How to Choose a Hardware Wallet

The ultimate guide to understanding how to choose the correct hardware wallet for your needs.

A hardware wallet is a physical device specifically designed to sign Bitcoin transactions and, in some cases, securely store the private keys required to access your Bitcoin on the blockchain. They offer the highest level of security as they are not connected to the internet. This significantly reduces the risk of a potential hacker gaining access to your private keys.

You can learn more about what hardware wallets in the following articles:

Hardware Wallets: Basic Concepts

Reasons to use a bitcoin hardware wallet

But with so many hardware wallets on the market, it can be challenging to choose the right one for your needs. That’s where our Hardware Wallet Comparison website comes in.

Compare Hardware Wallets

The website is designed to help you choose the right hardware wallet for your needs by comparing the features of more than 50 devices available in the market.

In this article, we will deeply analyze each of the features you need to consider before buying a hardware wallet.

DIY vs Commercial Wallets

DIY (Do It Yourself)

A DIY hardware wallet is a custom-made device that you create yourself using various components and open-source software. Depending on the components you choose and where you buy them, a DIY hardware wallet can be in some cases more cost-effective and private than purchasing a commercial hardware wallet. You can maintain a higher level of privacy, as you don’t have to rely on third-party manufacturers or services.

With a DIY hardware wallet, you have complete control over its design and components. You can customize it to your specific preferences and requirements, which can be beneficial for advanced users.

Also, building a DIY hardware wallet is a valuable educational experience. It provides a deeper understanding of how hardware wallets and secure key management work.

SeedSigner is one of the DIY hardware wallets

Commercial Wallets

On the other end of the spectrum are commercial hardware wallets, which are mass-produced and readily available for purchase. These devices offer simplicity and convenience, catering to users who prioritize ease of use and security.

Commercial hardware wallets are designed with user-friendliness in mind. They typically come with intuitive interfaces and straightforward setup processes, making them accessible even to those with limited technical expertise.

They are developed by companies specializing in cryptocurrency security. As such, they often boast robust security features, including tamper-proof designs, secure element chips, and multi-layer encryption protocols.

For individuals with advanced technical skills and a strong commitment to security and privacy, a DIY hardware wallet can be a rewarding and educational project. However, for most users, especially those new to bitcoin, using a reputable, commercially available hardware wallet could be the safer and more convenient option.

Size & Materials

The size and materials of a hardware wallet impact its portability, security, longevity, user experience, and aesthetics, making them important factors to consider.

The Bitcoin Hole website offers aSIZE & MATERIALSsection where you can see the wallets warranty, weight, dimensions, materials and more.

Warranty

Hardware wallet warranties typically cover defects in materials and workmanship for a specified period after purchase. These warranties vary by manufacturer and product, so it’s essential to understand the terms and conditions before purchasing a hardware wallet.

Some manufacturers decide to sell their product “as is”. This is a term commonly used in the context of sales transactions, indicating that the product is being sold in its current condition, without any warranties or guarantees from the seller. It essentially means that the buyer is accepting the item in its current state, with all its potential flaws and issues, and the seller is absolving themselves of responsibility for any defects or problems that may arise after the sale.

Weight & Dimensions

Weight and dimensions significance depends on your specific needs and preferences. Some hardware wallets are designed in a credit card form factor, which

A lightweight and compact hardware wallet is generally more portable and convenient to carry in your pocket. But you are not going to have all your life savings’ keys in your pocket, so weight and dimensions should only matter you when you are going to use the wallet for small funds on a daily basis.

Some examples of wallets with a credit card form factor

Materials

The materials used in a hardware wallet are of significant importance as they directly impact the device’s durability, security, and overall quality.

The materials determine how resistant the hardware wallet is to wear and tear, physical damage, and environmental factors. High-quality, durable materials can ensure the wallet withstands everyday use, drops, and potential exposure to moisture or extreme temperatures.

The materials can influence the physical security of the device, including protection against tampering or unauthorized access attempts. Robust materials can make it more difficult for attackers to physically manipulate or compromise the wallet’s security.

Waterproof

The importance of a hardware wallet being waterproof primarily relates to the device’s durability and resilience against potential environmental hazards. Accidents happen, and devices can be exposed to liquids unintentionally. A waterproof hardware wallet can safeguard your private keys in case of spills, rain, or accidental immersion.

Ellipal Titan is sealed in a dust and water-resistant way

Display

It is crucial to protect yourself against manipulation and malware by verifying transaction details on a dedicated device, preferably different from the device where you generated the transaction. Transactions are often created on desktops, laptops, or mobile phones, which have large attack surfaces and are difficult to secure completely against malware.

Clipboard malware and other types of malicious software may attempt to manipulate your transaction data to redirect funds to an attacker. This is why most hardware wallet devices have dedicated screens to display transaction details. Some hardware wallet devices lack these screens, so users would blindly sign transaction data without being able to verify it. This approach left users vulnerable to man-in-the-middle malware attacks.

By using a hardware wallet with a built-in screen for transaction verification, you can significantly reduce the risk of falling victim to malware that tries to manipulate your transactions.

