Ethereum Wallets Explained: The Private Tree Edition
With the release of MEW V5, and the inclusion of the Mnemonic Phrase as an option for wallet creation and connection, there is now a large variety of ways to access your wallet in MEW. Looking at the choices, it’s understandable to experience some confusion: What are the differences between them? Could you hold both a MEW and a MetaMask wallet separately? Can you use a mnemonic phrase generated in MEWconnect for access elsewhere? Should you get a hardware wallet? Are these all different wallets with different addresses? What’s going on?!
Let’s clear this up
There are hardware wallets and software wallets, mobile wallets and desktop wallets, mnemonic phrases and keystore files, private keys and passwords. Some of these access tools are interchangeable between different platforms, whether it’s MEW, MEWconnect, MetaMask, Ledger Live, or various other crypto storage options. But where’s the connection — what is the constant among them?
The answer is simple. Whether it’s a 12 or 24 word mnemonic phrase, a keystore file, a hardware wallet, a chrome extension, or an iOS/Android app, all wallets have one unique identifier — your private key.
Everything boils down to one this one piece of information. When you make an Ethereum wallet on any platform, you are receiving a private key tied to a public address. It just might not come in the form that you’re expecting it to be.
Keystore files hold your private key encrypted inside of them, while mnemonic phrases are used as a generation method for multiple private keys. With some methods of wallet creation you may be able to see your private key in plain text, while others — like hardware wallets — keep the private keys securely stored and hidden away, even from the owner.
This is why we stress private key safety so often. Sole ownership of your private key amounts to all of your control. With it, you have complete power over all your assets. But if someone else gets their hands on it, your solitary control suddenly means nothing. It is, quite literally, like handing someone the key to a safe with all your money.
The Private Tree
The relationship between private keys, public keys and encryption methods is like a tree that can have strong roots and luxurious foliage, or can be weak and nearly falling over… It can be growing in the open, exposed to the harsh (phishing) elements, or it can be well protected inside a garden like your very own Private Tree. The more secret and guarded your tree, the stronger the security of your funds.
Your mnemonic phrase can be seen as the roots of your tree (maybe that’s why they’re called seed words). These are secret phrases that should be hidden from the general public, only known to the owner of the wallet. Your provider takes these words and branches them out into many different public address / private key pairings — the branches of your tree. Encryption keeps your private keys safe, only exposing the public addresses for access.
Generally, the mnemonic phrase option is the most popular method of keeping private keys, since they can be easily memorized, as well as written down and stored in multiple physical locations. This is the main reason that most wallets provide these phrases for the sake of record keeping. All wallets that generate from a mnemonic phrase are called hd (hierarchical deterministic) wallets — these are the ones that can generate many different private key / public address pairings from one parent phrase.
Let’s compare some methods of wallet access and figure out why some may be better than others.
The first Private Tree is that of a hardware wallet. Hardware wallets keep your private key encrypted with state-of-the-art cryptography technologies. They are the ultimate in wallet security. They generally offer a mnemonic phrase for recovery purposes only (that’s why the mnemonic is also referred to as the recovery phrase). When accessing a hardware wallet, you will receive a seemingly endless list of public addresses. These are branched out from your root key. Depending on the path your provider takes, these addresses may change. But connecting through the same derivation path will always yield the same set of addresses.
The second Private Tree shows connection through our free, secure hardware wallet alternative — the MEWconnect smartphone app. Like hardware wallets, MEWconnect keeps your key encrypted within your device, in a secure vault that is never exposed to your computer. It gives similar functionality and security to that of most hardware wallets, without the extra hardware. One big difference is that, while MEWconnect generates your key from a mnemonic phrase, it only offers the first two addresses generated from your branches, one for your ETH wallet and one for a Ropsten test wallet. When plugging this phrase into MEW online, you will see many addresses generate from the phrase. But only the first one is relevant for your MEWconnect funds. (In fact, while this can be done, we don’t recommend using your MEWconnect mnemonic phrase for direct access on the website — this defeats the purpose of MEWconnect keeping your private key information secure.)
The third Private Tree gives a general idea of other browser wallet alternatives. We chose MetaMask to highlight this tree, since we offer support for their wallet on our site. MetaMask offers a shorter mnemonic phrase, and keeps your key encrypted within your browser. Like MEWconnect, MetaMask only provides the first address generated for wallet interaction. Unlike MEWconnect, they offer the ability to export your private key from the extension, but this is not advised when using online computers. Generally, we discourage using the private key directly in any online interactions.
Lastly, the fourth Private Tree signifies direct access to your wallet with a Keystore file, mnemonic phrase, or private key, with a web interface like MyEtherWallet.com. While using your mnemonic phrase or keystore file directly on MEW’s interface is fine for temporary wallets, it is not suggested for long term use. These methods are, by nature, bound to the computer. When using them to access your wallet, you are exposing your private key to phishers who could use it to drain your funds. Using MEW offline is the only truly secure way to make use of them directly. (Again, note that using your mnemonic phrase directly on MEW will provide multiple addresses to choose from, but we do not suggest direct access methods of unlocking your wallet.)
So… What information about my wallet am I supposed to have? What if I forget or lose something?
Good news — we have put together a handy table to help you visualize wallet creation, access and recovery!
Depending on what method you used to first create your wallet, there are a couple of pieces of information you received — and, of course, saved or wrote down to keep in multiple secure locations! Some of this information (like the password) is what you use to unlock your wallet on a daily basis, and other things (like mnemonic phrases) should be kept safe and only used for recovery purposes if you lose access.
Sometimes, even if you lose or forget a piece of the puzzle, you can still recover access. Keep in mind that many of these approaches can put your funds at risk and should be used as a last-resort measure only. If you ever lose your information and have to recover a wallet through your private key, it’s a good idea to create a new wallet and transfer your funds for greater security.
We hope this clarifies some of the confusion about wallet access! Wallet encryption and security standards are still evolving, and it may be difficult to keep up and make sure that your funds are safe.
Let us know at support@myetherwallet.com or on our social channels if there are other topics that you would like explained and we will do our best to put together helpful content!
#teamMEW
