Things To Think About When Securing Your Bitcoin

jimmysong
akinfernandez

#1


via medium

I hear about people losing their Bitcoin and alt-coins daily, because they lack the knowledge and skill on how to safely secure their digital assets. This often results in catastrophic consequences where good people lose everything. There is no customer service in crypto to call when you screw up. You learn through the painful sting to your bottom line.

I too have made mistakes and lost some Bitcoin along the way. This is what motivates me to continually research new strategies to optimize my own security practices. Along this journey I have met some incredibly smart people who were happy to share with me some of their expertise.

The Shroud of Secrecy

Bitcoin custody is somewhat shrouded in secrecy. This is due to the malicious attacks you open yourself up to by going public with this information. The fascinating part about this game is you cannot go to any company, organization or anyone who calls themselves “experts” in Bitcoin security to get this information. You can try, and you will get some good tips, but this is not enough. You need to diligently do your research and listen to multiple opinions. The rest is up to you. Hopefully you choose wisely.

The best way I have found to learn about these things is to go to the developers and cypherpunks who have been in the trenches for years pioneering this stuff. Most of these people do not consider themselves anyone special, nor are they willing to openly discuss their practices. Fortunately, I have gained some trust over the years. After talking with a few of them about the need for an article like this, they agreed to participate but some insisted on leaving their identities out.

The following five Q&A’s only scratch the surface. Hopefully this motivates you to think more about how you can up your security game. The last contributor answered in English and Spanish.

Bitcoin Security Q&A #1 with Jimmy Song, Programming Blockchain

What is your preferred way to lock down your Bitcoin and crypto?

In a wallet I control.

What are your thoughts on paper wallets?

Good security, bad on the privacy side. People generally are better at securing paper than digital goods.


bitaddress.org is a good option for a paper wallet.

What paper wallet(s) do suggest?

bitcoinpaperwallet and bitaddress are pretty good. Just make sure you generate the wallet offline.

Do you like hardware wallets?

Mostly. They tend to suffer from the fact that you can’t audit the hardware. That said, physical security is something people are more used to so it tends to be better in that way. Security you don’t use is generally not that great.

Do you have any recommendations on hardware wallets?

I use Trezor, but I can’t vouch for the safety of the hardware itself. I’m still waiting for an HSM (hardware security module) that’s consumer-level.

What are a few of your best tips for anyone using a hardware wallet?

They’re designed to be simple to use so use them the way they’re intended unless you know exactly what you’re doing. Nobody does multisig very well, for example.

Generally, keep your seeds locked up somewhere with tamper evident stickers. That’s the minimum I would do.

What other high-security wallet software options are there?

Armory on an offline device (like an old laptop) is pretty good. I’m a bit biased though, since I helped make that thing.

How do you feel about storing Bitcoin on hot wallets?

Only in small amounts, like less than $500. Being paranoid doesn’t hurt.

What are a few hot wallets you can suggest?

Depends on your use case. If it’s to pay some people, even centralized hot wallets are fine as long as you’re okay with losing it. Treat it like money in your physical wallet. You might lose it, so don’t keep your life savings with you, for example.

I used to like Mycelium, but they’re still slow to adopt segwit. I haven’t really played with too many because I don’t use Bitcoin to buy small items, generally.

What are a few of your best tips for anyone using a hot wallet?

Keep only the amount that you’re comfortable losing.

How do you feel about the companies who offer, in their words, “extra secure” Bitcoin storage?

It goes against the spirit of being your own bank, but regulations require this for hedge funds, for example. The history of exchanges is such that theft is always something that’s on the table, so I wouldn’t necessarily trust any of them.

Why is an exchange a horrible place to store your crypto even with 2 factor authentication?

It’s fine for small amounts. It’s bad for larger amounts. If you store your coins on an exchange, you’re essentially lending them your coins with the possibility that they can’t or won’t pay you back.

