What if I told you your tez aren’t as secure as they could be?

You can use a software wallet and go on believing what you want about the security of your balance. Or, you can use a hardware signer and you’ll stay secure. I only offer the truth.

Take the red pill — you can keep your tez secure. Take the blue pill — hold onto the false security hiding software wallet weaknesses.

There are over 50 million people using cryptocurrency. One of the best things about holding monetary value this way is the complete control you have over your balance. You don’t have to rely on any third party, like a bank or a government. This comes with responsibility though. In 2019 the top five types of cyber crimes were phishing and personal data breaches. Data breaches came in fourth; phishing was number one.

But why should you care what I have to say about protecting your tez?

Part of my job is looking at a lot of feedback from tez holders to improve the Galleon Wallet for Tezos.

What’s a private key and why should I care?

How do you claim ownership of your balance without a central authority like a bank or government keeping track? Instead of asking you to trust your transaction partner blockchains use mathematical guarantees to ensure honest participation. Your private key is used to sign blockchain operations. Your private key is the proof of your control over the account balance. In fact the account address is a “public key hash” — a number created from this private key. If someone gains knowledge of your private key, they then also have complete proof and have the same control over the balance. This is bad. Don’t share your tez with thieves! You might accidentally share your tez with thieves if you don’t store your private key securely. This could happen if you copy/paste it carelessly into a browser, or anywhere really. What’s safe to share? Your account address (this is your public key). Actually, it’s necessary to share your public key. This is how blockchain validators confirm that the operation signed with your private key is actually valid. The technology compares your private key and your public key to confirm the keys belong together.

Choosing the right way to protect your Tez

What is a file-based wallet? It’s actually not a wallet at all. It is not like your wallet with physical cash in it. It’s a computer file containing your private key. This file is encrypted on your computer. File-based wallets are easier to set up and use and are popular as “hot wallets”. They are used like a wallet you might use often for say, shopping where you’d make many small transactions. They aren’t good for long-term storage though. You wouldn’t keep your life’s savings in your pants pocket, right? For large balances a hardware “wallet” is more appropriate. This is true even if you plan to use this large balance frequently. A hardware wallet is different from a file-based wallet because the private key is created and stored on the hardware device itself, like a Ledger Nano X. This means that even if your computer is compromised and the attacker can read all your files and see your screen and observe what you typed on the keyboard, the secret key stays secure. How’s that? Well, the wallet software, like Galleon, will make a request to the hardware device to sign a message. You will then push buttons on that device with your hands to confirm the operation. Now the wallet software can send the transaction to the blockchain. Do hardware wallets offer perfect security? Most certainly not. You can still be tricked into signing a harmful operation, but it’s more difficult for hackers to use this trick. If a bear (a hacker) is chasing two people (you and a file-based crypto user) it will go toward the slower person (the file-based crypto user). You can use hardware signers with software wallets that are desktop applications, mobile wallets on your cell via Bluetooth and in a browser with an appropriate extension.

Just like with file-based, it’s critical to backup your recovery phrase. That’s the 12–24 word mnemonic which was used to generate your private key. In the case that the device is lost or damaged you’ll need this phrase to recover your funds and move them to a new account.

Don’t let someone add your private key to their collection!

Some helpful tips for using a hardware wallet

• Hardware wallets do not actually keep any of your cryptocurrency inside it. Your cryptocurrency lives on the blockchain and never leaves. Your hardware wallet gives you access to your funds on the blockchain.
• Worried about losing your hardware wallet? When you set up your hardware wallet you are given a recovery word group. You can enter the recovery word groups into another hardware wallet in case your wallet is ever lost, stolen, or broken. Hardware wallets can make many new recovery word groups.
• Hardware wallets work great with file-based wallets like Galleon. Hardware wallets make sending and receiving tez easier!
• You should still be very careful even after getting a hardware wallet:

-Write down your recovery phrase. Put it somewhere secret and safe!

-Do not store your recovery phrase on an electronic device — write it down instead, practice penmanship first if you have to.

-Store your hardware wallet in a different place from your handwritten copy of your private key.

-Don’t make yourself a target by showing off your cryptocurrency holdings.

• Ledger is one of the most popular hardware wallets on the market. It is compatible with tezos.

Bottom Line

A hardware wallet is something everyone with cryptocurrency should have. You wouldn’t ask a stranger to store your money until you needed it so don’t depend on file-based wallets to store your tez for a long time. Hardware wallets are the only way to keep your private key offline and safe. Or…you can just take the blue pill.