Bitcoin security tips
How to verify your Bitcoin is secure
Security can not be built on trust. Bitcoin is an asset which demands a completely new approach to security. Bank accounts are protected by law enforcement and insurance; social media and other online credentials can be recovered; but Bitcoin offers no such protections. The only way to secure your bitcoin is to personally take steps to protect it.
Assessing how safe your bitcoin is should be an easy process. The only thing that really matters is how its keys were created and secured. As long as the private key to your bitcoins’ address has been kept completely secret, and you are able to verify that as a fact, your bitcoin can be considered more secure than anything else you have ever owned.
Below are a series of questions that will assess your security model and help fix any holes which may exist. Some tips may be obvious to more experienced users, but even the most adept bitcoiner may be surprised to uncover where implicit trust has crept in to undermine your security efforts.
Are you the only key holder?
If you’re storing bitcoin on the exchange where you bought them, they are technically in someone else’s custody. That doesn’t mean you need to panic, but the statistical risk of losing them continues to grow over time. In a situation where you do not own the keys, the first step to take is to create keys which are under your control.
Multikey setups also exist, such as Trezor’s Shamir Backup or multisignature. The former uses many shares which combine to restore a single wallet, while the latter uses multiple keys which are used to sign any transactions leaving a shared wallet. These are both safe solutions, as long as you have control of as many or more shares — or keys — than the threshold required.
In both cases you want to ensure there is no chance of collusion between other key or share holders, who could use their power to move the funds. With Shamir Backup, this can be done by distributing keys so that no threshold number can be easily retrieved, across places only you know the location of or have access to.
With a multisignature setup, you must make sure you control exclusive access to the threshold of keys required or that no-one else can move the funds without your involvement.
Only you should ever have access to your Bitcoin keys. Shared custody can be useful for businesses or close relations but be careful never to give anyone else a greater share of control.
Did you generate your seed offline?
When creating a new wallet on a phone or computer that is connected to the internet, there is always a chance that malware will be tracking your inputs and communicating your seed over the internet. This is true even if you use airplane mode during the process. The only way to be sure your seed is unique is to generate it offline using a secure, open-source and verifiable seed generator like a Trezor hardware wallet.
When creating a seed offline, the probability of anyone being able to generate the same seed is infinitesimal. The chances of doing so have been compared to picking one particular atom out of all the atoms in the universe. But as soon as an internet connection is introduced into the process, it becomes much more likely as there is a risk of interception or observation.
Trezor wallets are only able to output signed transaction data over their USB connection. They can not send seed words from within their memory, and only accept precise inputs necessary for transaction signing. This keeps your seed isolated from a network, wherever you use your device.
Only generate your seed on a device that will keep your seed permanently offline, never enter your seed anywhere unless told to on the screen of your Trezor device, and keep the backup somewhere safe away from cameras or other people.
Has your seed ever touched a network?
Once your seed has been generated, offline, it must never be digitized. That means no photos, no videos, no text documents, not even codified abstractions of the seed. Keep only a physical copy of your seed on paper, or preferably steel.
Here's a look at our latest backup solution for your recovery seed, the Trezor Keep Metal.
Built from aerospace grade stainless steel, the Trezor Keep Metal protects your backup against fire, water, acids, and impacts. It can be used for both 12-word and 24-word standard backups. It is also suitable for Shamir backup.
The only time you will need to use your seed is when your Trezor device asks for it, during the device recovery process. At all other times it should be kept secured and out of reach.
Could someone else access your backup?
If anyone knows where your seed backup or Shamir shares are stored, they will be able to access and move your coins. The best way to prevent this is to keep your seed well away from anyone else’s reach. If you can not guarantee that no-one will find your seed backup, the only way to protect your coins is to use a passphrase protected wallet on top of the seed.
By storing your coins behind a strong passphrase and committing it to memory, or writing it down and hiding it separate from the seed, even someone with your seed will not be able to access the coins. Since the passphrase is not stored anywhere on the device, it is crucial that you do not forget it or lose any physical copy you make, or you will not be able to retrieve your coins either.
No-one should be able to ever find your seed backup. Use a passphrase for extra protection in case your hiding spot or device is one day compromised.
Can you review the code and hardware that secures your keys?
It is not enough to trust a company who says their devices are secure — you must be able to see exactly how that security is achieved, or risk having your funds stolen. Security certifications are also not enough, as they only test limited scenarios and often only at a single point in time, while the Bitcoin ecosystem is constantly evolving and does not fit these certifications at all.
Devices like a Trezor hardware wallet are open source, like Bitcoin. This means that every hardware component and line of code that is used to secure them is constantly reviewed and tested by independent security experts, who are rewarded for their discoveries through our bug bounty program. This creates a continuous incentive to review our codebase, so if a flaw or vulnerability appears, these experts work together to fix it before anyone can take advantage of it.
Bitcoin is not as easy to secure as traditional assets. Creating a device that protects it requires people with a comprehensive understanding of both security and Bitcoin itself. Trezor was built by Bitcoin security experts for the sole purpose of securing Bitcoin, and continues to react quickly to the changing ecosystem thanks to a global community of coders and security researchers.
If you can not be shown the exact code and hardware design that secures your coins, you should not trust the device or the manufacturer. Trezor’s entire architecture can be reviewed on GitHub: hardware design, firmware code, Trezor Suite interface.
Are there blind spots in your security model?
As long as you take good care of your seed backup and take precautions to stop anyone from getting hold of it, you should be fairly safe. But it’s better not to take any chances, so always have PIN protection enabled on your device and use a good passphrase to protect the majority of your funds.
While a PIN protects your device from someone else using it, a passphrase prevents someone from taking funds even if they have your seed.
If you use a Trezor Model T, you can create a new wallet environment using Shamir backup. This is an excellent way to protect your cryptocurrency since you don’t need to rely on one safe place, you can distribute shares across different secure locations and even if some shares are one day destroyed, as long as you can still recover enough to reach a threshold (such as 3 of the 5 shares you created), you will be able to access your coins.
Make sure you don’t rely on promises of security certifications or special chips which don’t reveal their inner-workings. As mentioned before, security certifications are not yet optimized for Bitcoin, while the ‘security through obscurity’ approach means that there can be hidden backdoors or even undisclosed vulnerabilities in the technology that manufacturers don’t need to fix since they protect themselves with non-disclosure agreements.
Another often-overlooked aspect of cryptocurrency security is inheritance planning. This is a large topic but it is important to have a plan in place should you be incapacitated or killed, so that your funds are retrievable by your next of kin. Shamir backup provide a solution to this, but there are many other approaches such as using Locktime as a dead man’s switch, or working with a lawyer who specializes in cryptoasset estate planning.
Security is a holistic process, the more steps you can take to protect your coins the better. Always use industry recommendations for seeds, PINs, and Passphrases — creating your own complex methods can lead to disaster.
Trezor makes it easy to use Bitcoin safely
Bitcoin is easy to keep secure, as long as you follow the rules. At SatoshiLabs, we created Trezor to make it easier to stay safe, even for those without a technical background. Security and privacy are at the core of our products, and all the tools we provide are made transparently so nothing is hidden from criticism or improvement.
Remember, the most important step of all when it comes to security is this: don’t trust any claim that can not be completely verified.