Where are some safe physical places you might recommend for people to store hardware wallets, paper wallets or private keys?

I’m not an expert on physical security, but some sort of vault is good, I’d imagine.

Is there a preferential operating system people should be using that might offer better security for Bitcoin or crypto transactions?

Linux is generally my preferred OS because it’s open source.

What about suggested browsers?

Something open source.

Describe some of your best practices and tips for sending and receiving Bitcoin or crypto?

For small amounts, use a hot wallet. For larger amounts, use a hardware or off-line wallet. Double check everything and don’t rush.

Describe some of your best practices tip for storing your Bitcoin or crypto?

Be careful and have a good plan.

Do you have any other words of wisdom?

Hopefully, they’re in the other questions!


Bitcoin Security Q&A #2 with Akin Fernandez, Azte.co

What is your preferred way to lock down your Bitcoin and crypto?

There is no such thing as “crypto.” I lock down with OpenDime and Ledger. Because both of those provide offline storage, you can rest assured that your Bitcoin is safe.

What are your thoughts on paper wallets?

They are very useful. As the software used to generate, import and manage them gets better, they will be even more useful.

What paper wallet(s) do suggest?

Armoury produces useful paper wallets; that’s one I’ve experimented with myself.

Do you like hardware wallets?

Yes. They’re essential for any Bitcoin user’s tool kit, and in the future, will be commonplace. Everyone who earns money will have a hardware wallet of some description, that fits into their personal banking process hierarchy, where devices and practices are ordered by the need for security balanced by convenience and how much Bitcoin you’re talking about. If you have millions of dollars in Bitcoin, storing them on a single hardware device in your house might cause you sleepless nights. Putting them under a mnemonic isn’t satisfactory either; what if you bang your head and can’t remember the words? What if you get killed? How will your children inherit your fortune? You can’t tell your lawyer your words; he might steal your money. You can’t leave your money on an exchange, because that’s not safe. This is a real business problem looking for a strong solution, the best one to emerge will not require trusting anyone or any manufacturer, and will be so simple that anyone can do it. For now, a mixture of devices and methods is best, with fallbacks that are as infallible as you can make them. It has to be said, if you live a life where you can’t trust anyone, you have bigger problems than where to store your Bitcoin.

Do you have any recommendations on hardware wallets?

I recommend Ledger and OpenDime. OpenDime is a transformative device, that turns Bitcoin into a physical bearer instrument. Ledger is good if you need to keep Bitcoin safe and offline, and spend from your wallet over the internet or disburse to your phone wallet. Ledger has a good mix of capabilities and form factor, and it’s very easy to use and absurdly inexpensive given what it does.

What are a few of your best tips for anyone using a hardware wallet?

Read the manual. Read it again. Read it once more. Follow all the instructions. Become intimately familiar with how it works. This applies to Ledger, and not to OpenDime, since OD is so simple it requires very little understanding. It is easer to use an OpenDime than it is to make a phone call. OpenDime is even laundry proof. Understanding how your devices work is crucial; you cannot outsource your Bitcoin security without losing some security. It’s not hard to do, and a lot of work has gone into these devices to make them consumer friendly, and they are very consumer friendly. Moving Bitcoin from Ledger is easier than using a Credit Card online.

What other high-security wallet software options are there?

If you have a MacBook pro with the Reference Client on it, turned off and in a safe, that is very high security. Generally, if you stay away from Windows, and limit your use to the known secure platforms and devices, you will be safer. Security is complex; seemingly normal behaviors can compromise you, and in it’s character, security is a process as much as it is a destination. Samurai Wallet is a very good option, with the sort of functions you need to manage your Bitcoin properly. Importing wallets from other wallets from a seed works perfectly on Samurai, and it is developed by a crack team of experts, and I strongly suspect it is going to be the number one wallet globally.

How do you feel about storing Bitcoin on hot wallets?

