How Bitcoiners Should Use Their Hardware Wallets For Advanced Security

Hardware wallets tin support your generational wealth. Leverage them to summation the highest level of information and privacy.

This is an sentiment editorial by Josef Tětek, the Trezor marque ambassador for SatoshiLabs.

Whether you’re conscionable contemplating buying your archetypal hardware Bitcoin wallet oregon person already had 1 for years, it’s ever a bully thought to refresh connected the basics of these marvelous devices. Contrary to fashionable belief, a hardware wallet isn’t a “set it and hide it” instrumentality that volition instrumentality attraction of your bitcoin for you. Instead, a hardware wallet tin assistance you with your ongoing bitcoin security.

When And Why Should I Buy A Hardware Wallet?

Since hardware wallets commencement astir $70, it’s evidently not an charismatic thought to bargain 1 if you’re conscionable dipping your toes into Bitcoin. There is nary wide cutting-off constituent aft which it is imperative that you bargain yourself a hardware wallet, but a bully regularisation of thumb is to get 1 erstwhile you person astir $1,000 worthy of bitcoin to protect. When you stack regularly and bitcoin appreciates successful the meantime, chances are you’ll transverse the $1,000 threshold quickly, truthful don’t enactment it disconnected for excessively long.

Some radical clasp the presumption that hardware wallets are superfluous and an aged phone/laptop volition enactment perfectly good successful their place. The occupation with specified general-purpose devices is that virtually thing tin tally connected specified hardware and unless you’re an precocious information expert, you won’t cognize if the instrumentality is truly safe, adjacent if disconnected from the net (and honestly, information experts would alternatively presume it is not harmless successful the archetypal place). Hardware wallets are special-purpose devices with firmware that performs a constricted acceptable of processes, namely generating keys and cryptographically signing with those keys — each successful a strictly offline environment.

Writing Down And Protecting Your Recovery Seed

When you’re mounting up your hardware wallet, 1 of the archetypal things the wallet does for you is that it generates your backstage keys. To guarantee you volition clasp connected to your bitcoin adjacent if the peculiar instrumentality is mislaid oregon breaks down, you volition beryllium prompted to constitute down your betterment seed: a human-readable concealed that tin beryllium utilized to retrieve your backstage keys successful different compatible wallets.

Writing down the 12 oregon 24 words that marque up the betterment effect is 1 of the astir important things you request to bash successful bid to support your bitcoin. Hardware wallets typically bash not amusement the betterment effect again — you request to constitute it down and support it harmless during the setup process.

Here are immoderate basal tips for protecting your seed:

• Write the words down with your ain manus connected a portion of paper
• Alternatively, you tin usage a much robust solution specified arsenic Cryptosteel Capsules oregon different metallic solutions
• Never instrumentality a photograph oregon support a integer transcript of the effect — hackers are actively looking for specified data
• Store your betterment effect successful a determination with controlled entree distant from water, occurrence hazard, etc.
• Consider setting up a Shamir Backup — aggregate betterment effect shares that summation the information of your seed

Checking Your Recovery Seed

Once you person your betterment effect written down, it’s advisable to verify that it truly works to reconstruct your wallet. You privation to cheque the integrity of your effect earlier there’s immoderate bitcoin attached to it, not after.

The champion signifier is to factory-reset your hardware wallet and past retrieve your wallet from the seed. Alternatively, immoderate hardware wallets connection dry-run recovery — this enactment volition marque you much comfy if you already person immoderate bitcoin stored connected the device. To execute the dry-run betterment successful the Trezor Suite, for instance, navigate to settings, prime “Check Backup” and travel the prompts (note that the connected Trezor instrumentality should respond successful the 3rd measurement — ne'er input the effect words into a machine if the instrumentality doesn’t respond!)

It’s a bully thought to cheque your effect backup regularly. If your information setup involves aggregate Shamir Backup shares, inspect them each 12 months astatine slightest to marque definite the shares are inactive intact and acceptable to beryllium utilized erstwhile needed.

Setting Up The PIN And Passphrase

Most hardware wallets tin beryllium secured with a PIN. A bully PIN tin support an attacker from stealing your funds if they observe your device, but enactment that a PIN lone protects the device, not the betterment seed. So if the attacker were to observe some your instrumentality (protected by the PIN) and your betterment seed, they mightiness bargain each your bitcoin, arsenic with a betterment effect successful their hand, they don’t really request the instrumentality itself.

Fortunately, determination is simply a mode to mitigate the menace of an attacker uncovering your betterment effect arsenic well. Some hardware wallets, specified arsenic Trezor devices, connection the enactment to support your effect with a passphrase. Passphrase helps you make a marque caller acceptable of wallets that are derived by combining the betterment effect and a peculiar passphrase. This means that the effect itself becomes useless to an attacker, arsenic they wouldn’t beryllium capable to deduce the close acceptable of wallets with a betterment effect alone. 

Inputting the passphrase consecutive connected the instrumentality eliminates the hazard of leaking the passphrase to a keylogger.

If you’re having a hard clip telling the quality betwixt the PIN and the passphrase, conscionable remember: the PIN protects the device, the passphrase protects the seed. 