In a multi-sig setup, while having a display on each hardware wallet can provide additional verification, it is not strictly necessary for every device to have one. The primary goal is to ensure that the appropriate number of participants with their corresponding private keys participate in the signing process. The key benefit of a multi-sig scheme is that it distributes trust among multiple parties and reduces the risk of a single point of failure. By requiring multiple signatures, the scheme ensures that a single compromised device or key is insufficient to authorize a transaction. This setup provides enhanced security, even if not all hardware wallets have a display for transaction verification.

Confirming a transaction on a Trezor Model One

The Bitcoin Hole website offers a DISPLAY section where you can see which wallets have a display, the screen type, size, resolution, colors, and whether it is touch or not.

Screen Size & Resolution

A larger screen with higher resolution can display transaction details, including sender and recipient addresses, amounts, transaction fees or even miniscripts more clearly, reducing the risk of human error during verification.

Many hardware wallets use QR codes for transaction information exchange. A larger screen makes it easier to scan QR codes accurately.

Keystone 3 Pro has one of the biggest screens

Power

A hardware wallet with a built-in or removable battery allows for greater mobility and independence from a computer or other power source. Also, a hardware wallet with a battery can reduce the risk of potential attacks related to compromised or malicious USB ports on computers.

The Bitcoin Hole website offers a POWER section where you can see which wallets have a battery, the charging methods, and more.

Removable Battery

Removable batteries make it easier to replace a worn-out or failing battery when it reaches the end of its life cycle. This can extend the overall lifespan of the hardware wallet, potentially saving the user from having to replace the entire device.

Users can keep spare, fully charged batteries on hand as backup power sources. This can be especially useful when traveling or in situations where access to charging is limited.

Coldcard Q offers 3x AAA batteries to power it.

Charging Methods

USB or wireless charging allows users to conveniently charge their hardware wallet on the go. This is especially useful for users who frequently travel or need to access their wallet in various locations.

Wireless charging, in particular, offers the convenience of simply placing the wallet on a compatible charging pad without the need for physical connections. This can streamline the charging process and make it more user-friendly.

Ledger Stax offers Qi charging

Connectivity

When signing transactions, is very important to understand how the hardware wallet is sending/receiving data.

The Bitcoin Hole website offers a CONNECTIVITY section where you can see different ways to connect the wallet to a companion app or third-party app.

USB-Data

Some hardware wallets can connect to a computer or mobile device via a USB cable. This wired connection is widely supported and provides a relative convenient way to transfer transaction data between the wallet and the computer/mobile, although it is not considered the most secure way because it is not air-gapped.

Bluetooth

Some hardware wallets offer Bluetooth connectivity, allowing them to connect wirelessly to mobile devices and computers. Bluetooth provides convenience and mobility but requires careful security considerations to prevent unauthorized access.

Bluetooth technology has security considerations that need to be addressed when using it for hardware wallets. Secure pairing, authentication, and encryption protocols should be implemented during the pairing process. Man-in-the-Middle attacks can target Bluetooth connections, so encryption and authentication mechanisms should be in place. Bluetooth’s limited range provides some protection against remote attacks, but physical access within range could still pose risks. It’s important to assess the specific implementation and security measures of a Bluetooth-enabled hardware wallet before relying on it.

NFC

Near Field Communication (NFC) is a technology that enables two devices to communicate wirelessly when they are brought close to each other. NFC is often used as a way to quickly and securely (compared with USB or Bluetooth) connect the wallet to a mobile device, such as a smartphone or tablet.

You can permanently disable NFC on your Coldcard MK4 by scraping the little gold trace

MicroSD Card

Some hardware wallets have a MicroSD card slot that allows users to transfer data, including transaction information, to and from the wallet using a MicroSD card. This is often used for air-gapped transactions and firmware installation.

Coldcard Q offer two SdCard slots for simplicity

QR Scanner

Some hardware wallets allows you to scan a QR codes. These QR codes can contain various types of information:

• Bitcoin addresses. When receiving bitcoin, users can scan the recipient’s QR code to verify that the provided address matches, preventing accidental or malicious address substitutions.
• Transaction details. Users can generate a transaction on an online device, encode it as a QR code, and then sign it securely on the offline wallet.
• Recovery phrases. SeedQR is a standard developed by SeedSigner for encoding a recovery phrase as a human-transcribable QR code.

A Blockstream Jade scanning a QR with a transaction

100% air-gapped

100% air-gapped hardware wallets can sign transactions, create/restore a wallet, and upgrade the firmware without connecting the device to a cellular network, wifi, Bluetooth, USB, or NFC. This guarantees you that your private keys never touch the internet.

Most fully air-gapped wallets use scannable QR codes for transactions, though some may also use micro-SD cards.

A QR with the transaction data to be scanned by a wallet

Security

The security of a hardware wallet is crucial for safeguarding your bitcoin. These wallets store private keys offline, protecting them from hacking attempts and online threats. They provide peace of mind and offer backup options for recovery in case of loss or damage.

The Bitcoin Hole website offers a SECURITY section where you can see different security aspects to take into account when choosing a hardware wallet.