Someone has to run hot wallets, otherwise services can’t operate. The device or class of wallet you’re using should be governed by your use case. If you are storing Bitcoin for a long time, you select devices and methods that suit that. If you are running a Bitcoin service where you’re sending out lots of Bitcoin, then you need a hot wallet. It is less about feelings than it is about practical considerations.

What are a few hot wallets you can suggest?

Bitcoin Core. Electrum works well also.

What are a few of your best tips for anyone using a hot wallet?

Run Linux. Failing that, run MacOS. Do not, under any circumstances, run Microsoft Windows.

How do you feel about the companies who offer, in their words, “extra secure” Bitcoin storage?

In a free society, people are at liberty to offer services to each other. You can run your own “extra secure” Bitcoin storage yourself. The same software these companies use is available to you. The only advantage they have are storage facilities that can withstand fire and water damage. Bear in mind also, that when you use these companies, they are instantly less secure than storing your own Bitcoin. Once they know who your are, you are compromised. If the State asks them to hand your Bitcoin to them, it is likely that you will lose your Bitcoin, without any means to get it back without going to court.

Everyone has the right to run businesses and offer services to others. As long as these businesses don’t use fraud they are acceptable for the market. The problem is how can you measure what “extra secure” means (if it is even a real thing), and can you trust that people will do what they say they will do. This is especially important in countries like the USA where businesses can be compelled to compromise you by National Security Letters, and are forced not to reveal that you have been compromised. I wonder if any of the custodial Bitcoin businesses in the USA have ever received a National Security Letter? I don’t think this is a question anyone has asked, and I don’t know if any of them have a Canary signal in operation. Of course, none of this matters to you if you manage your own Bitcoin, which is exactly why you should do that.

Why is an exchange a horrible place to store your crypto even with 2 factor authentication?

Because exchanges are Bitcoin custodians, and you should store your own Bitcoin where it can never be arbitrarily seized. If you want to hold your money in a third party service, why not keep your money in fiat in a bank where it is “safe”? All the top Bitcoiners use exchanges only to trade Bitcoin and they don’t keep their Bitcoin on the exchange. No matter what happens to the exchange, be it change of ownership, National Security Letters or some other shenanigans, if you keep your Bitcoin in your own device, no one can prevent you from spending it in any way you see fit. Storing Bitcoin on an exchange is regressive, and anyone who has suffered having “their” account shut knows this is true. Not keeping your own Bitcoin perpetuates the bad habits of bankism. Thankfully, distributed exchanges like HodlHodl will put custodial Bitcoin businesses to death, and push security out of the pillar and into the pond https://hackernoon.com/the-pillar-and-the-pond-9eea73318b92

Where are some safe physical places you might recommend for people to store hardware wallets, paper wallets or private keys?

There are generations of best practice methods for keeping sensitive documents safe, and that is what Bitcoin is. Bitcoin is not money, it is text that can be printed out or stored on a device. Looking at how archivists store paper and data for decades is a good place start. Printing on to acid-free paper with acid free ink is essential, especially if you intend to keep your Bitcoin for decades printed out.

Is there a preferential operating system people should be using that might offer better security for Bitcoin or crypto transactions?

Linux or MacOS, and no excuses. If you are really serious, then Qubes OS is a reasonably secure operating system.

What about suggested browsers?

Google Chrome is sufficient, and you can use it to run your Ledger software.

Describe some of your best practice tips for sending and receiving Bitcoin or crypto?

There are many ways to receive Bitcoin, and you can tailor your method to your needs. For example, let’s say you are a secretary, and you get paid once per week in Bitcoin. Your boss can send your wages to the same payment code every week, or you can flash a new address to him on your phone when you clock out. Once you have your wages, you can send a portion immediately to your cold storage device where you know its safe, and keep the rest for that evening’s Friday drinks. Bitcoin is very flexible; for certain, there is a business to be made out of designing “Bitcoin as daily money” throughput systems and setting up people’s Bitcoin self-management practices and software. With Azteco, you can buy a voucher and send it anywhere, without having to use your own wallet; the service does all the heavy lifting. It is a very secure way of sending Bitcoin, because you don’t have to worry about the process, or run a wallet yourself. Powerful, counter-intuitive services like this will expand the number of Bitcoin users and workflows dramatically, without these users having any technical burden.

