Archive for the ‘wallet best practice’ tag

Jul 10, 2019

Lack of standards leads to new Bitcoin wallet advice

Posted by in categories: bitcoin, cryptocurrencies, economics

This update is an adaptation of my recent answer to a Quora reader who was in a panic. She asked:

What can I do after a hard drive crash?
How can I recover my cryptocurrency?

In the past, I would address the immediate problem of course. (My answer is below). But to prepare for the next unfortunate event, I recommended a wallet type based on a user’s unique experience, expertise and comfort zone. I guided the reader to weigh trade-offs of important criteria: Security, portability, convenience, and quick access to assets).

I had believed that some types of wallets were better for some individuals, but that they required a background in cryptography—or at least a discipline for meticulous practices. As CEO of the Cryptocurrency Standards Association, I had also believed that simple, unified, and popular standards would emerge very soon. I figured that this would enable users to practice safe-wallet maintenance in their own homes.

I was wrong. Most crypto wallets have not sufficiently evolved to counter the risks and complexities of everyday scenarios —not even for expert users. The problem isn’t the fault of any one vendor or hosted online service. It is that all of these gadgets, apps and services have not gotten together behind a single set of risk standards to a point where they become simple, standardized and compliant-friendly in the real world.

The lack of comprehensive standards and best practices dealing with total loss of access can bite anyone in the tush. Expertise and experience be d*mned. Today, I recommend only two types of wallets. All others are simply too risky to play a role in any financial portfolio. They set the stage for losing your wealth and health in so many plausible scenarios:

  • If your electronic device is lost, hacked, stolen or run over by a truck
  • If you become incapacitated or die
  • If you forget a secret, or where you stored it
  • If you have no idea what is “multisig” and don’t care to learn strange new practices
  • If an online cloud service or exchange goes dark or mysteriously disappears

Here is my answer to the reader who urgently needs to recover from a disk drive crash. After dealing with that crisis (it’s not at all pretty), I explain what do do in the future…

Question:How can I recover my cryptocurrency after a hard drive crash?

Bear in mind that your digital wallet doesn’t really hold wealth or coins. It holds a private key that lets you access your wealth on the blockchain. The key is like a password, but you cannot choose your own and it is too complex to remember. And so, you need a place to store it. That’s all a wallet really is.

If you stored this key on an electronic device (or in a software app or even on paper), but with no way to recover it—in case the device is lost, broken, hacked or stolen—then you are screwed! Your bitcoin still exists, but access to it has been lost forever.

Let’s be extra clear: If the device cannot be repaired or recovered, there is absolutely nothing you can do except lick your wounds and learn from your experience.

Now, let’s talk about next time…

A beautiful trait of crypto is that you can back up your wallet easily. The elegant and secure way to do this is by creating a list of 11 or more common dictionary words and placing this list where you and 2 or 3 trusted friends can always find it. The ability to generate this list of words is a Bitcoin standard. It greatly reduces the risk of lossbut only if you are aware of the feature, make use of it, and periodically practice asset recovery.*

But, we’re getting ahead of ourselves. Let’s back up, and describe the way to store your keys…

There are only two ways that you should stash cryptocurrency until we reach a day when standards, best practice and multisig escrow are second nature, trivial and understood by everyone.

You can either (1) trust a custodial exchange, or (2) use a hardware wallet…

1. Trust a custodial exchange like Coinbase or Bitstamp

Despite what your Libertarian friends have told you (“It misses the whole point of owning crypto!”, don’t dismiss this option so quickly. A traditional bank/brokerage model offers several benefits which are important to some individuals. We’ll get to those in the bulleted list below.

Choose an exchange that is compliant (fully licensed and follows regulations for all activities). They must be well capitalized by reputable investors and subject to random, outside audit. The two mentioned above belong to this very small class of exchange-wallet services.

The exchange holds your crypto in their own offline vault and gives you access on demand through an account user interface using two-factor authentication. The process can be frustrating, if you lose your smart phone and haven’t prepared or practiced for such an inevitability. That’s because they must be absolutely certain that access is being made by you or someone that you have authorized

Why would anyone want a service to control their assets? There are good reasons:

  • Since their main business is acting as an exchange, broker or market maker, you can quickly shift assets into Fiat or other cryptocurrencies
  • Their meticulous record-keeping aids your own end-of-year tax reporting
  • A real person can help with confusing or unexpected circumstances
  • Just as with a bank or stockbroker, you can designate heirs, a spouse or co-owner, and your anticipated executor or a relative with power of attorney
  • A reputable custodian makes it difficult to accidentally lose access to wealth

But what about security standards? With all of the exchange failures, the lack of an insurance framework, and many that have simply lost or fled with customer assets, can you trust an exchange to implement security in the very best way?

Ultimately, a reputable exchange that practices security drills, subjects itself to outside audits and has investors with lots to loose is more likely than you to implement and rigorously practice safe methodology. This may change in the future, as standards and practices become more clear, unified and easier to follow. But for now, the traditional bank model makes sense for a great many users. I have owned Bitcoin for ten years, and I have only switched from Coinbase to method #2, below, in the last month.

2. Take control of your private keys

A hardware wallet, like the Trezor Model T (left) or Nano Ledger is the safest way to keep your private keys. A hardware wallet offers enhanced security, privacy, control. But it surrenders the advantages of a custodial relationship listed in the bullets above.

Upon configuring the wallet, you can generate a list of 11 or more seed words.* These allow you to completely recreate the wallet in a worst case scenario. Give this list to several scrupulous and indisputably trusted friends.

Some wallet vendors offer to engrave the seed words into steel so that it is likely to survive your house burning down or being run over by a snow plow. (Even better, some will send you a slab of steel and a set of hard metal slugs for each letter of the alphabet. This enables you to bang the words into metal yourself. No one except two or three trusted friends should ever have access to these words).

I prefer to hand-write the seed words, scan it, and then allow two trusted relatives (preferably younger) to encrypt the image and hide it with their preferred stenographic technique. Is this a complex process? Does it require periodic drills to ensure that the seed words can be found and that they still work. Yes, and Yes. Choosing to forgo a custodial relationship adds some cost and complexity to wallet maintenance & safety. With evolving standards and practices, this will change. But, we’re not there yet.

Think of the seed words as your master password to everything that is dear to you.if they become lost, forgotten or stolen, you will lose much more than your wealth. You will lose your child’s education, your marriage, retirement and health.

* Seed words are recovery magic for a wallet that has been lost, stolen or destroyed.

The algorithm that maps a complex private key into an ordered list of English words is Bitcoin standard #BIP39 (it stands for Bitcoin Improvement Standard). The emergence of this standard reduces user risk greatly for compliant wallets. In the event of catastrophic loss, theft of destruction, it enables a user to recreate a wallet on their choice of competing platforms: gadgets, software apps, and even some hosted wallets.

If you opt for a hardware wallet that is owned and secured by you (as opposed to trusting an exchange as custodian of your crypto assets, just like a traditional bank), then make sure that your wallet adheres to this standard. Ignoring this safety standard puts you back at high-risk, and invalidates everything that this article has conveys!

Philip Raymond co-chairs CRYPSA, hosts the Bitcoin Event and is keynote speaker at Cryptocurrency Conferences. He is a top writer at Quora.