Wallet security and its corners
- Security is not a certainty
- Metal gadgets
- Passphrase
- Multi-signatures
- Paper
- More
- Single point of failure
We strive to provide wallet security education for average users; to provide ideas and optimal solutions to mitigate possible damages.
For decades, online security was something we got to understand, and best practices are nowadays taken for granted. We learned how to handle our passwords, create them with complex combinations and review them regularly.
Blockchain technology puts security on a different level. What we learned so far from decades of online experience may be very helpful in understanding how to protect your blockchain assets but not precisely give you a clear answer on how to do it. With the advent of blockchain technology, we had to go to the drawing board and rethink security.
There are many approaches to securing digital assets, and we will highlight some and look at their benefits and shortcomings. There is no intention to express whether or not the methods laid down here are good for you. Some can perfectly suit you, and some may not, and you should assess what could be good for you based on your context.
1. Security is not a certainty.
Our core belief is that you should never treat security as certainty, and following this point of view will always put you ahead of potential problems.
Why should this be essential to you?
Technology, whether mechanical or information, is transitory, along with its security requirements. Security is part of technology and only lives as long as it suits the needs of its underlying application and accomplishes the desired result. What seems excellent for protecting your digital assets today may be redundant tomorrow. Security, in simple words, is buying time.
2. Metal gadgets
Metal devices are the first choice for protecting the keys; indeed, they are a good choice. Using metal plates or other types of metal gadgets is advertised as a top security approach everyone should opt for.
Durability is most often the selling point. As much as durability is significant, it is arguably not the most crucial protection aspect.
How important is durability compared to other types of risk, for example, losing your keys by being stolen?
Theft is an incomparably more common way of losing your assets than damage to the keys caused by fire or other natural causes (not undermining the importance of these causes). A thief can compromise your keys by taking a photo with a smartphone.
Preventing this can be challenging if your storage doesn’t have extra protection. As much as you cannot do anything to stop from capturing your keys, your focus should be to make access to your assets as complicated as possible. One way is obfuscating the keys, for example, by splitting them so that obtaining only the exposed portion would be meaningless.
Why wouldn’t the high melting point matter so much?
A building burns at an average of 800°C (1500°F) to 1,100°C (2,000°F). Such high temperature is enough to deform some common metals like aluminum, zinc, or tin. Physical storage made from the most durable substance is often considered critical for better protection.
Indeed, stainless steel, the most common material used for storage devices (304 most common, with a melting point of 1400–1450°C (2552–2642°F) should be durable enough to survive a fire in a building and prevent the information it contains from being destroyed.
In reality, a high melting point may not matter as much as one may think. In the event of a fire, you will likely be the last person to inspect ruins to find your metal plates. And if the metal plates contain complete seed phrases, you better be lucky that whoever examines the remains will not find them before you.
It is hard to think at what point the metal storage could be exposed to very high temperatures yet have immediate access to it. Saying so doesn’t mean the durability of the key storage is irrelevant, but using the material with a higher melting point than 800°C (1500°F) doesn’t improve the odds of recovery after the incident.
3. Passphrase
Along with using metal protections, many recommend using a passphrase. It is a very clever way to double-bet your security. A passphrase is supposed to prevent you from losing your digital assets when the keys have been compromised. If you are unfamiliar with this solution — it is an additional set of words to be appended to your seed. It often works as a disguised mechanism to distract potential thieves from the main assets. You set up the main wallet with a passphrase and another without a passphrase with an insignificant amount of digital assets to mislead the attacker.
The passphrase feature is great but has some serious caveats that often slip the attention during discussions.
Misusing it can be problematic at least and disastrous at most.
The often neglected fact is that it is very easy to make costly mistakes even if you are a tech and security-oriented individual.
Providing an incorrect phrase will never highlight a wrong entry, and it will most likely return an empty wallet, which can be a nerve-wracking experience.
The fundamental key to understanding a passphrase is that it is not a password and should never be handled like one. The critical difference between both is that the passphrase cannot be recovered!
Protecting your keys is already a complex job. Taking care of a passphrase with less attention often leads to poor security.
Always consider it as an integral part of your keys, and treat it with the same respect. Never keep the passphrase in proximity to your seed phrases. Do not use it if you don’t understand it. If you decide to use it, understand its benefits and disadvantages.
Using a passphrase requires great responsibility.
