For beginners : Cryptocurrency wallets and security

in #cryptocurrency8 years ago (edited)

In my last post I talked about why I believe cryptocurrency's to have such a great future, and consequently, why it is a very compelling investment choice. Today, I am going to talk about wallets and the options out there. And what you need to be aware of in terms of security.

The key concept to understand with cryptocurrency wallets is that you will have a public key as well as a private key. The public key is your deposit address, the private key is what is used to digitally sign your transactions. Now, of critical importance with all wallets is that you keep your private key secure and backed up. Most wallets these days offer a mnemonic based backup phrase that you can use to restore your wallet should you lose the device. It is of absolutely paramount importance that you always write these phrases down and secure that piece of paper in a secure location. Ideally two physical locations, you can keep the other copy with someone you well and truly trust.

So, wallets I personally classify in three different categories and this is all about the level of security vs ease of use/accessibility. First level - least secure - most accessible, HOT mobile wallet - this I keep on my mobile phone that I carry with me every day. I only keep small amounts here for transacting purposes. Think of this as carrying cash, to be fair it is a little more secure than cash as you can password restrict access to both your phone and your app - but I'll go into security in more depth when I discuss hot wallets. Second level - more secure - relatively accessible - HOT wallet on a dedicated but online machine (or bootable USB stick) - this device is only used for purposes of cryptocurrency wallet management and nothing else. Typically you would keep the funds that you would use for exchange purposes on here. Third level - most secure, hard to access - COLD storage. The idea here is the wallet never touches the internet whatsoever, and it can be done in various ways - from paper wallets to hardware wallets to a dedicated device with no internet connection.

I will not be going into too much detail on each method, although I do intend on giving a decent enough overview. I will also provide links for further information.

NB: I know I am repeating myself but with all the below options make sure you backup your codes and keep that information safe. If someone has access to your public and private keys they can do what they want.

Hot mobile wallet

Personally, my favourite options here would be Coinomi and Jaxx. I have respect for both these projects in terms of what they have done, although if I had to choose a favourite between these two it would be Coinomi - although in all fairness this is mostly personal bias and the fact that I keep many different altcoins that jaxx doesn't yet support. I use both wallets in reality and this is mostly just to spread the risk. If your an iOS user unfortunately Coinomi isn't an option yet, as far as I am aware, which is a pity.

Even though you should not be keeping large amounts on your hot mobile wallets you should still take some security measures in the event of theft or loss of your device. I do recommend installing a decent anti-malware product on your device, and definitely ensure you are using a screen lock with either password or fingerprint protection (depending on your device). Beyond that, it is also a good idea to use an applocker to force a password prompt whenever attempting to access your hot wallet app of choice. Ensure that the applocker app isn't going to be easy to uninstall without entering a password. Which apps to use for these I will recommend doing your own homework although I am glad to answer questions in comments below. The other thing I recommend is not to enable auto-updating of your wallet apps, this is so that in the worst case scenario of a vulnerability being introduced in a future version update that you exclude yourself from this equation as much as you can. Personally I give it a week or two after an update has been released before updating.

Links :

JAXX :

https://jaxx.io/support.html

COINOMI:

https://coinomi.com/

Hot, relatively secure standalone wallet

Here, you have several options. The idea is you do not carry this device with you at all times, and typically this would be on a home machine or a backup phone. A cheap android phone isn't a bad idea if you want something that is reasonably secure probably in combination with an app like Jaxx or Coinomi.

If you are going the route of using a cheap or backup mobile phone, I would take all the steps mentioned in the hot mobile wallet above - but in addition to that I would lock it down further :

  1. Complete factory reset
  2. Disable wifi
  3. Remove as many apps as you can that you won't need. Every app is a potential future vulnerability. If you cannot uninstall an app, disable it.
  4. Encrypt the device if it isn't already encrypted, see https://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
  5. Disable auto-updates
  6. Re-enable wifi to install a firewall application. You will want something that prompts you each time an application or process requires internet access. There are several apps out there that can forfill this.
  7. Install anti-malware/anti-virus
  8. Install wallet(s)

From here on in you will want to only access the device when necessary and obviously keep it in a secure location. Update your wallets, anti-malware/virus definitions and firewall applications on a fairly regular basis manually.

Even doing all of this, does not make you immune to vulnerabilities, it just is far less likely to be vulnerable as compared to a hot wallet on say your windows desktop.

