Bitcoin Security: How To Keep Your Bitcoins Safe
Latest posts by Dean (see all)
Bitcoin is the most empowering financial innovation of our lifetime, and probably a lot longer than that. But as the famous saying goes: with great power comes great responsibility. With Bitcoin that generally means taking responsibility for the safety and security of your financial assets yourself, rather than simply giving a bank complete financial power over you and complete responsibility for the security of your assets.
Of course that doesn’t mean that you can outsource this security role and trust a financial organisation to keep your bitcoins safe. But since high street banks don’t accept bitcoin deposits (yet!), and governments don’t insure deposits into bitcoin wallets which are ‘too big to fail’ (thankfully), even this requires you to put in a little bit of extra effort in order to find the most trustworthy and safe company to take care of your precious coins for you.
In this article I will introduce you to some of the safest and most secure options to keep your bitcoins safe.
Securing Your ‘Hot Wallet’ for Everyday Use
Keeping your coins in a local wallet which you control is safer than using a web wallet, just as long as you follow good security practices yourself. That’s because central services like web wallets are a great target for hackers, and may also be tempted to commit some kind of fraud to steal your coins themselves (or at least one of their employees may). Following on from this, the number one rules which you will read everyhwere is: don’t leave your bitcoin on an exchange. Exchanges are not a safe place to store coins long term.
If you have a wallet which stores your secret key on your own computer then your coins are only as secure as your computer itself. If you can put them on a machine which you don’t use for everyday web surfing and downloading files then that is ideal, but if you can’t then just be careful about downloading things from people you don’t trust. Linux computers are the most resistant to hackers, followed by Apple, followed by Windows machines which are the least secure. You don’t necessarily need to get rid of your Windows operating system to enjoy the security benefits of Linux, however, as you can actually boot linux from a USB on a computer which normally runs Windows. If you are going to use Windows then make sure it is secured with good quality anti-virus and malware protection.
Encrypting your wallet
Properly encrypting your wallet is the first and most important thing to do. Encrypting a wallet just means adding password protection. You should be sure to use a strong password and to make sure that nobody else can find out what it is. Ideally you should use a mnemonic to create a strong password you can remember, but failing that you can generate a strong password (using a password generator or password management software) and save it somewhere. Just don’t save your password in an unencrypted file on the same computer as your wallet: I know of at least one person who made this mistake and paid dearly.
Secure Savings: Long Term Storage
A Beginner’s Guide to Cold Storage
If you have heard anything at all about Bitcoin security practices you have probably heard the term ‘cold storage’. This popular term just means to keep some of your bitcoins in an offline wallet which you don’t access on a regular basis. A cold storage wallet is therefore something like a kind of secure savings account for cryptocurrency. Some people, and many exchange websites, may have a ‘hot wallet’ which is used for regular day to day use, and a cold wallet which is only dipped into occassionally.
A true ‘cold wallet’ is one that is never accessed – this may be something a wealthy Bitcoin holder would do with their long term savings. If, like many people, you dip into your cold wallet to refill your hot wallet on a weekly or even monthly basis then you are reducing the security benefit of having a cold wallet in the first place. In fact, you have more of a ”luke warm’ wallet rather than a cold one. When thinking about what secure bitcoin storage system might suite you the best you may have to balance absolute security with the practical requirements of useability.
A cold storage wallet can be put onto a computer which isn’t being used, a regular USB memory stick – which is cheaper and more convenient, or a specially designed Bitcoin hardware wallet. You can even store it on a piece of paper or in your own brain (see the ‘brain wallet’ section below).
For the best possibility security you should not only keep your cold storage wallet offline, you should also create it offline in the first place. This is the part which most people miss out, and which many users don’t even realize is possible.You can actually install a full Bitcoin wallet on a machine which isn’t connected to the internet, and generate a public address and private key pair. This newly created address can be used to receive coins even if it has never been connected to the network! A wallet like this which has never been on a machine connected to the network is sometimes called ‘Deep Cold Storage’. You can use a block explorer to check on the status of incoming transactions and to view the balance of a wallet like this, without needing to connect it to the network and log in.
You can find some good step-by-step instructions for setting up an offline wallet here.
Accessing Cold Storage
As mentioned above, each time you access and use a cold storage wallet you make it that little bit less ‘cold’ and therefore less secure. There are tools available, however, which make it easier to use cold wallets without sacrificing their security. The most popular of these is Armory. The armory wallet will walk you through the process of making an offline cold storage wallet and also the process of moving funds from it into your hot wallet.
A hardware wallet is a piece of computer hardware designed specifically for storing Bitcoin. Often they come in the form of a USB memory stick, but there are various different designs. When you buy a hardware wallet you can be confident that it has been designed and built with security in mind and that it is well suited to being used for cold storage. Another advantage of using a hardware wallet is that they will usually come with complete step-by-step and beginner friendly instructions to guide you through the best practices of setting up your secure storage wallet.
The problem with any kind of security set up for an electronic product is that there can always be something you didn’t know about – some tiny detail you missed which leaves a remote chance that somebody could steal your coins, or even novel exploit which nobody thought possible until it happened. Securing a piece of paper is always much simpler that securing data on an electronic device – physical access will always be needed to steal the data stored on a piece of paper.
A paper wallet is simply a way off storing the public and private keys after you have created an offline wallet. If you create your wallet offline, and leave it offline, you can still access it from another computer by importing the private keys into wallet software and ‘sweeping’ the address. Storing this private key on a piece of paper rather than an electronic device gives you everything you need to access your coin balance when you need it, whilst also making it as hard as possible for any would-be hackers to steal them.
Once you have imported your private key and swept the balance into another wallet, you should stop using your paper wallet. This is often compared to breaking a piggy bank to get the coins out.
If a private key is more secure on a piece of paper than it is on an electronic device, then it is even more secure still in your own head. A brain wallet is when the only record of a wallet’s private keys is in your memory. As private keys are difficult to remember you will need to spend a bit of time creating a mnemonic to help you remember it. The most secure way is to create the private key and then invent a nmneomnic which will help you to remember it. An easier way is to think up a memorable passphrase (a whole sentence used as a password) and then generate a private key from it using a brainwallet generator.
Check out this article for a complete guide to Making and Using Brain Wallets
Cold storage is great for your savings, but it doesn’t really help if you need regular access to your funds. One way to improve security whilst allowing for regular access is using multi-signature bitcoin wallets. Multi-Signature simply means that more than one private key is needed to authorize the sending of funds out of a wallet. There are several ways to use this: you can have a partner control one of the keys while you control the other, you can control both keys yourself but store them in different ways, or you can use a wallet service which controls one of the keys and gives you the other.
Secure Trading – Choosing the Best Exchange
As much as you take care to follow best practices to keep your coin safe yourself, there will almost certainly be times when you will have to trust them to someone else. The most common example of this is when you need to trade between different cryptocurrencies or between cryptocurrency and fiat. If you want to make sure that you do not loose your coins you should look at the security practices implemented by the various different exchanges, rather than just fees and other features, when deciding which ones to use.
One great feature to look out for is multi-signature transactions. Multi-Sig technology means that both you and the exchange need to ‘sign’ a transaction with your private key before it is broadcast to the network. Examples include:
- Multisigna: The most comprehensive and impressive implementation of multi-sig technology for exchange security has, in my opinion, been develop by Multisigna. Your coins are not stored on their servers and they do not have access to your private keys. This is a vast improvement over more traditional exchanges.
- Bitstamp: One of the biggest exchange websites in the world, Bitstamp implemented multi-sig technology to reassure its users following a high profile hack.