When talking about bitcoin wallet security, there are three things to consider:
- the most obvious: theft, either online or in person;
- losing your computer, USB key or papers containing your bitcoin (BTC) data, and
- obsolescence of BTC software.
There are also several use-cases to consider:
- the system you use to spend your bitcoins. This would be a BTC wallet on your smartphone – the equivalent of the wallet that holds your cash and credit cards.
- a system for keeping BTC accessible, but not necessarily in your smartphone wallet – the equivalent of a drawer, box or safe that you keep at home, with cash for emergencies, and
- a system to secure the bulk of your BTC savings – the equivalent of your bank and/or investment accounts.
Remember, it’s not a backup unless it’s stored in at least three different locations.
Two links to wallet reviews:
Let’s start with the most secure method of storing bitcoins, and work our way backwards.
Paper Wallet held in a Bank Safety Deposit Box
“A paper wallet is a mechanism for storing bitcoins offline as a physical document that can be secured like cash or anything else of real-world value.” – https://en.bitcoin.it/wiki/Paper_wallet
A paper wallet will protect you from theft, loss of electronics and obsolescence of software. The paper wallet will hold your private keys. A private key is the “secret number that allows bitcoins to be spent” (https://en.bitcoin.it/wiki/Private_key), as opposed to a public key, which is a not-secret (public) number that allows people to send you bitcoins.
Paper wallets cannot be used in bits and portions, like a Multibit, Armory or Blockchain wallet. You have to send all of the bitcoins in the paper wallet in one transaction, to access any of the paper wallet’s coins.
Creating a Paper Wallet
Use BitAddress.org or BitcoinPaperWallet.com. Both of these options allow you to download a program to your computer, then disconnect from the internet while you generate your paper wallet or wallets.
- Download BitAddress.org or BitcoinPaperWallet.com to your computer.
- Disconnect from the internet (both wired and wireless)
- Optimally, reboot your computer from an OS CD. Ubuntu LiveCD is a good one. This protects you from key reading malware that may already be on your system, or immune to discovery by your anti-virus program.
- Print your paper wallet. If you’ve booted your computer from an OS CD, print with this OS also. Many printers cache a page’s data before printing it. This cache can then be read by malware. If you use a boot CD to print these cache files will be deleted when you reboot your computer from its’ regular hard drive OS. Do not print over wireless. Disable it and use USB.
Using BitAddress.org to create a Paper Wallet
- Here’s a good video tutorial: http://www.youtube.com/watch?v=JsyPfiENwQU.
- Super hardcore tutorial, involving dice rolls and galvanized steel: http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial/
- Lastly, here’s the tutorial I used: http://minetopics.blogspot.ca/2013/02/super-easy-offline-bitcoin-wallets.html.Basically:
- Go to BitAddress.org.
- Click on the “Github Repository” link at the bottom right of the page.
- In the list of files, find bitcoinaddress.org.html
- Click it.
- Find the “Raw” tab, click it, then right-click anywhere in the white space.
- Choose “Save Page As” or “Save As”, depending which browser you are using. If you are using Safari or Firefox, make sure you choose Format, “Page Source” or “Plain Text”, respectively.
- Disconnect from the internet.
- Navigate to your bitaddress.org file on your computer. If it has a “.txt” extension, remove it, so that it reads “bitaddress.org.html”.
- Open bitaddress.org.html in a browser.
- You are now running BitAddress.org offline.
- Follow the directions to create your paper wallet. Note the different wallet options in the tabs.
To create a paper wallet,
- Optimally, boot from an OS CD, like Ubuntu LiveCD,
- download bitaddress.org locally,
- disconnect from the internet,
- create and print several copies of your wallet,
- store securely.
Bank security boxes (at my bank, Vancity, costing less than $40/year) are inexpensive. Make several copies of your paper wallet and store them with your bank. Of course, if you’re worried about a bitcoin hoarding law, like Roosevelt’s 1933 gold hoarding law, http://en.wikipedia.org/wiki/Executive_Order_6102, put ’em under your mattress or something.
Buying a cheap computer that stays offline and runs Armory, is the easiest way to create a BTC wallet that will protect you from online theft, and allow you reasonably easy access to your coins. It does not protect you from loss via theft of the computer; destruction of the computer, via fire or earthquake, for example; or computer malfunction. Do not rely on an offline Armory wallet as your only backup.
With an offline Armory setup, you create BTC addresses that can receive coins only. So, if you want to beam coins to your Armory “safe,” you can do that with no fear of a hacker grabbing your coins while you connect to the internet to do it. To spend coins from your Armory safe, use an online computer, also running Armory, to create “unsigned transactions”, which you carry physically to your offline computer via USB stick. On the offline computer, you check the details of your transaction, “sign” it, then carry it back to the online computer, again via USB stick. Once there, you perform the Send transaction. Here are the instructions for setting up and using an offline Armory wallet: https://bitcoinarmory.com/about/using-our-wallet.