Secure Element

A hardware wallet is considered a safer option for holding Bitcoin compared to software wallets on desktop or mobile devices, which are more susceptible to remote attacks and malware. However, even a hardware wallet is not immune to physical attacks if it falls into the wrong hands. This is where a secure element chip can provide added protection by preventing physical attacks on the wallet.

A secure element is a microprocessor that separates, keeps, and secures sensitive information, like your private keys. It offers a superior level of protection against physical breaches compared to a mobile phone, desktop, or laptop. This makes it harder for the device to be compromised through fault attacks, side-channel attacks, and cold boot attacks.

However, we need to take into account that secure elements are proprietary and closed-source chips and are subject to non-disclosure agreements (NDAs). Some hardware wallets include more than one secure element to reduce the trust in a single manufacturer. While secure elements provide an added layer of protection, they can increase the cost of hardware wallets and restrict users from creating their own devices.

Tropic Square is working to create the next TRuly OPen Integrated Circuit. Their goal is to deliver a chip as open-source as possible, providing access to design specifications, verification, and testing without obscurity.

Introducing Tropic Square — Why transparency matters

So, as you can see there are some pros and downsides to using a secure element. They are generally considered a useful way to add an extra layer of security to protect devices from various types of attacks. But no having a secure element is not a big deal if you use a passphrase. A Passphrase is an optional feature of some wallets that serve as a function of second-factor protection of the recovery seed and are an ultimate protection against attacks involving physical access to the device or the recovery seed. Using a passphrase guarantees you that even if after a physical attack, someone can access your private keys from the wallet, they will still need your passphrase to see or spend your funds.

Hardware Wallets: What is the Secure Element?

Supply Chain & Physical Attacks Protection

Before a hardware wallet gets into your hand, many people might have handled it before you. These people can include the shipping company, the retailer, the shipping person, and many more. If anyone of them is a hacker, they can modify the hardware wallet, install some malware, put it back together, and ship it to you. Some manufacturers protect you against these supply chain attacks using different approaches:

• Deleting the whole system if they detect a breach. A complete deletion gets rid of the private key, meaning there will be nothing left for the hacker to salvage.
• Verification of Authenticity: Utilizing cryptographic signatures to sign the firmware and software loaded onto the hardware wallets. This helps users verify the authenticity and integrity of the device’s software.
• Secure Packaging and Sealing: Implementing tamper-evident packaging and sealing mechanisms to make it evident if a device has been opened or tampered with during transit.
• Secure Boot: Implementing a secure boot process that ensures only verified and signed firmware can be loaded onto the device.
• Firmware Updates Verification: Requiring firmware updates to be digitally signed and verified before installation to prevent unauthorized changes to the device’s software.
• Shipping wallet without firmware installed to ensure that you install an authentic and the most recent firmware version.

Anti-Klepto / Anti-Exfil protocol

Hardware wallets use private keys to create digital signatures that authorize transactions. These signatures are mathematically constructed with a nonce, which is a secret number chosen by the hardware wallet. However, a malicious hardware wallet can potentially leak private keys through manipulated nonces. To prevent this, a nonce contribution from the host software can be included to provide added security for the user’s funds.

The anti-klepto protocol can safeguard against this type of attack by allowing a computer or mobile wallet to verify the integrity of signatures and take action if any manipulation is detected.

Firmware

Hardware wallet firmware refers to the software that runs on a hardware wallet device. It is the operating system and software stack responsible for managing the wallet’s functionality and securing the user’s private keys and transactions. The firmware is specifically designed to provide a secure environment for handling cryptographic operations.

In certain cases, the device is shipped without firmware to protect the users against supply chain attacks and ensure that they install the most recent firmware version. Additionally, the device uses to verify the firmware each time it starts to confirm that it hasn’t been corrupted. As a precaution, it’s essential to follow the manufacturer’s instructions carefully.

The Bitcoin Hole website offers a FIRMWARE section where you can see important information about the firmware like how it can be upgraded, if it is open source and reproducible, etc.

Bitcoin-Only Firmware

Bitcoin-only firmware only supports the Bitcoin network. Less code means less attack surface which further improves your security when only storing Bitcoin.

If you are a Bitcoiner, you probably want a BTC-only hardware wallet, or at least one where you can install BTC-only firmware. If you also want to store altcoins, then you need to take a look at the list of tokens supported by the wallet.

BitBo02 offers a BTC-only edition and a Multi Edition

Firmware Upgrades

Firmware upgrades often include security improvements that address newly discovered vulnerabilities or potential attack vectors. By staying up-to-date with the latest firmware, you can ensure that your hardware wallet is secure, protecting your bitcoin.

Offline updates via SD card provide key safeguards:

• Your device is isolated from the internet during updates. So, your keys cannot be extracted remotely.
• Secure data transmission via the SD card ensures a strict one-way flow to the device. Nothing leaves your device.

Even if data were somehow transmitted from your device to the SD card, the wallet manufacturer has no ability to access or interact with users’ SD cards.

Other approaches, like upgrading the firmware using USB data or Bluetooth are less secure because they are two-way flows, so the keys could potentially be extracted by the companion app.

