- A hardware wallet is a small electronic device that you can use to store bitcoin and spend it without exposing your private keys to the internet or viruses.
- An infected device can still trick you into entering your seed phrase or sending to their address. You still need to be alert.
The basic functions of a wallet are to:
- send / receive bitcoin
- create a wallet password
- create a backup of your wallet
- Don't talk about your own bitcoin holdings.
To send bitcoin, copy & paste the receiver's bitcoin address into the "send to" field of your bitcoin wallet.
Sending bitcoin has a transaction fee. Fees should be handled by the wallet software, so you shouldn't need to worry about fees as a beginner.
- Wallet generated QR codes can be scanned by devices like smartphones to autofill bitcoin address and amount payable.
Bitcoin uses unique bitcoin addresses generated by the wallet to receive bitcoin.
To receive bitcoin, give a bitcoin address generated by your wallet to the sender and the sender can copy & paste the address into their wallet's "send to" field.
- Wallets generate as many bitcoin addresses as needed.
- Wallets can generate bitcoin addresses while disconnected from internet and will receive bitcoin sent to it.
- Wallet generated QR codes can be scanned to autofill in bitcoin address and amount payable into a wallet.
- Seed Phrase
Most wallets generate a list of 12 or 24 words known as a "seed phrase" for you to backup. A seed phrase is a popular wallet standard so you should be able to recover your wallet using a seed phrase with almost any Bitcoin wallet.
For the highest security, you want to generate this offline so that it never gets exposed to the internet. See the wallet backups tab to learn how.
- Backup file: this digital file backs up the whole wallet and can be used to restore it. Typically, the backup file can only be used to restore your wallet using the same wallet program that you used to make the backup file.
- Private key(s): this is a long string of characters/numbers that backup just the one associated bitcoin address. For almost all wallets, you have to go out of your way to retrieve individual private keys because the seed phrase backup method is more convenient and safer.
Bitcoin Address Example:
Private Key of the above Bitcoin Address:
- If you decided to backup private keys, know that if you ever spend from it, many wallets send the remaining bitcoin to a new bitcoin address meaning you need to backup the new bitcoin address and private key that the remaining bitcoin was sent to. If this happens, the old private key will be empty.
- Never share your backup and store it securely. (see wallet backups tab)
- Record seed phrase in exact order it was given.
- Seed phrases can be generated while disconnected from internet. (recommended)
You can recover your wallet by typing in the original seed phrase words (in the exact order it was given to you during the intial wallet setup) into the new wallet's restore feature.
- Best practice is to only enter seed phrases on offline devices or at minimum a dedicated bitcoin device.
- Never type in your seed phrase when asked unless you specifically called for the action to restore your wallet.
- Never type seed phrases into a web browser.
- Type the seed phrase in the exact order it was originally given for a successful restore.
If you are new or want to be cautious, try:
Sending a test transaction to the wallet first. Just a small amount. Then check if your wallet received the bitcoin.
Doing a test backup and restore. Test with a small amount of bitcoin first and don't wipe your existing wallet with funds on it when testing. Test restoring on another device or as another login user for the operating system.
- The same wallet can exist on multiple devices.
Separate the bitcoin you plan to spend frequently with from the bitcoin you plan to store long term for security.
In other words:
Store bitcoin you plan to secure for medium / long term offline or on a hardware wallet.
Keep smaller amounts you intend to use for things like shopping on a wallet that will connect to the internet regularly such as a Lightning wallet.
If you want to increase the privacy of yourself and others, avoid re-using bitcoin addresses to receive bitcoin. Generate a new bitcoin address once your bitcoin address has received bitcoin.
Most wallets generate a wallet backup called a seed phrase during the initial setup. A seed phrase should always be generated offline for the highest security and it's strongly recommended for wallets you plan to store medium to high values.
The general steps you'd take to do this are; download a wallet, disconnect the internet, then install it and complete the initial wallet setup where it will generate the seed phrase for you to backup.
You can generate a seed phrase on any desktop, laptop, mobile device or hardware wallet. Below, we'll describe different options on how to generate a seed phrase offline so that it's never exposed to the internet.
Requirements: Dedicated desktop/ laptop/ tablet/ smartphone, internet access (WiFi or Ethernet)
An old device works great for this!
- Prepare a clean device that you want to delegate as your dedicated offline device.
Either re-install the operating system, use the "Reset this PC & Remove Everything" option for Windows 10, do a factory reset for Android/iOS mobile devices or if you know for sure the device is clean then continue.
- Connect your chosen device to the internet temporarily and download a wallet. If you're using an Android/iOS device, download a wallet from the app store.
