Security in Fearless Wallet
Fearless Wallet keeps your data safe by implementing best practices that ensure that user account information is SAFU
- Fearless Wallet is inherently secure and takes advantage of mobile security mechanisms provided by iOS and Android
- Fearless Wallet is non-custodial, and does not store your funds on your device, everything is on-chain
- No other application on your mobile has access to Fearless Wallet during the creation of an account. If your device was compromised, your mnemonic will not be liable to be lost.
With Polkadot crowdloans about to begin and Kusama crowdloans ongoing, the topic of security in Fearless Wallet has come to the surface, as users are thinking ahead about the sweet rewards from participating in parachain auction campaigns.
To some users, it may seem as though the use of a pin code or biometrics while creating/accessing an account on Fearless Wallet is not as secure as creating an account on the Polkadot.js interface, however, this is not at all the case.
This article will illustrate the differences (and similarities) between Fearless Wallet and Polkadot.js regarding account security and protection, as well as the added security protocols to the Fearless Wallet mobile apps.
Polkadot.js, Security over Convenience
If you have set up an account using the Polkadot.js interface or extension, you will know that there are some steps required to securely generate an account, however, as this is done on a desktop computer, there may be security breaches when using this platform. They can be as simple as someone looking over your shoulder while you are setting up an account (Never do this in a public place!) or as complicated as malicious software that copies the content of your clipboard when Polkadot.js prompts you to copy your mnemonic, or a malicious extension that could siphon a user’s keys.
Browser extensions have a broad range of permissions to read a user’s input, content, and browser’s cookies. Always make sure to download extensions from verified sources, as there could be clones in a browser’s store that could be contain malicious code.
Another product of creating an account (and recovery option) is the JSON file. This metadata file is the only alternative to recovering your account if you lose your mnemonic. Polkadot.js provides the JSON file when you set up an account, so if you have misplaced your mnemonic, but you remember your password, this is the best way to recover your account. If you have saved your JSON in a safe location (so NOT your downloads folder), this should be, in theory, the safest way to keep your account from any attacks.
You can also generate a Multisig account(more than one account required to sign a transaction before enacting it on a blockchain), but you will need to use Polkadot.js apps every time you want to sign, verify or transact on the blockchain (you also can’t import a multisig account to a wallet, such as Fearless Wallet)
Alternatively, the password you have chosen should follow security best practices to prevent it from being cracked or stolen. Naturally, passwords such as birthdays, pet’s names, or the dreaded “password” will simply not do if fund security is a priority for you.
Always make sure to keep your passwords in a safe place and do not share them with anyone. If you happen to lose your password for one reason or another, make sure that your JSON and mnemonic are saved somewhere safe, if they’re misplaced too, your funds are as good as gone.
A password will not protect you if your seed phrase has been compromised. If a malicious third party is in possession of the seed, they will be able to control the account, without having to know the password.
Fearless Wallet, Uncompromising Security, and Ease of Use
Fearless Wallet is open-sourced, non-custodial, and decentralized. This statement on its own is a great assurance that the app is secure and that user funds and account information are kept safe. You own your keys at all times.
Along with the device safety that is available in Android and iOS, Fearless Wallet keeps your data safe by implementing best practices that ensure that user account information is also protected from other apps on your phone and your operating system.
Additional Fearless Wallet security measures are:
- Every key is encrypted and stored on-device in an application local folder.
- Exporting keys can only be done through the “Export account” feature in the FW user interface, which is password protected.
If your device were to be lost, misplaced, or stolen, the pin acts as a safety net for you to immediately recover your account and open it on a different device to change your credentials and avoid a possible compromise. As your funds are stored on the blockchain, you don’t need to worry about their integrity if your mobile phone is compromised, this is why being non-custodial is so important in Fearless Wallet.
Mobile wallets offer a fast and convenient way to access your coins. In comparison with a browser extension, its security is similar to any hot wallet, since the device is connected to the Internet.
Despite all the security measures implemented, nothing is 100% secure. The following advice can and should help you and your funds to stay SAFU:
- Enable a screen lock for your phone with a password that cannot be easily guessed.
- Store your mnemonics in physical offline storage and don’t share them with anyone.
- Don’t use a rooted device for your funds.
- Keep your phone’s OS up to date and use antivirus software.
About Fearless Wallet
Fearless Wallet is a mobile wallet designed for the decentralized future on the Kusama and Polkadot ecosystem, with support for iOS and Android platforms. An awesome user experience, fast performance, and secure storage for your accounts. Fearless Wallet will integrate Polkaswap for easy, decentralized swaps of assets.