Trezor Model T firmware update confirmation screen

Source Code

Closed-source firmware refers to software for which the source code is not freely available to the public. In a closed source (also known as proprietary or commercial) software model, the source code is kept confidential and is not distributed or shared openly. Closed source firmware can make it more challenging for external parties to analyze and exploit vulnerabilities since the source code is not publicly available. This can add an additional layer of security through obscurity. However, the lack of access to the source code means that users and the broader community cannot review and verify the code for security flaws or backdoors. This lack of transparency raises concerns about the trustworthiness of the hardware wallet.

A hardware wallet with source-available firmware is released through a source code distribution model where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source. Any firmware is source-available as long its source code is distributed along with it, even if the user has no legal rights to use, share, modify, or even compile it. These hardware wallets allow users to review the source code, ensuring transparency and trust in the device’s operations. Users can examine how the wallet handles their sensitive information and verify that it aligns with their expectations. The availability of the source code also facilitates security audits by independent experts and the broader community. This scrutiny helps identify vulnerabilities or weaknesses in the wallet’s design, enabling timely fixes and improvements to enhance overall security.

A hardware wallet firmware being open source means that the source code of the firmware is publicly available and can be freely viewed, used, modified, and distributed by anyone. Users have the legal rights to access, study, modify, and distribute the firmware according to the terms of the open-source license it is released under. This transparency and freedom allow the community to review and contribute to the development of the firmware, ensuring its security, reliability, and trustworthiness.

It is usually recommended to prefer wallets with source available or open source, instead of closed source.

Source code is typically hosted in GitHub

Reproducible Builds

While anyone may inspect the source code of free and open-source software for malicious flaws, most software is distributed pre-compiled with no method to confirm whether they correspond.

A build is reproducible if given the same source code, build environment, and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.

WalletScrutiny helps everyday bitcoin users verify whether or not their wallet is truly open-source and secure.

Device Lock

An access PIN helps ensure that only the owner can immediately access the key signing capability on the device. Usually, entering the incorrect PIN repeatedly results in a delay that increases with each mistake.

To ensure the security of your device, it is important to use a unique and strong PIN when setting it up. Avoid using easily guessable passwords like your phone number or date of birth, as well as any passwords you may use for your social media, email, or other accounts. By using a unique PIN, you can prevent unauthorized access to your device, even if someone has physical access to it.

The Bitcoin Hole website offers a DEVICE LOCK section where you can see the different ways to lock your device offered by each wallet.

PIN Entry

Support for entering the PIN directly on a hardware wallet is crucial for ensuring the security of your wallet. Most hardware wallets provide an extra layer of security by allowing users to enter their PIN directly on the device itself. This eliminates the risk of keyloggers, which are malicious software or hardware designed to record keystrokes on a computer or smartphone. By entering the PIN on the hardware wallet’s physical buttons or touchscreen, you ensure that the PIN remains secure and cannot be intercepted by any malware on your computer.

Additionally, hardware wallets may have mechanisms in place to detect and prevent brute-force attacks, where an attacker repeatedly guesses the PIN to gain unauthorized access.

Given that hardware wallets can be used offline, disconnected from any internet-connected devices, this offline functionality ensures that your PIN remains private and cannot be compromised by any online threats.

A Trezor Model One with PIN entry from the computer

Alphanumeric PIN

Some hardware wallets support alphanumeric PINs, offering a larger pool of possible combinations compared to numeric-only PINs. This increased complexity makes it more difficult for an attacker to guess or brute-force the PIN, providing better protection against unauthorized access.

Alphanumeric PINs can also help protect against shoulder surfing attacks, where an attacker tries to observe and memorize the PIN being entered. The inclusion of letters and symbols in the PIN makes it harder for an attacker to accurately remember the sequence of characters.

Dynamic Keypad

This feature randomizes the numbers associated with the buttons on the keypad. Cameras and shoulder surfers watching won’t figure out your PIN based on the keys you press.

A dynamic keypad on the KeepKey wallet

Countdown to Brick/Reset PIN

To prevent against brute-forcing the PIN, some hardware wallets can brick or wipe the device after entering a wrong PIN if the maximum number of attempts is exceeded.

Brick/Reset Me PIN

The Brick/Reset me PIN is a special PIN that will tell the device to destroy/wipe itself once entered.

Login Countdown

As a defensive measure in some wallets, the “login countdown” can force a time delay when logging into the wallet.

Login countdown on Coldcard MK4

Anti-Phishing Words

Anti-phishing words are a set of words unique to the device and the PIN introduced. If a user enters the first part of their PIN and does not see their usual anti-phishing words, they know the device is not trustworthy and shouldn’t continue the login process.

Anti-phishing words on a Coldcard MK4

Pattern Lock

A pattern lock is a type of security measure commonly used on touchscreen devices, to restrict unauthorized access. It involves drawing a specific pattern by connecting a series of dots or nodes displayed on the screen.