There are a couple drawbacks to Armory. The first is that if you are on a Mac, running the latest OS, Mavericks, you simply cannot use it. Secondly, to use Armory, you must initially run Bitcoin-QT, the first software developed for bitcoin. Bitcoin-QT downloads the full blockchain to your computer (while online wallets just sync to the online blockchain). This can take over a day to perform and you need space to download it to. As of today, the blockchain is over 10 gigs in size. Lastly, if you get a corrupt block of data in your chain, you may experience kernel panic when Bitcoin-QT tries to download the chain. It’s not the end of the world, just a hassle to troubleshoot.
Multibit or Electrum
These are online wallets. As such, they are not as secure as Armory. You can take steps to make your use of them more secure, though.
The Bitcoin Magazine article listed above rates Electrum slightly higher than Multibit; however that article may have been written before Multibit started using encrypted wallets. Multibit is listed at the default, non-commercial web site for bitcoin information, bitcoin.org (http://bitcoin.org/en/choose-your-wallet), thus it is more popular than Electrum.
To set up Multibit, follow the instructions at https://multibit.org. (It’s easy, painless.) PASSWORD PROTECT each wallet you create: https://multibit.org/en/help/v0.5/help_walletTypes.html. Don’t use “monkey” or “123456”, use a good passphrase and check its secureness: https://howsecureismypassword.net. Write it down somewhere, offline.
As in the Armory offline setup, you can also buy a cheap computer, install Multibit, then leave the machine offline. You will still have to put this machine online to send or receive coins, so it will not be as secure as Armory. Alternately, you can install Multibit on a USB key, along with your wallets. For another layer of security, encrypt your USB key and for another, encrypt the “Multibit” folder on the USB key. Mac allows you to do this natively, or you can use True Crypt an open source, easy to use program for creating passphrase-protected volumes or directories. True Crypt has the advantage of creating passphrase-protected directories that can be accessed by systems other than Mac.
Notes on True Crypt
Under Mavericks, you cannot double click the Installer to install. Right click on the installer icon, choose “Open With” and select “Installer (Default)”.
OS X tutorial in using True Crypt: http://www.psych.ubc.ca/services/pit/crypt….pdf
Include a copy of the Multibit program AND a copy of Multibit’s source code on your USB key.
“Holding the source code is more durable than the application binary:
- Operating systems change much more rapidly than languages and compilers
- Source code is normally in ASCII text which is the most durable of all information formats
- Source code provides much more detail about file recovery than a binary
It is assumed that anyone making plans for the long term storage of the files would automatically think to keep a copy of the application. The source code is less obvious.” – Gary Rowe, http://gary-rowe.com
- Install Multibit on a USB key
- Create encrypted “storage” and “wallet” wallets (on the USB key).
- Send or save the bulk of your coins to the “storage” wallet and your spending money to the “wallet” wallet.
- Install Multibit on your regular computer.
- Move your “wallet” wallet there. Here are instructions for doing that. They’re easy; I won’t repeat them: https://multibit.org/en/help/v0.5/help_movingAWallet.html
- Use the “wallet” wallet on your computer for spending money, keeping your “storage” wallet offline, unless you are accessing it.
- Copy Multibit’s source code to the USB key
- Go to https://github.com/jim618/multibit
- On the bottom right, right-click the “Download Zip” button and save to your USB key.
- Export encrypted copies of each wallet that you make onto a DIFFERENT USB key. Here are the instructions. They are easy. I won’t repeat them: https://multibit.org/en/help/v0.5/help_exportingPrivateKeys.html.
- Include a copy of the Multibit program and the the source code for the Multibit program, on this USB key, also.
- Optimally, encrypt this USB key, as described above.
Blockchain or Bitcoin Wallet
For your smartphone, use a wallet that supports 2 factor authentication, and use it. Blockchain.info and Bitcoin Wallet are your options. Bitcoin Wallet is much more popular than Blockchain.info. You install either as you would any other smartphone app. Send your smartphone wallet some BTC to spend, or accept BTC from others, using these wallets.
The most secure wallet is a paper one, held in a environment safe from theft and destruction. Armory is a close second and has the added appeal of being easier to use, provided you are not on Mac Mavericks (at time of this writing). Mulitbit or Electrum are reasonably secure, though if you have thousands of dollars worth of bitcoin, use Armory or paper wallets. Always make at least THREE backups, kept in different locations. Lastly, use a smartphone wallet to carry bitcoins for use, as you would cash or a credit or debit card.
Paper wallet, stored with your bank + a desktop client for day to day use + a smartphone app for transactions on the go.
Be safe. Join the money revolution!