Adam Adler: Introduction to Cryptocurrency Wallet Security 2021
Adam Adler (Miami, Florida): Wallets are gateways to cryptocurrencies and, as the blockchain space has grown, the variety of wallets available has also grown. Most people who want to dabble with a small amount of crypto, start off their crypto journey by setting up hot wallets in the form of phone, desktop, or web application. Hot wallets focus primarily on convenience and are great for making coin transfers on the go.
While hot wallets may be convenient, they force users to sacrifice security and the underlying basis of crypto: having complete control of one’s wealth. Thus, as people get a stronger grasp of blockchain technology and understand how to improve the security of their Crypto assets, they either opt for hardware wallets or even brain wallets.
User Experience is Important
Given that wallets are gateways to cryptocurrencies, the user experience they provide to new market entrants is of critical importance with respect to the growth of crypto adoption. This piece will take a look at the user experience of several popular wallets. Each section below will cover two main user experiences of a wallet: set-up and performing transactions.
Here’s a summary:
Brain Wallets: To securely set up a wallet, users must download a brain wallet application from GitHub or use an online tool. Once they’re offline, the user can enter salt and passphrase to generate a wallet (private key). The private key will be exposed and must be immediately stored securely. Brain wallets provide a one-type transactional facility as transacting will expose the private key to some web front. Therefore, any time coins are sent from a brain wallet, a new one has to be made. Brain wallets can be challenging to (securely) set up for those who lack the technical know-how and provide close to zero positive UX features in terms of transactions.
In addition, for each coin and for each public address of that coin you need to have a separate brain wallet.
Hardware Wallets: Hardware wallets, like Ledger, can be set up by connecting the wallet to a computer device that has downloaded the supporting software of the hardware wallet (like Ledger Live). After that, a pin is set on the hardware device to initiate its functionality. Next, users move along the steps presented in the supporting software till they are prompted to create a 24-word seed phrase that is typically written down somewhere. Once the seed phrase is approved, private keys are created and stored in the hardware wallet.
Next, applications, one for each blockchain, are downloaded on the wallet in order to receive and send transactions. Transactions are initiated on the supporting software, like Ledger Live, and are approved through the hardware wallets’ button-initiated commands. Hardware wallets have a lengthy set-up process, but the process is well-explained by their supporting software. Receiving and sending funds for the first time requires a lengthy process as support for each coin has to be individually set-up.
The easiest way to get started with Bitcoin and other popular cryptocurrencies is to sign up with an online wallet such as Coinbase or Binance. Online wallets hide many of Bitcoin's technical challenges, such as handling private keys and addresses, so they're an attractive option for people who are less tech-savvy or new to Bitcoin. Signing up for most online wallets takes no more than a few minutes, and accessing your account requires only a browser, username, and password.
Online wallets, however, are not the safest place to store your cryptocurrencies. Anyone with your email and password can access and steal your coins, and bad actors can accomplish this with something as simple as a phishing email. Also, unlike with traditional payment systems, recovering lost bitcoins is virtually impossible.
Enable Two-Factor Authentication (2FA)
Most online wallets support some form of two-factor or multi-factor authentication. Enabling 2FA links your account to a phone, mobile app, or physical dongle. If a malicious hacker obtains your username and password, they'll still need to have that extra factor to access your account.
Don't Use Your Phone Number for 2FA
Most sites support several forms of two-factor authentication, but not all 2FA methods are equally secure. If you rely on SMS passcodes to secure your account, crafty hackers will be able to hijack your phone number and intercept your 2FA passcode. If you're associating a phone number with your account, it would be best to use a separate, secret SIM card.
Use a Separate Email for Your Bitcoin Wallet
Most of us have a primary account for our daily communications—but we use the same email address for our Facebook, Twitter, and PayPal accounts. We share it with friends, family members, and coworkers. They might share it with other people, and eventually, a malicious hacker might obtain it. If your online wallet is tied to this email, the hacker has one of two important pieces of information needed to access your wallet. Use a separate email address for your online wallet—one you don't use for any other purpose. This minimizes the chance of your account being discovered by a cybercriminal.
Use an Offline Wallet
Every Bitcoin wallet has one or more "addresses" where it stores its cryptocurrency. Bitcoin addresses are long, unique strings of alphanumeric characters, and each address has a pair of private and public encryption keys. When other users want to send bitcoins to your address, they use your public key. When you want to spend your bitcoins, you use the private key to sign your transaction. The private key proves you have ownership of the bitcoins stored in a specific address. Therefore, the key to securing bitcoins is to keep your private key in a safe place.
By using an online wallet, you're effectively letting the service provider secure your private keys for you. That's why it's so easy to use online wallets. But it also makes online exchanges an attractive target for hackers. Although these companies do their best to protect user accounts, they get breached pretty often.
An alternative to online Bitcoin exchanges is offline wallets, which give you full control of your private keys and will protect you against mass data breaches at Bitcoin exchanges. The trade-off is they're more difficult to set up and use, and they require more technical knowledge. Offline wallets come in different flavors:
Software wallets are applications you can install on your computer, portable memory drive, or mobile device. A wallet app, such as Electrum, stores private keys on your device and uses them to sign Bitcoin transactions whenever you want to make a payment. If you want complete security with a software wallet, you must install it on a computer that isn't connected to the internet and transfer signed transactions to an internet-connected computer. The process is more difficult but also more secure.
Hardware wallets are physical devices that generate and store cryptocurrency key pairs. They usually come with an associated app you must install on your computer or your mobile device. When you want to send bitcoins to someone, you have to connect the hardware wallet to your computer or pair it with your phone via Bluetooth. Every transaction is signed on the hardware wallet with the approval of the user. Hardware wallets are very secure because the private keys never leave the device; Trezor and Ledger are two popular options.
Paper wallets are Bitcoin key pairs printed as QR codes on paper. You can create paper wallets at one of several websites such as bitcoinpaperwallet.com. To receive money in your paper wallet, scan the public key with any Bitcoin wallet app and send it to the payer. To send bitcoins from your paper wallet, scan your private key to sign your transaction.
Paper wallets are "cold storage," which means they're good for securely storing bitcoins but not very handy for making day-to-day payments. Paper wallets are secure because they have no digital component and they can't be stolen or hacked remotely. But you must destroy the digital copy of the wallet after you print it, to make sure no one else replicates it.
Using an offline wallet doesn't mean your bitcoins are absolutely secure. If you leave your private keys in an unsecured place, the wrong person might chance upon them. Also, you might accidentally destroy your keys, which will also result in losing your funds without recourse. For instance, if you lose or destroy your hardware or paper wallet or forget your security PIN, your bitcoins will be lost forever.