It may not be as safe as other locking methods for several reasons:

• Predictable Patterns: Many users tend to create simple and easily guessable patterns, such as a straight line, a simple shape, or a letter of the alphabet. These patterns can be relatively easy for someone with malicious intent to guess through trial and error.
• Residue Marks: Over time, the repeated swiping of fingers on the screen can leave residue marks or smudges, which can give visual cues to an attacker about the pattern used, making it easier to guess.
• Shoulder Surfing: An attacker could potentially watch you input your pattern from a distance, especially in crowded or public places. Unlike a PIN or password, a pattern can be observed visually, making it susceptible to shoulder surfing attacks.

While pattern locks may offer a convenient way to unlock a device, especially for quick access, it’s essential to balance convenience with security. To enhance the security of your device, consider using longer and more complex PINs or passwords and being cautious about where and how you input your pattern in public settings.

Fingerprint Lock

A fingerprint lock, also known as fingerprint authentication or fingerprint recognition, is a security feature that uses an individual’s unique fingerprint to verify their identity and provide access to the wallet.

There are some reasons why fingerprint locks may not always be considered completely safe:

• False Positives and Negatives: Fingerprint recognition systems can sometimes produce false positives (accepting an unauthorized fingerprint) or false negatives (rejecting an authorized fingerprint). These errors can result from factors such as poor fingerprint quality, changes in skin conditions, or variations in finger placement.
• Spoofing and Forgery: Advanced attackers may attempt to create a fake fingerprint (a fingerprint forgery) or use a high-resolution photograph of a fingerprint (a fingerprint spoof) to fool the recognition system. Some biometric systems are more resistant to these attacks than others, but no system is entirely immune.
• Unauthorized Access: If someone has access to your finger when sleeping, they could potentially unlock your device without your consent or knowledge. This includes family members, friends, or anyone who can physically access your finger while you sleep.

Dummy Wallet

A “dummy wallet” or “decoy wallet” is a wallet that contains a smaller amount of funds, to protect against coercion or theft.

The $5 wrench attack is a threat where an attacker may use physical force, such as violence or coercion, to force someone to reveal their private keys or passwords. To mitigate this risk, users might employ plausible deniability strategies.

A classic comic about the $5 wrench attach

Here’s how it works:

1. Real Wallet: The user has a primary wallet with most of their funds.
2. Dummy Wallet: The user also creates one or more additional wallets with smaller amounts, which can act as decoys.
3. Plausible Deniability: If coerced, the user can provide access to the dummy wallet, disclosing only a fraction of their holdings, while keeping the majority of their funds safe in the real wallet.

It’s important to note that the effectiveness of this strategy depends on the level of sophistication of the attacker and the specific circumstances. Additionally, managing multiple wallets comes with its own set of challenges, such as ensuring backups are secure and maintaining access to funds.

Hardware wallets offer different ways to generate dummy wallets:

• Some wallets offer a duress PIN, which is an additional PIN that can be used in situations where a user is forced to access their wallet under duress or coercion. The duress PIN functions differently from the regular PIN used to access the hardware wallet. While the regular PIN grants full access to the wallet’s funds and features, the duress PIN is designed to appear as a normal PIN but actually provides access to a separate, predetermined “dummy” wallet or a subset of funds that the user has designated.
• Other wallets offer a single PIN but multiple accounts protected by different passwords, so you can store multiple private keys. Some of those accounts can be used as dummy wallets.

Private Keys

Hardware wallets provide robust features for generating and managing private keys securely. They usually offer backup options such as recovery seeds or passphrase systems to prevent loss or damage.

The Bitcoin Hole website offers a PRIVATE KEYS section where you can see all the information about the private keys generation, storage, and restoration.

Stateless

A stateless (or ephemeral) signing device does not store any wallet information (like your private keys) and requires manual input of a recovery seed phrase upon every session. Some users prefer stateless signing because there is nothing of value to steal from the locked device.

Jade wallet, used in stateless mode, asks you to scan a SeedQR every time you turn on the device.

User added entropy

During the setup process, most hardware wallets will generate a seed for the user. The seed is a long and randomly generated string of binary digits that can be represented as a seed phrase, usually a list of 12 to 24 words from a dictionary of 2048 words.

Various techniques are employed to ensure randomness (known as entropy), such as the usage of random number generators (RNGs). In many hardware wallets, the RNG is executed on an isolated microprocessor known as a secure element, which is embedded in the physical hardware wallet. Other wallets use a combination of internal and external sources to generate entropy, and rolling dice is a common example of the latter.

When creating your own keys, there are many ways to do it, since we just need a very long random number. Sadly, people aren’t good at making random numbers. This is why brain wallets, which use phrases from songs, books, or poems, aren’t safe. If you use a popular phrase for a brain wallet and send money to it, you’ll lose the money quickly.

To make a truly random number, one way is to use high-quality dice, like those found in casinos. Roll them several times to create a long random number. Some hardware wallets have the option to enter dice rolls directly on the device to create a seed phrase.

Coldcard Q supports creating the seed by rolling a six-sided dice

Multiple Seed Phrases

Some hardware wallets support to store multiple persistent private keys on the device. This is useful if you want to easily store multiple accounts in the same device.

Passphrase Support

A passphrase is an advanced feature that can be used to protect your funds. When this feature is enabled, your device asks you to enter a secret phrase in addition to your numeric PIN every time you connect your device. When you enter a passphrase, your device combines the already existing randomness of your seed phrase with your own chosen passphrase and computes a new wallet.

