The Bittr Blog
Choosing the Right Level of Security for Your Bitcoin Wallet
Hodlcat
Oct 8, 2024

Self-custody is the foundation of Bitcoin. If you manage your Bitcoin yourself, you have complete control over your assets. However, just like everything in life, there are different ways to go about it. In this post, we’ll explore various wallet setups, what makes them secure, and the risks they may pose. By the end, you’ll have a better understanding of how to store your Bitcoin safely and will know which setup works best for your needs.

1. Hot Wallet: Quick Access for Beginners

A hot wallet is a wallet that you can easily install on your smartphone or computer. It’s great for beginners who want to get started. Here’s a tutorial on how to use BlueWallet in just 5 minutes – including setup and buying Bitcoin. Since a hot wallet runs on a device that’s always connected to the internet, it should not be used for large amounts of Bitcoin.

Tip: Use a hot wallet like BlueWallet only for smaller transactions, and keep the majority of your Bitcoin in a more secure solution.

2. The Hardware Wallet: The Secure and Simple Choice

Many start with a single hardware wallet, such as the BitBox02 or the Foundation Passport. This method is secure and an excellent choice for beginners. The advantage is that the hardware wallet protects your Bitcoin from online attacks by keeping your private keys offline.

What to be aware of: A hardware wallet is only as secure as your backup. If you lose your wallet or it gets damaged, you’ll need your seed phrase (12 or 24 words) to regain access to your Bitcoin. Without a backup, your Bitcoin will be lost forever.

Never store your seed phrase digitally. Write it down on paper or use a steel backup to protect it from fire or water damage.

3. Hardware Wallet with Passphrase: An Extra Layer of Security

This setup is like a normal single signature wallet but with an additional passphrase as the “25th word.” This creates a hidden wallet that is only accessible with the passphrase, adding an extra layer of security. However, be cautious: if you forget the passphrase, your Bitcoin will be lost forever.

Warning: The passphrase is not your typical password. Every passphrase generates a completely new wallet. Only use a passphrase if you fully understand how it works.

4. Multisig Wallet: Maximum Security (but also Complexity)

A multisig setup requires multiple keys to authorize transactions – for example, 2 out of 3. This means that even if one key is lost, your Bitcoin remains secure. Multisig is ideal for storing larger amounts and offers maximum security. It also protects you from the risk that one of your (hardware) wallets may be compromised through a supply chain attack, as a single hardware wallet will no longer be enough to spend your Bitcoin.

However, with greater security comes more complexity. In a multisig setup, you need to manage a descriptor file in addition to your backups. You should carefully plan your setup: which wallets you use, where to store your backups, etc.

A typical example looks like this: You decide on a 2-of-3 multisig wallet. You distribute your backups as follows:

  1. In the basement
  2. Buried at a specific location
  3. In a safety deposit box

The descriptor file is stored multiple times on your computer and smartphone.

A 2-of-3 multisig setup can provide maximum security. However, it’s not to be taken lightly, and you should thoroughly educate yourself on what needs to be considered. Multisig is an advanced setup and requires knowledge. I recommend watching this clip from Andreas Antonopoulos, where he explains why multisig isn’t for everyone

With Caution

2-of-2 Multisig

You can configure your multisig setup however you like (e.g., 2-of-3, 5-of-7, 10-of-11). A 2-of-2 multisig setup is also an option. It might sound like an extra layer of security compared to a single-sig wallet, but you need to be cautious. If one of the two keys (or the descriptor file) is lost, your Bitcoin is gone forever. This method is riskier than a 2-of-3 setup. There’s no point in making your setup so secure that you end up locking yourself out.

What You Should Never Do!

Not Creating a Backup

Creating a backup is an absolute must. Without a backup, you will lose access to your Bitcoin in case your wallet is lost or damaged – forever.

Storing the Backup Online

Storing your seed phrase digitally (e.g., in a cloud service or password manager) poses a high risk, as these methods are vulnerable to hacks. Always keep your seed phrase offline. Never take a photo of it.

Splitting Seed Words

It may seem like a good idea to split your seed phrase into multiple parts and store them in different locations. However, this carries a significant risk (similar to the 2-of-2 multisig setup). If one part is lost or forgotten, access to your Bitcoin is lost forever.

Conclusion

There isn’t a one-size-fits-all solution. In the end, it’s about choosing the setup that best fits your situation – and fully understanding it. Often, a simple hardware wallet is enough. It’s better to choose a less complex setup than risk losing access to your Bitcoin altogether. The backup is the most crucial part of self-custody. You can find a suitable backup solution here.

Hodlcat
Author
Hodlcat is a bitcoiner who was impressed by bittr and the authenticity of the project right from the start. So he decided to support Ruben in his mission to make it possible for everyone in Europe to save in Bitcoin. He takes care of the bittr community.