it or using it for anything else.
Most people don’t have a reliable computer that has never been on the Internet, but that is not a problem. It is possible to create something that is virtually the same by booting your computer into a fresh install of a secure operating system. This article relies on the reader to make informed choices regarding solutions, but since there is one clear best option for a secure and bootable operating system, Tails is being recommended. Remember that even Tails can be compromised before you create a bootable USB stick, so make sure you verify the integrity of your download as part of your process.
There are a number of great tutorials on how to create a bootable Tails USB stick and use it of a cryptocurrency wallet. Unfortunately, the process when described well is longer than this article. So what follows is only a brief summary of how to use it once set up. Remember that your software wallet file and key pairs are your security vulnerability. While using a cold storage solution, your main priority is making sure these are never accessible while connected to the Internet. So, while using the offline Tails operating system, create some key pairs. Save the public addresses to these key pairs on a USB stick.
Later, you can import these public addresses into a less secure software wallet on your everyday computer without being concerned when you’re connected to the Internet. This will let you confirm payments and create a transaction file to spend payments. Be sure when creating your transaction file to only use public addresses that were generated securely for your change address. Don’t let your insecure software wallet create a change address that may already be compromised. Then all you need to do is boot into Tails, use your secure software wallet to sign the transaction, and by saving on a USB stick, import the transaction into your less secure software wallet on your Internet connected computer to publish it to the blockchain.
And don’t forget that the simplest possible cold storage wallet is just a key pair that was created in a secure environment and never stored anywhere that goes online. But if all this sounds like too much trouble for the little bit of cryptocurrency you’re experimenting with, at least do yourself the favor of never opening or using your software wallet while logged in as an administrator.
Encryption and Backups
Regardless of which software wallet you choose, it is important to encrypt all the data that it creates. You will need to be certain you know how and where it stores this data. Good software wallets give you the option and encourage you to encrypt your data file by providing a passphrase. It can be useful to think of encryption like a safe that you can put a file into and only gain access to by using a passphrase. It does this by creating a new file that can only be returned to the previous version by using the passphrase as part of its calculations.
Because of this, it is possible to encrypt the file created by your software wallet, even though it may have already been encrypted once. It is also possible to encrypt a file with a different type of encryption than has been used to create it. For example, A might be your data, then your software wallet encrypts it to create B, then you use PGP encryption to create C, and then encrypt C using AES to create D. Now all of this is useless if you forget to delete A after encrypting it into B. Remember to delete the source file of the encryption after your encrypted file has been created and tested to prove that it decrypts back to your original file.
Once you have your encrypted file, you can back it up in many places without being concerned for its security. Email one to yourself, store it on a few cloud storage services, and keep a few copies on portable media in different geographic locations. It is good to remember that key pairs are tiny when it comes to data storage. So, you can make a hundred of them, and back them all up. As long as your security is never compromised, and regardless of how much cryptocurrency is eventually stored in these addresses, that backup that you buried in the forest ten years ago will still give you access to your current funds stored at those hundreds of addresses.
Protecting against time
If you use a software wallet to store your key pairs, and you keep a copy of the file the key pairs are stored in as a backup, then your computer breaks or gets replaced, you will have to reinstall the software to open the file that gives you access to your keypairs.
It is possible that by this time, the software version you had is no longer available, or does not run on any current operating systems. People are in this situation today while trying to recover bitcoin that they purchased more than five years earlier. It can be very hard and possibly very expensive to recreate the environment that was able to access your data. Because of this, it is recommended that you encrypt a basic .txt file that contains your key pairs. Future software will always be able to recover access to your funds with these.
Time can also make data impossible to access by causing faults with USB sticks, damaging CDs and other media, or even insects eating the paper that key pairs are written on. To protect against time, it is best to encrypted files on sets of various of media. Then store these sets of media in different geographic locations.
Recovering from a security mistake
If you’ve realized that you’ve made a security mistake that has increased the risk of someone stealing your cryptocurrency, but it is still where it should be, there is still hope. As soon as you can, securely transfer the value to a new address. When protecting this new address, do not reuse passwords that may have been compromised by your earlier lapse in security. This will cost you a transaction fee but will also make your remaining cryptocurrency secure again.
Your Will and Testament
If nobody knows how to access your cryptocurrency estate, then it cannot be passed onto those you would like to receive it if you die. There are multiple options, and you may want to make the retrieval process simple and secure. One example would be to store your private and public keys in a fire safe or even in a bank vault.