Here, our statement can be quite controversial; we would not push its usage for mass adoption. The particular reason for this is that mass adoption of the passphrase can lead to misusing it, and as a result, many may become victims of losing access to their wallets forever. You should use it only with a good security strategy, with a deep understanding of its limitations.
4. Multi-signatures
Multisig (abbreviation for Multi-signatures) is yet another method at your disposal. The concept is simple — it requires more than 1 participant to make a transaction; thus, this procedure relies heavily on trust between parties.
Each stakeholder keeps its private key, without whom the transaction cannot take place. With multi-signatures, you can set up threshold criteria — for example, you could mandate that 2 out of 3 stakeholders authorize the transaction in the wallet.
Another way can be without the threshold, where strict participants are required. This has one significant weakness —a single point of failure. All parties must be aware of this and have a good backup plan in place.
Where wouldn’t it be wise to use the multi-signature?
Perhaps in the setup where you need to rely heavily on other participants, particularly if they don’t have as extensive security knowledge as yourself. Especially try to avoid Multi-signatures without a threshold if you are not certain other parties can manage the keys. Using a multisig setup with your partner can also be problematic. Remember, you both need to take care of your own keys in the most disciplined manner in order to prevent limiting access to funds just in case one of you is no longer around.
Where would it make sense to use it?
Multi-signature with a threshold is perfect for organizations where decisions are made with the majority votes.
5. Paper
Back in the days when Cryptocurrencies were still a hobby, one of the ways to store the keys was by printing them on paper. Although not recommended by many, we would argue that this method is not pointless and still has robust utility.
The primary advantage is that paper is a cheap way to store your keys.
Of course, paper is a very delicate material. It can be damaged and lost quickly, its prints are not durable, and it doesn’t weigh the importance as much as dedicated gadgets. Moreover, it is easy to print too many and place them in unsecured locations.
We understand that you should avoid making security decisions based on costs. Ultimately, the price you pay for your system should not be the main deciding factor when trying to obtain maximum protection for your assets. It will likely play a significant role, often based on the value of the coins you are looking to protect.
We want to stress that our argument for using paper is not because it is cheap. Still, we see the opportunity to guide you to adopt our main principle of treating security not as a certainty but as a transient solution, where your job is continuously taking care of your setup.
One of the main dilemmas when using metal gadgets is, what should you do if your keys were compromised, yet a passphrase still protects them?
Should you re-evaluate your strategy and move your assets to a new wallet where you can obtain a new seed phrase? Are you confident to use the same wallet and that a passphrase is enough to secure your coins? In the end, the fabric of your security setup may be broken.
If you want to learn how to protect your keys with a paper backup, please read the following stories, where we highlight many essential points you should pay attention to.
6. More
There are many more tools and methods worth exploring. Most of them are not industry standard; however, they may have outstanding characteristics that you should consider.
One of them worth mentioning is Shamir’s Secret Sharing (invented by Israeli cryptographer Adi Shamir). SSS (Shamir’s Secret Sharing) is a method to split your secret data and encrypting into multiple chunks while providing a flexible mechanism for reconstructing those pieces into original data. SSS was not created with blockchain technology in mind. Nevertheless, the technology can significantly supplement securing access to your assets.
Your strategy for securing digital coins will also depend on the wallets you choose. Some wallets have built-in extra security layers that may help you better manage your keys. Trezor wallet, for example, offers a built-in Shamir’s Secret Sharing option.
7. Single point of failure
If you ever decide to come up with your own security method or use a device that offers a unique solution, ask yourself a question — is my design/approach solid proof against a single point of failure? Am I the single point of failure?
Do you have a family? Do you have anyone to inherit your assets? Are you sure they can access them at a critical moment? Are they educated enough about the technology to recover assets? They are the questions you should always ask before making a good plan.
If your close ones would like to access your digital wallets at some critical point in time, make sure your setup is easy enough to understand without seeking help.
The more complex your puzzle is, the more difficult it is to put them together if you can’t assist. Good protection should be optimal in having all the benefits of customization, yet easy to put the pieces together.
You should never listen to people claiming that the Passphrase or Multi-signature is the universally best solution, and you should adopt them. All these technologies and solutions can be great, but are you capable of adopting them without shooting yourself in the foot?
With blockchain-related security, you cannot cross the bold line and say this is how you should use it. Your approach should consider your context, so plan how it suits you. And finally, challenge it.
Download our One Step Ahead app to help you protect your keys:
Follow us:
Our website:
New to trading? Try crypto trading bots or copy trading
