Interest in bitcoin has been surging in the past few years. In recent months, Ethereum, smart contracts and the ethereum virtual machine has renewed interest in cryptocurrency again. However, the potential and innovative implementations of the “other” functions of components of cryptocurrency is a topic for another day.
As many unwitting users have found out, the value of these currencies increase with the interest of malicious actors. While flaws such as those affecting Mt Gox and Ethereum’s The DAO event are out of control of the layman, there are still many factors for us to consider as users of cryptocurrency.
Today we will be exploring the various wallets and storage options available, the pros and cons of these options, and some general things to look out for when dealing with security with cryptocurrency.
- Separate spending and saving accounts — Nobody carries all their money in their wallet at any point in time, and this also applies to cryptocurrency. It is good practice to keep savings in a safer form, instead of an accessible location such as an online wallet or your mobile phone.
- Use an offline wallet for savings. Ideally this is an isolated device that is not often connected to a network.
- Use multi-signature if available. This ensures compromise of a single device does not lead to malicious transactions.
- Encrypt and keep a backup of your wallet. Make regular backups.
- Update your system/device regularly.
- Lastly, the basic rules of security apply:
- Don’t repeat passwords across different websites, especially between banking or ecommerce sites or a “causal” account, such as a MMORPG game account. Applications have been hacked before, and services that tend to adhere to lower levels of security can expose your password to more sensitive services.
- Use multi-factor authentication.
- Enable notification services if available. This could be an option to inform you if suspicious transactions or authentication attempts have been made.
- Perform and access sensitive data or actions on a secure device, and be aware of phishing attempts. This might sound extreme, but with the prevalence of malware and phishing these days, it might not be a good idea to keep a wallet with the free mobile games downloaded on your android phone if you can help it.
- Have a firewall or basic antivirus program installed.
Now let’s take a moment to look at the various wallet options available out there, although in general they can be separated into two types, offline and online wallets. Depending on the particular cryptocurrency, some of these options might be implemented differently or not be available.
- Offline Wallets
- Cold Wallets — This is a general term for wallets that generate and stores private keys on an offline computer. Unsigned transactions can be generated online, transfered to the device for verification, and signed offline for submission. The device that this is installed on should be clean, and air-gapped if possible. Implemented correctly, this would protect the user from most attacks.
- Paper Wallets — Private keys are printed onto paper and generated for offline storage. Typically these will contain a wallet import code that allows you to import the coins to the various services online. By taking your cryptocurrency to physical paper, you protect it from any external cyber threats.
- Hardware Wallets — Devices purpose built for generating keys, signing transactions and storage of currency on the device. The right device from a reputable manufacturer would help greatly in securing your cryptocurrency.
- Online Wallets
There are various services online that allow you to transfer, monitor and manage your cryptocurrency. These typically store your private key online, and only require a username and password to use.
When selecting an online service, it is important to note the security features supported, such as multifactor authentication and how the secret key is managed by the provider. A way to manage this risk is to spread out your cryptocurrency over multiple providers Often, flaws and vulnerabilities lie not with the currency protocol or design, but with the specific service provider’s implementation of their service.
Cryptocurrency, as with anything else, is a balance between convenience and security, and what you are using it for should be the most important factor in choosing the type of wallet and the security features to implement. For example, if you have a large amount of cryptocurrency meant for savings, it would make sense to keep it in a paper wallet, since that removes almost all remote threats, and the lack of ease of access is not a concern.
In summary, the user has the responsibility, and the access to knowledge (with the amount of information resources online) to manage the security of his or her own stash of cryptocurrency. I would encourage anybody who wishes to participate in the cryptocurrency ecosystem to first study how it works, and understand the various threats they might face.