If you opt to usage the passphrase, bash not trust connected your memory. If you forgot the passphrase, determination volition beryllium nary mode to entree your funds. It’s imperative that you make a backup of your passphrase, akin to what you've done for your seed. Keep the effect and the passphrase abstracted and you volition marque it intolerable for attackers to bargain your funds if they accidentally find either of those.

The Device Screen Is There For A Reason: Always Verify Your Addresses!

Hardware wallets are utile beyond elemental HODLing. One of the main benefits of these devices is the quality to person and nonstop bitcoin successful a precise unafraid manner.

A communal clipboard malware tin alteration the code you are copy/pasting connected your computer. If your machine is infected with specified a virus, the lone enactment of defence is to comparison the code shown connected the instrumentality with the sending/receiving counterparty (the speech website, your friend’s telephone wallet, a Signal message, etc.). This is 1 of the reasons wherefore each the hardware wallets worthy their names indispensable person their ain screens, and wherefore immoderate acold retention solutions specified arsenic near-field connection (NFC) cards without screens aren’t bully plan choices.

When receiving bitcoin, the instrumentality volition amusement the afloat code connected its display, truthful that you tin independently verify that the code shown successful the companion app is the close 1 (i.e., generated by the device). After you verify the code and springiness it to your counterparty (either arsenic a scanned QR codification oregon copy/pasted string), verify it again to marque definite it wasn’t modified by the clipboard malware.

Always verify your receiving code with the instrumentality screen!

When sending bitcoin, the process involves aggregate checks: verifying the code you’re sending to, the associated fee, and the full magnitude to beryllium sent. Be definite to treble cheque everything!

Do not unreserved done the process of verifying everything. Only the instrumentality surface tin archer you what is truly going connected wrong the hardware wallet, truthful marque definite you are truly sending oregon receiving funds wherever you’re expected to.

Beware Of Phishermen!

There are galore atrocious radical retired determination who would similar to bargain your bitcoin. Some take to dispersed their tentacles done malware similar the 1 described above, others effort to instrumentality your coins done societal engineering techniques — fake websites, e-mails oregon apps that effort to marque you benignant your effect on with the passphrase are widespread.

The champion extortion is to retrieve 1 elemental rule: never benignant your effect into a website oregon an app without the hardware wallet guidance. When recovering your bitcoin with a hardware wallet specified arsenic a Trezor, you either benignant the effect words connected the instrumentality itself (possible with the Trezor Model T), oregon the instrumentality tells you the bid successful which you person to benignant the words (like the Trezor Model One), truthful arsenic not to leak the close bid to imaginable keyloggers oregon different spying techniques.

Routing Through Tor, Connecting Your Full Node

To amended idiosyncratic privateness and forestall IP code leakage, it’s advisable to way each the bitcoin-related postulation done the Tor network. Tor is amended than a virtual backstage web (VPN), arsenic VPNs often support logs of lawsuit postulation that tin leak oregon beryllium handed implicit to authorities if requested. With Tor, your IP code is genuinely hidden, truthful your bitcoin transactions stay backstage (although support successful caput that Tor by itself won’t support you if your bitcoin addresses are linked to you due to the fact that you bought bitcoin connected a centralized speech that knows your identity). You tin way your Bitcoin transactions originating from your hardware wallet with Bitcoin Core (see this guide) oregon different compatible wallets.

To further fortify your privateness and sovereignty, you tin link your hardware wallet to a afloat node. When moving your ain afloat node, you don’t person to trust connected immoderate 3rd enactment to broadcast your transactions and to springiness you the latest authorities of the Bitcoin ledger. You tin tally a Bitcoin afloat node connected your location computer, laptop oregon a Raspberry Pi device, and link your hardware wallet done a Bitcoin Core HWI oregon Electrum.

Prepare For The Real Risks

The astir communal hazard erstwhile handling bitcoin is accidental loss. Throwing retired the betterment seed, sending oregon receiving funds to a incorrect address, falling for a phishing scam, forgetting a passphrase, oregon failing to instrumentality aforesaid custody and keeping coins connected an speech that’s aboriginal hacked — these are overmuch much probable hazard vectors than immoderate authorities seizure. The inconvenient information is that Gitcoiners are their ain worst enemies.

A bully regularisation to retrieve is to test retired everything. After you acceptable up your caller hardware wallet, trial that your betterment effect truly works, either by wiping the instrumentality oregon performing the adust tally recovery. When you’re sending your archetypal transaction utilizing a hardware wallet, nonstop a fewer dollars archetypal to get a consciousness of however everything works. If it has been immoderate clip since you’ve checked up connected your seed, marque definite it’s inactive there. If you’re considering utilizing a passphrase, effort sending conscionable a fewer sats into the caller wallet and past effort logging successful and retired with and without the passphrase a fewer times. Being acquainted with however the hardware wallet should respond volition beryllium to your vantage if you ever find yourself successful a stressful situation.

Also support successful caput that each the large hardware wallet manufacturers usage a mutually-compatible betterment effect modular (BIP39 for regular effect oregon SLIP39 for Shamir Backup), truthful adjacent if a peculiar shaper went bankrupt, your coins volition ever beryllium harmless and you’ll beryllium capable to retrieve your bitcoin successful a multitude of open-source wallets, hardware of software.

This is simply a impermanent station by Josef Tětek. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.