If you want to send bitcoin from your wallet while remaining disconnected from the internet, you can do this using a method called PSBT. Electrum is a wallet that can perform PSBTs. Here is a guide on Electrum Offline Transactions (PSBT).
- Important Step: Disconnect the internet and never reconnect it.If you're using wifi, disable WIFI and enable airplane mode. If you're using an ethernet cable, disconnect it physically and disable the ethernet adapter in the operating system settings.
- Install the wallet you downloaded.
- Open the wallet and go through the intital setup process and make sure you record important info such as the seed phrase and passwords. Most wallets generate a 12/24 word seed phrase for you to backup and will ask you to create a wallet password to unlock the wallet. Some wallets allow you to add a password to the seed phrase itself so that if someone finds it, they'll need the seed phrase password in addition to the seed phrase to access your funds - please do this as well, if offered.
- Now that you have your seed phrase and password(s), plan on how you want to securely back them up. Execute the plan (or at least partially) before continuing so that if your device dies right now you have the info to restore your wallet. See tab "SECURING YOUR SEED PHRASE LONG TERM" for options.This may include recording it physically, secret hiding places, encrypted storage devices, hints, a home safe or a bank deposit box. Each option has pros and cons and you might find that using a combination of methods suits you best.
- When you're ready, proceed to send bitcoin to the wallet. You can even send a small test transaction first, then check the bitcoin address on a Bitcoin block explorer to see if it received the bitcoin.
- If you want to be extra secure, you can delete the wallet from your device and restore it with the seed phrase (and password if created) when access is needed. A step further would be to bring your device back to a clean device state (like from step 1). Only do this AFTER you have executed your plan for securing and storing your backups.Using a Hardware Wallet
- A hardware wallet will generate a seed phrase for you during initial setup. It should also ask you to create a wallet PIN and/or password to unlock the wallet - do both if offered. The device is already disconnected from the internet, so no extra steps needed there.
- Now that you generated the seed phrase and wallet PIN/password, you can plan on how you want to securely back them up. See next tab "SECURING YOUR SEED PHRASE LONG TERM" for options.
This may include recording it physically, secret hiding places, encrypted storage devices, hints, a home safe or a bank deposit box. Each option has pros and cons and you might find that using a combination of methods suits you best.
- When you're ready, proceed to send bitcoin to the wallet. You can even send a small test transaction first, then check the bitcoin address on a Bitcoin block explorer to see if it received the bitcoin.Storage Options
When planning how to secure your backups you need to think of a few things:
Things You Can Put Your Backup On
- What you want to store the backup on
- Where you want to store your backups
- How many backups you want to create
Physical material (Most Common)
You can write down your seed phrase on a durable, disaster resistant material with a permanent long lasting ink.
Alternatively, you can purchase durable metal products designed to store your bitcoin seed phrase for a long time.
If you need to access the bitcoin, simply enter your seed phrase into the wallet's restore feature (preferrably done on a dedicated offline pc or at minimum a dedicated bitcoin pc)Resources
Encrypted USBs / SD Cards / Drives: (More Advanced & More Maintenance)
You can store your seed phrase on multiple encrypted USBs / SD Cards / Storage drives .
Make sure you encrypt the storage device with a difficult password and have multiple encrypted backups because they can break or become corrupted over time since they are electronic.
Don't forget the password to the encrypted devices. Only access the devices through a clean computer, preferrably a dedicated offline PC. If you record the encrypted device's password somewhere, make sure you store it separate from the encrypted devices.
Some devices are designed to be more security oriented than others, for example some more expensive USB thumb drives use tamper-resistant epoxy for physical attacks and some can wipe themselves after X amount of failed login attempts (You need to be very cautious in your planning if you use these devices). See Best secure drives 2020: top USB drives to protect your data (Article)Tips
- Storage requirement for storing wallet backups and passwords is very minimal. Even a 1 GB storage device is enough to hold the data.
Places To Store Your Backups
- Just because something is encrypted doesn't mean it's completely safe from physical attacks, so don't leave them in open public.
- This method requires extra maintenance and routine check-ups to ensure devices are in working order. You should add new encrypted devices to the pile periodically to reduce your chance of all devices dieing at the same time.
You can store backups in secret hiding spots, hidden items, a personal safe, a bank vault, etc.Additional Security
For additional security, put your backups in a waterproof bag and a fire resistant bag. You can put any electronic devices in a faraday bag. You can also put items in a tamper-evident bag. These can all be purchased on things like Amazon.
- Important Step: Disconnect the internet and never reconnect it.