Some hardware wallets typically have minimal buttons, making it quite challenging to input a BIP39 optional passphrase. To simplify the passphrase entry process, they enable users to enter the passphrase on the host device (mobile or computer), which then transfers it to the hardware wallet. This approach compromises some of the security benefits of using a passphrase since the host device learns the passphrase, which is part of your backup.

It also exposes users to a more severe attack. A manipulated passphrase is sent to the hardware wallet. When entering your passphrase on a malicious host device, an attacker could secretly transmit a different passphrase to your wallet. Everything will appear to function normally until you attempt to make a transaction. The attacker can then hold your bitcoin for ransom and might only give out the correct passphrase after you have paid them.

Always use a hardware wallet that allows you to input your passphrase directly on the device. As a result, the host device never gains access to the passphrase or can manipulate it.

Trezor Suite supporting to enter the passphrase on the app or on the Trezor device

Master Key Fingerprint

The Master Key Fingerprint refers to the fingerprint of the master extended public key derived from a hierarchical deterministic (HD) wallet.

The master extended public key (xpub) is derived from the master extended private key (xprv) and can be used to generate a series of child public keys. The fingerprint, in this case, is a unique identifier derived from the hash of the parent key’s public key. It helps in quickly identifying the corresponding master key within a hierarchical key structure.

The fingerprint is unique and it is represented by 8 characters, for example 91A876EF

When you add a passphrase to your seed phrase, the new wallet will have its own fingerprint. This fingerprint can be used to verify that you have entered your passphrase correctly, that’s why is important that your hardware wallet displays it.

The master key fingerprint displayed on a Coldcard MK4

Deterministic Entropy (BIP-85)

BIP-85 is a Bitcoin standard that introduced a process to mathematically derive multiple seeds from the value of just one seed. The derived seeds are unique and cannot be traced back to one another, nor can they be traced back to the original seed value.

Passport Batch 2 offers a Key Manager where you can manage child seeds and Nostr keys.

Shamir Backup (SLIP39)

Shamir’s secret sharing (SSS) is a cryptographic technique formulated in 1979 by the Israeli cryptographer Adi Shamir. The essence of Shamir’s scheme lies in the ability to back up, share and recover a secret by breaking up the secret into multiple shares that are individually useless and leak no information about the secret or the scheme setup.

You can choose how many recovery shares you want to generate, and decide how many of them you want to use for recovery. Individual shares do not leak any information about the shared secret, as long as the number of compromised shares does not reach the required threshold. For example, if you use a 3-of-5 scheme and 2 of your shares get compromised, the attacker has no chance to reconstruct your wallet and cause trouble.

Shamir Backup on Trezor Model T

Seed XOR

Seed XOR is a technique that consists of storing secrets in two, three, or four parts that look and behave just like the original secret. One 24-word seed phrase becomes two or more parts that are also BIP-39 compatible seed phrases. These should be backed up in your preferred method, metal or otherwise. These parts can be individually loaded with honeypot funds as each one is 24 words, with the 24th being the checksum, and will work as such in any normal BIP-39 compatible wallet.

Seed XOR in a Coldcard Mk4

Backup/recovery on microSD card

Some hardware wallets provide support to back up the seedphrase on a microSD card. It’s important to mention that encrypted backups are an additional security measure that can provide enhanced protection.

12/24 Words BIP39 Seed Creation/Import

Most hardware wallets offer a backup and recovery process that involves generating a mnemonic seed phrase. This seed phrase consists of a sequence of words that serve as a backup for the private keys stored on the hardware wallet.

The most common seed phrase lengths used are 12 or 24 words.

A 12-word seed phrase provides sufficient security for most users. Increasing the seed phrase length to 24 words does not significantly enhance real-world security against common threats. The primary cause of lost Bitcoin is often improper seed phrase management, rather than theft. Simplifying seed phrase backup and storage can help prevent losses.

While longer seed phrases don’t offer added protection, they increase complexity for users during wallet setup and recovery. To make Bitcoin more accessible, it’s beneficial to stick with 12-word seed phrases, reducing barriers to entry without sacrificing security.

SeedSigner support create/restore wallets with 12/24 words

Seed QR

SeedQR is a standard developed by SeedSigner for encoding a recovery phrase as a human-transcribable QR code. It is another way to store a recovery phrase, as a QR code instead of a list of 12 or 24 words.

Standard vs. Compact SeedQR

Privacy

Privacy features on hardware wallets encompass advanced functionalities like coin control and support for connecting to a custom Bitcoin node.

The Bitcoin Hole website offers a PRIVACY section where you can see which wallets support features such as coin control, custom node, or tor.

Coin Control Support

In your wallet, the Bitcoin balance you see is the sum of smaller units called Unspent Transaction Outputs (UTXOs). Each UTXO has a history that may or may not belong to you. If your wallet automatically chooses which UTXOs to use in a transaction, you could be revealing unwanted information to the recipient or anyone monitoring the blockchain.

