Ledger 101 — Part 3: Best Practices When Using a Hardware Wallet
The previous instalments of the Ledger 101 series have shown the necessity of using a hardware wallet as well as the importance of using secure chips to build them.
Hardware wallets empower you with the ownership and control of your crypto assets. But with great powers comes great responsibilities: being your own bank is certainly not trivial and requires discipline. Using a hardware wallet doesn’t make you invincible against social engineering, physical threats or human errors. You must always use common sense, and apply basic security principles.
There are five basic golden rules
- Never ever share your 24-word recovery phrase, in any form, with anyone.
- Never ever store your recovery phrase on a computer or smartphone.
- Keep your Recovery sheet physically secure to make sure you can’t lose or destroy it by accident.
- Only trust what you can see on your hardware wallet screen. Verify your receiving address and payment information on your device.
- Always treat information shown on your computer or smartphone screen with caution. Assume that software can get compromised anytime.
The 24-word recovery phrase
When initializing your hardware wallet for the first time, you will be prompted to write down 24 words on a Recovery sheet. These 24 words are called a recovery phrase and are a human readable back-up from which all your private keys are derived. They are used to restore access to your crypto assets on another Ledger device or any other compatible wallet.
General security principles
There are two basic reasons why you would need access to your recovery phrase:
- Loss or destruction of your hardware wallet: you can enter your recovery phrase on a new device to recover full access to your crypto assets;
- Cloning to a new device: by entering your 24 words on another device, you’ll be in possession of two hardware wallets you can use independently. For instance, one at the office and one at your house, preventing you from having to transport it all the time. Another reason to clone a device would be when upgrading to a newer model.
As you can easily deduct from this, anyone getting access to these 24 words would get immediate access to your crypto assets. The PIN code on your hardware wallet is a protection related only to your device, and is totally unnecessary for private keys recovery.
Therefore, it is of the utmost importance that your recovery phase is correctly secured. Any compromise, at any time, could lead to catastrophic losses;
- Never take a picture of your Recovery sheet. Your smartphone is not safe and, worse, it could get automatically uploaded to your cloud storage;
- Never enter your recovery phrase on any computer or smartphone: you could have keyloggers, and storing this information online (even encrypted) completely defeats the purpose of using a hardware wallet;
- Never show or share your 24 words to anyone (including friends and family). If you do decide to share, be fully aware that they have potential access to all your crypto assets, anytime, and without an easy way of revoking access;
- Keep your Recovery sheet in a safe place, protected from sunlight, humidity and fire. If it gets destroyed for any reason, you must immediately move your crypto to a newly set up hardware wallet;
Additionally, it is critical to make sure that you have generated the 24-word recovery phrase yourself. Never, ever, use a preconfigured device. Never, ever, use a set of 24 words provided anywhere else than on the device itself. You must ensure you are the only one in the world to have knowledge of this specific recovery phrase.
As the availability of your recovery phrase is critical, you may wish to verify that you’ve indeed written it down correctly and that you can actually read it without error. For a Ledger Nano S, you can verify this with the Recovery Check app. This app lets you enter your 24-word recovery phrase and checks whether it matches the private keys on your device. Please refer to the dedicated video for more information.
General safety principles
Having a hardware wallet set up with a verified backup in a secure place may protect you from a digital attack, but you are still vulnerable to potential physical threats such as a burglary or a hostage situation. This is why you must follow these basic rules:
- Never tell anyone that you own cryptocurrencies. If you do, make sure to keep the real value of your assets to yourself. If people ask you how many bitcoins you own, simply return the question by asking back how many euros/dollars they own;
- If you are active in the online cryptocurrency community, protect your real identity and always be mindful of the information you share. You don’t want to become the target of a heist;
- Do not keep your Recovery sheet in a safe at home. A bank vault is much more secure. Not having immediate access to your backup increases your resilience to physical threats;
- If you have large amounts of cryptocurrencies that you do not need frequent access to, keep your hardware wallet in the bank safe as well. You can use another hardware wallet with lower amounts for frequent use;
Only trust your hardware wallet
Your hardware wallet requires a companion app to interact with you and to access the internet, so you can check your balance on your computer, get your transaction history, and broadcast new transactions. Ledger Live is Ledger’s own application available for PC, Mac and Linux. Ledger devices also work with applications that are not made by Ledger.
In principle, it is very difficult to verify the integrity of the software on your computer. You must therefore assume that your computer is compromised and that what you see on your screen could be manipulated.
You can only trust your hardware wallet.
Security steps to verify your receiving address
When you need to share your receiving address so you can be the recipient of a payment, you must take extra precautions to ensure you don’t fall victim to a man in the middle attack. An attacker in control of your computer screen could show you a wrong address which would make him the beneficiary of any transaction sent to it.
You must verify the receive address shown on your screen by displaying it on your device.
When requesting a receiving address on Ledger Live, you are prompted to connect your hardware wallet and open the corresponding app. The address will then be shown on the secure display of the device and you’ll be able to verify that it matches the one on your screen.
If you’re using the QR code to transmit the address, make sure to verify the address after scanning it.
If you are using a software wallet without this feature (many third party applications are compatible with Ledger devices), we recommend sending a small amount first, to make sure that you have properly received it. This test should ideally be done on another computer. You can reuse the address that you have just verified for the test.
Security steps to verify the beneficiary address
When you wish to send a transaction, you will usually get the recipient address on a web page or through a communication service. A trivial attack for a malware would be to replace this address by one of its own. Some malicious pieces of software are simply monitoring the clipboard to replace the address you have just copied by one belonging to the attacker.
To prevent falling victim to this attack, always verify the beneficiary address on the device before approving the transaction, and also always double check it using a second communication channel. For instance, request the address to be sent by SMS, or another messaging app so you can verify it. If you are depositing to an exchange, first send a small amount and check that it has arrived properly before sending larger amounts.
Being your own bank is not trivial and requires discipline. Having a hardware wallet does not make you invincible. But we hope these security tips help you protect yourself while using them.
As always, use common sense. Don’t trust, verify.