If you do not have access to a secondary phone, another great option is a bootable USB stick running linux and use one of the many linux wallet options that are available. You will want to go with as lightweight a distro as possible. You could also decide to go with one of the security focused linux distros, see http://www.techradar.com/news/10-best-linux-distros-for-privacy-fiends-and-security-buffs - however be aware you will still need internet access, some of the security focused linux distros completely disable internet access. The steps you will be taking will be similar to what you did with using a phone, as in encryption is mandatory and the use of a firewall is also mandatory. Wallet options under linux that I have used or am using include : Jaxx, Exodus and Electrum (BTC only).

Links :

JAXX :

https://jaxx.io/support.html

COINOMI:

https://coinomi.com/

Electrum

https://electrum.org/#home

Exodus

https://www.exodus.io/releases/

Cold storage offline wallet

If you want absolute peace of mind, you will want to lock up the majority of your funds away in cold storage. What this means is the wallet never touches the internet unless you intend on cashing out.

The easiest option is probably a paper wallet. I will provide links to ethereum and bitcoin paper wallet solutions. If you are stuck on finding paper wallet solutions for other currencies your welcome to ask in comments and I am happy to help. The idea is you will be printing your public and private keys on an offline machine, and also be aware that some printers cache copies of recent print jobs so you do not want to be using a shared printer. Also the printer itself should be offline and not network enabled at the time of printing. Ideally just use a cable connection. The public key is your deposit address. The private key you will want to obviously keep completely secret and secure. After printing your public and private keys you can transfer funds from your hot wallets to the public key address of your cold storage wallet.

If you aren't confident I highly suggest start with a small test case and print a paper wallet so you are sure you are familiar with the processes. Transfer a tiny fractional amount to your test wallet, and then make that wallet active again to withdraw so you are familiar with what needs to be done. You may also want to consider laminating your paper wallets if you intend on storing them for long durations.

And, whatever you do, do not do this :

Rather print out two copies and keep the second copy in a second (and different) highly secure backup location. A fireproof safe is also a good idea.

Paper wallet links

Ethereum

https://www.myetherwallet.com/

Paperwallet guide for myetherwallet : https://etherbasics.com/the-tutorials/the-ether-paper-wallet-tutorial/

Bitcoin

https://bitcoinpaperwallet.com/

The documentation on bitcoinpaperwallet is quite decent and easy to understand.

However, if you are willing to spend a bit extra, a great option is a dedicated cold storage hardware wallet product such as Ledger
Nano S or Trezor. There are others but these are the most familiar. This is a highly user friendly and ultra secure option provided (as always) you take care of your restore codes appropriately. These are quality professional products and if you don't want to go through the hassle of paper wallets, one I would highly recommend.

Hardware wallet links

Trezor : https://trezor.io

Ledger Nano S : https://www.ledgerwallet.com/

Finally, I have been testing another way to do cold storage that is easy enough (easier than say printing multiple paperwallets) and will elaborate on this in a future post. What I wanted is a bootable USB flash drive loading an offline security focused linux distro and I am experimenting with software options beyond that point - the requirement I do have is it must support multiple cryptocurrencies.

Sort:  

Very informative and easy to understand for a beginner such as myself. The article provides a good base understanding relating to wallets and the security factors you need to be aware of. Thanks!!!

can you use paper wallets for any tokens? if so, how do you do it? i have jaxx and my ether wallet, but they don't support all the coins i own. i am especially referring to antshares and factom.

Most currencies will yes, it all depends on the devs and community .. In the case of factom you have this option : https://www.factom.com/devs/docs/howto/use-factoidpapermill ... Just make sure you run the software on an offline machine and make sure you do test it with a very small amount first. As for antshares im not sure.. But i did find this on steemit : https://steemit.com/antshares/@frank77/antshares-paper-wallet-public-address-and-private-key .. It is not exactly a paper wallet from what I can tell though, not familiar with the antshares official wallet app but it seems like in the guide a wallet is being generated before going online. I would again just test it with small amounts to be sure that approach works

many thanks. will check it out.

Good info. I use a few hot wallets (Mycellium, Jaxx, blockchain.info) and I use Trezor for long term store. As I gather more altcoins, I need a cold store for these. Maybe a mobile phone with no connectivity or paper wallets for each.

Or a bootable usb stick running linux in offline mode. Busy experimenting with various options to support multiple altcoins. Trying to print paper wallets for 10+ different coin can be a pain. Will be sharing my findings shortly, I like to test it thoroughly myself before sharing the detail

awesome post :D