Describe some of your best practices and tips for storing your Bitcoin or crypto?

“Crypto”

Any red flags you want to call out that often fool people into doing stupid things?

Yes. Buying alt-coins is a stupid thing. No matter what they’re called.

Do you have any other words of wisdom?

Proverbs 8:11 “For wisdom is better than rubies; and all the things that may be desired are not to be compared to it.”

Akin Fernandez is the co-founder of Azte.co. You can learn more about him by reading, “Immutable and Censorship Resistant.” Follo Akin on medium Beautyon and twitter @beautyon_


Bitcoin Security Q&A #3 with Anonymous Cypherpunk

What is your preferred way to lock down your Bitcoin and crypto?

The best way is to do this in tiers. Tier 1, 2 and 3.

Tier 1: Hot wallet on your phone or an exchange for daily spending

Tier 2: Hardware wallet like Trezor for general savings account

Tier 3: Long term paper wallet cold storage for retirement backed up in multiple locations which could include safety deposit boxes.

What are your thoughts on paper wallets?

They are a perfectly reasonable and secure way of storing your private keys however they are most often used with long term cold storage.

What paper wallet(s) do suggest?

The best one I’ve seen so far is bitaddress.org

Do you like hardware wallets?

I prefer hardware wallets even though some say they are more at risk then paper wallets due to the fact that hardware components require sourcing from multiple companies/locations.

Do you have any recommendations on hardware wallets?

I prefer the Trezor.

What are a few of your best tips for anyone using a hardware wallet?

Make sure to back up your seed in case your device ever gets lost or damaged.

Only use them as tier 2 storage.

Don’t always update to the latest firmware version until it’s been released for a while to make sure there are no bugs or problems.

What other high-security wallet software options are there?

One of the higher-grade security wallets out there is btcarmory.com.

How do you feel about storing Bitcoin on hot wallets?

A hot wallet should not be much different than your regular wallet and hold daily spending funds.

What are a few hot wallets you can suggest?

For Android I like Samurai Wallet.

What are a few of your best tips for anyone using a hot wallet?

Backup your seed in case your phone gets damaged and never store more than you would in a regular your physical wallet.

How do you feel about the companies who offer, in their words, “extra secure” Bitcoin storage?

It’s always a case by case basis where research has to be done to see how they are storing private keys. If you don’t own your private keys however, it’s not really your Bitcoin.

Why is an exchange a horrible place to store your crypto even with 2 factor authentication?

Mostly because exchanges get hacked almost monthly. However, this year I expect decentralized exchanges wherein your private keys never leave your possession to take off and become a new standard. Some of these exchanges interface directly with hardware wallets as well providing even more security.

Where are some safe physical places you might recommend for people to store hardware wallets, paper wallets or private keys?

All the usual places, Safes and safety deposit boxes. There are many people out there who use their imagination and get more creative.

Is there a preferential operating system people should be using that might offer better security for Bitcoin or crypto transactions?

It all comes down to protecting your private keys. Private keys held on a computer connected to the internet all are in the same amount of danger regardless of OS.

What about suggested browsers?

Same condition above applies here.

Describe some of your best practices and tips for sending and receiving Bitcoin or crypto?

Always double check addresses

Use multi sig when applicable

Don’t over pay in fees. If you can afford to wait a bit longer, do it and you’ll save money.

Any red flags you want to call out that often fool people into doing stupid things?

Don’t worry too much about the price if you are not a trader. Just Hodl.

Do you have any other words of wisdom?

Always do your own research. Don’t Trust. Verify.