On the other hand, if your wallet allows you to view and select UTXOs for transactions, you may not know the source of each one. This makes it difficult to decide which ones are suitable for different transactional situations. By using a wallet that enables UTXO labeling and Coin Control, you can minimize the amount of information shared during transactions.

For example, suppose your wallet contains both KYC and no-KYC Bitcoin. It’s best not to combine these sources in a single transaction because it will link the no-KYC Bitcoin to the KYC Bitcoin associated with your true identity. If you label your coins as “KYC” or “no-KYC”, you can make an informed decision when spending your sats in the future.

Coin Control in Nunchuk software wallet

Custom Node Support

For Bitcoin to function reliably and securely, it relies on the voluntary participation of thousands of individuals worldwide. Nodes, which make up the Bitcoin network and verify transactions and blocks, are crucial to this process.

There are many reasons to consider running your own Bitcoin node. Some of them are:

• Improve your privacy
• Get a local copy of the blockchain
• Verify transactions without trusting third parties

A hardware wallet supporting to connect to a custom node is an appreciated feature.

In this article, you will find more reasons to consider running your own Bitcoin node right now:

Reasons to run your own Bitcoin node

In this article you will learn how to set up a Bitcoin Node with Umbrel on a Raspberry Pi 4:

How to set up a Bitcoin Node with Umbrel on a Raspberry Pi 4

Tor Support

Tor (The Onion Router) aims to make all users look the same, making it difficult for you to be fingerprinted based on your browser and device information. With Tor, your traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays. Connecting to your custom Bitcoin node using Tor can provide a number of benefits for privacy and security.

Tor is an anonymity network that helps to conceal your IP address and online activity from potential eavesdroppers, such as your Internet Service Provider (ISP) or other network intermediaries. By using Tor, you can ensure that your Bitcoin node’s IP address is not publicly visible and that your node’s traffic is encrypted and routed through multiple servers, making it more difficult for someone to trace it back to you.

Connecting to your node using Tor can help reduce your reliance on centralized services or intermediaries, such as Bitcoin wallet providers or exchanges. By running your own node and connecting to it using Tor, you can have more control over your Bitcoin transactions and data, and reduce your exposure to potential hacks or data breaches at centralized services.

Other Features

The Bitcoin Hole website offers a OTHER FEATURES section where you have other important features to analyze when choosing which wallet to buy.

Multi-sig (PSBT) Support

Multi-sig is a feature that requires multiple private keys to authorize a transaction, rather than the single private key used in standard Bitcoin wallets. A multisig wallet is created by specifying a certain number of signatures that must be provided from a predetermined group of private keys.

For example, a 2-of-3 multisig wallet would require at least two out of three private keys to authorize a transaction. This setup allows for a more secure and flexible control of funds, as no single party can unilaterally spend the bitcoins held in the wallet.

The usage of multi-signature wallets are strongly recommend, especially for significant amounts of money.

Using multiple brands of hardware wallets in a multisig setup for Bitcoin is important for several reasons. Primarily, it enhances the security of your funds by reducing the chances of a single point of failure. Each brand of hardware wallet has its own design, architecture, and security implementations. By using different brands, you reduce the risk of your entire multi-sig setup being compromised if a vulnerability is discovered in one specific hardware wallet model or brand. Multi-sig setups with multiple brands of hardware wallets can better protect you from supply chain attacks or targeted attacks on a specific wallet brand. In the event that one of the wallet brands is compromised at the manufacturing or distribution level, your funds remain secure because the attacker would still need to compromise the other wallet brands in your multisig setup. Finally, trusting a single manufacturer means relying 100% on their hardware security practices and their good intentions.

In this article, we explore the concept of Bitcoin multisig, its benefits, use cases, and steps to set up a multisig wallet, ultimately providing a comprehensive guide to this powerful technology:

Exploring Bitcoin Multisig

Miniscript

Miniscript is a scripting language designed for Bitcoin. It aims to provide a more flexible and secure way of defining spending conditions for Bitcoin transactions. This is a feature supported by only a few hardware wallets.

Miniscript support in BitBox02

Third-party Apps

If you buy a hardware wallet and connect it to their official companion software, you are trusting 100% in a single company. Instead, you can improve your security, and reduce your trust in a single company by using a third-party open-source wallet instead of the official one. But take into account, that not all the hardware wallets support connecting to a third-party app.

The Bitcoin Hole website offers a THIRD-PARTY-APPS / SERVICES section where you can see the compatibility with more popular software wallets.

Understand how the hardware wallet manufacturer thinks

It’s very important to understand how a hardware wallet manufacturer thinks about the Bitcoin ecosystem. Understanding the hardware wallet manufacturer’s perspective on the Bitcoin ecosystem is important to ensure the security, compatibility, user experience, innovation, and trustworthiness of the wallet you are considering purchasing. It allows you to make an informed decision and choose a hardware wallet that aligns with your specific needs and preferences in the context of the Bitcoin ecosystem’s dynamics.

These are some of the many aspects to consider:

1. Security: You can assess their commitment to security practices. A reputable manufacturer with a deep understanding of the ecosystem is more likely to prioritize robust security measures in their wallet design.
2. Innovation and Development: The Bitcoin ecosystem is constantly evolving, with new technologies, features, and improvements being introduced regularly. A hardware wallet manufacturer that actively engages with the Bitcoin community and contributes to its development is more likely to stay up-to-date with the latest advancements. This ensures that the hardware wallet you purchase will continue to be supported and updated over time, adapting to the changing needs of the Bitcoin ecosystem.
3. Trust and Reputation: The reputation and trustworthiness of a hardware wallet manufacturer are paramount when it comes to securing your valuable Bitcoin holdings. You should measure their commitment to transparency, open-source development, third-party audits, and the overall security track record of their products.

Social media links and official blog posts included in our website.

Where to buy a Hardware Wallet?

Choosing a trustworthy hardware wallet model is essential, especially if you intend to protect a significant portion of your bitcoin.

Some non-official sellers might sell imitation hardware wallets that look similar to the genuine product but lack the necessary security features. These imitation wallets could be easily compromised, putting your Bitcoin at risk. Even unscrupulous sellers might tamper with the hardware wallets before selling them, installing backdoors or malware that could allow them to access your private keys and steal your funds.

It is not advisable to rely on used or secondhand devices. Instead, it is recommended that you purchase new devices directly from the manufacturer’s website or from an authorized reseller. Resellers are useful when the manufacturer doesn’t send the devices to your country.

The Bitcoin Hole website always provides links to buy hardware wallets (in some cases with discounts) from the official manufacturer sites. It compares feature by feature, the best different Hardware Wallets available in the market right now:

Compare Hardware Wallets

Use bitcoin for pay when buying a Hardware Wallet

When purchasing a hardware wallet, using Bitcoin for payment enhances privacy by minimizing the amount of personal and financial information associated with the transaction. Bitcoin transactions are pseudonymous, meaning they are not directly tied to your identity unless you explicitly link your Bitcoin address to personal information. s

Use a PO Box when buying a Hardware Wallet

Sending a hardware wallet to a PO Box when purchasing it can be a prudent security measure, especially when considering the sensitive nature of the device and the potential risks associated with its delivery. Here’s why it’s considered a good practice:

1. Privacy Protection: Utilizing a PO Box adds an extra layer of privacy to your transaction. Instead of having the hardware wallet delivered directly to your home address, which might be more easily accessible to prying eyes or potential thieves, having it sent to a PO Box ensures that only you have access to the package.
2. Security Enhancement: Hardware wallets are designed to securely store bitcoin private keys, and their compromise could lead to substantial financial losses. By having the wallet delivered to a PO Box, you reduce the risk of interception during transit or theft upon delivery, as PO Boxes are typically located in secure areas and require a key or access code for retrieval.
3. Prevention of Package Theft: Unfortunately, package theft is a common occurrence, especially for valuable items like electronic devices. Having the hardware wallet sent to a PO Box reduces the likelihood of it being stolen from your doorstep before you have a chance to collect it.
4. Anonymity: While bitcoin transactions are often pseudonymous rather than truly anonymous, taking steps to dissociate your physical address from your bitcoin-related purchases can contribute to better privacy practices overall.
5. Control Over Delivery: With a PO Box, you can choose when to pick up your package at your convenience, rather than relying on the timing of a delivery to your home address. This reduces the window of vulnerability during which the package might be unattended.

On our hardware wallets website, we have a OFFICIAL STORE section so you can see which manufacturers support sending the wallet to a PO Box or accept bitcoin as payment method.

Conclusion

Yes, there are lot of aspects to consider before choosing a hardware wallet. Let’s summarize the more important things you need to take into account, assuming you need to setup an scheme for your bitcoin lifetime savings.

A recommended setup could be a 2-of-3 multi-sig with 3 hardware wallets from different manufacturers. If you are a beginner and this is too much for you, you can start with a single-sig + passphrase or 2-of-3 multi-sig with one hardware wallet and then increase your security.

When choosing the hardware wallet/s, these are the recommended features you should demand:

• Multi-sig support. Even if you start with a single-sig setup, you want a wallet that supports multi-sig so you can use it in the future when you are ready to increase your security.
• 100% air-gapped. Choose a wallet where you can sign transactions with QR codes or SD-card, and upgrade the firmware with an SD-card.
• On Device Passphrase support. Choose a wallet that allows you to input your passphrase directly on the device.
• BTC-Only Firmware. Less code means less attack surface which further improves your security when only storing Bitcoin.
• Screen. For security, at least one of the hardware wallets should have an screen to verify your transactions data.
• Source Available. These hardware wallets allow users to review the source code, ensuring transparency and trust in the device’s operations.
• Third-party app support. You should use as software wallet an app that’s not developed by the hardware wallet manufacturer, like Electrum, Sparrow, Nunchuk, Bluewallet, etc. This will increase your security and at the same time give you access to some important features like coin control, fee control, custom node support, tor, etc.

Finally, If possible try to buy the hardware wallets with bitcoin and send it to a PO box or office, not your home.

Related Articles

If you enjoyed this article, you might get value out of these as well!

Bitcoin Self-Custody Best Practices

Bitcoin Inheritance Planning

How to set up a Bitcoin Node with Umbrel on a Raspberry Pi 5