Security issues: How to safely store Bitcoin
Since its introduction in 2009 as the first crypto-currency, Bitcoin (BTC) has gained a lot of attention: both good and bad. Through these years, Bitcoin has been associated with a series of scams, money laundering, hacks, thefts, loss of wallets, and failed “Bitcoin exchanges”. As witnessed during 2013, BTC continues to gain popularity among people at an exponential rate, and more and more people are interested in buying BTC. However, most new users are unaware of the security issues that come with the crypto-currency. This article provides some basic guidelines for an inexperienced/new user about how to keep BTC safe and secure.
The basics: Bitcoin address and Bitcoin private key
Before we discuss how bitcoins can safely be stored, it’s necessary to understand some of the basic features of the bitcoins, namely Bitcoin address and Bitcoin private key. A Bitcoin address, or simply address, is a unique identifier of 27-34 alphanumeric characters, which allows the users to receive or send Bitcoins. Addresses can be generated online and are accessible publicly, hence are not secure, however with every Bitcoin address there is a matching private key which makes Bitcoin transactions safe and secure. A private key is a secret code which allows the user to prove his ownership of his Bitcoins. The private key is saved in the wallet file of the person who owns the balance. The private key is mathematically related to the Bitcoin address, and is designed so that the Bitcoin address can be calculated from the private key, but importantly, the same cannot be done in reverse.
Because the private key is the “ticket” that allows someone to spend bitcoins, it is important that these are kept secure. Private keys can be kept on computer files, but they are also short enough that they can be printed on paper. An example of a utility that allows extraction of private keys from your wallet file for printing purposes is pywallet. In case the private key is stolen or lost, the user/owner no more has any control over his/her bitcoins and anyone who gets his hands on the lost/stolen key can spend the bitcoins associated with the private key that was stolen or lost.
Are private keys secure with wallet service providers?
Wallet services like Blockchian.info do not save users’ private keys in un-encrypted form; however, for practical purposes they do store encrypted (hence safe) private keys. For example, the wallet service provided by Blockchain.info operates in two modes:
Zero-Trust Mode: Users can choose to add Bitcoin addresses without private keys. This method is potentially more secure as in the event of a security breach of blockchain.info there is no possibility of user’s funds being compromised. However, users are responsible for their own private keys, i.e. the users must store their private keys somewhere safe e.g. a paper wallet.
Private Key Mode: Users’ private keys are stored inside the encrypted Wallet. In order to be able to decrypt the wallet the users need a password. The password is not stored on Blockchain.info’s servers, so in the event of a security breach the user’s keys should still be safe.
Wallet backup applications such as MultiBit also store the users’ private keys in encrypted form, which the users can decrypt by providing a password. In other words, wallet backups contain the private keys in the backup file; however these private keys can only be accessed by the user with the password set by the user himself.
How to store bitcoins safely?
The easiest way to store bitcoins is to use a digital/online wallet service; there are a number of wallets available these days to store the bitcoins. Wallets like Bitcoin-Qt, MultiBit, Armory or Electrum are among the most popular for storing bitcoins safely (provided the user’s computer is secure as well). A BTC wallet is like a real wallet filled with cash. Online wallets and exchanges look like online banks. However, the users should always choose such services carefully as some of these services don’t provide enough insurance and security to be used to store your money like a bank. Using security features like two-factor authentication can help to increase the security of the wallets.
It is not good practice to keep large amounts of bitcoins in an easily accessible manner such as a mobile wallet. Instead, one should keep small amounts on a computer, mobile or online for everyday use and the remaining part on physical drive, encrypted and locked away safely. At the same time, one should never keep all the bitcoins in a single wallet, using multiple wallets is always a better idea than using a single wallet.
Making your wallets more safe with wallet backups
Storing wallet backup in a safe place can provide protection against computer failures and human errors. It also allows the user to recover the wallet in case the user’s mobile or computer is stolen if the wallet is encrypted. Some wallets use many hidden private keys internally. If the user keeps only a single backup of the private keys for his or her Bitcoin addresses, he or she might not be able to recover all the funds with the backup. If the backup is not dependent on a single location (online, local or physical), it is less likely that any unforeseen event will prevent the user from recovering the wallet. The best practices include using different media like USB keys, papers and CDs for storing a backup of the wallet and private keys.
Any backup that is stored online is highly vulnerable to theft. Even a computer that is connected to the Internet is vulnerable to malicious software. As such, encrypting any backup that is exposed to the internet is a good security practice. The wallet backup should be updated on a regular basis to make sure that all recent Bitcoin change addresses and all new Bitcoin addresses created by the user are included in the backup.
Encrypting the wallet or the mobile device used for accessing the wallet allows the user to set a password for anyone trying to withdraw any funds. This helps protect against theft, though it cannot protect against keylogging hardware or software. The users should make sure that they never forget the password as without the password funds will be permanently lost.
Unlike a bank, there are very limited password recovery options with Bitcoin. If possible, one should keep a paper copy of the password in a safe place like a vault. Any password that contains only letters or recognizable words can be considered very weak and easy to break. A strong password must contain letters, numbers, and punctuation marks and must be at least 16 characters long. The most secure passwords are those generated by programs designed specifically for that purpose. Strong passwords are usually harder to remember, so the users should take special care in memorizing it.
What is cold storage?
An offline wallet, also known as cold storage, provides the highest level of security for bitcoins. It involves storing a wallet in a secured place that is not connected to the internet/network. When done properly, it can offer a very good protection against computer vulnerabilities. Using an offline wallet in conjunction with backups and encryption is also a good practice. An example of the cold storage approach involves having two computers sharing some parts of the same wallet. The first computer must be disconnected from any network. It is the only one that holds the entire wallet and is able to sign transactions. The second computer is connected to the network and only has a watching wallet that can only create unsigned transactions. To securely issue a new transaction with this kind of set-up, the user can, a) create a new transaction on the online computer and save it on an USB key, b) sign the transaction with the offline computer, and c) send the signed transaction with the online computer. Because the computer that is connected to the network cannot sign transactions, it cannot be used to withdraw any funds if it is compromised. In order to take advantage of cold storage as described above, the users have to subscribe to services like Armory and Electrum. Traditional Bitcoin wallets like MultiBit do not provide cold storage, at least not in the form discussed above.
For more details on how to use cold storage, contact Payment21® consulting services.
What are the alternative ways of storing bitcoins?
Paper wallets are another variety of wallets to store the bitcoins independent of a computer. When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of bitcoins being stolen by hackers, or computer viruses. Paper wallets can be created with the help of websites like BitAddress.org or BitcoinPaperWallet.com.
Although not in production yet, hardware wallets are the best balance between very high security and ease of use. These are devices that are designed to be a wallet and nothing else. No software can be installed on them, making them very secure against computer vulnerabilities and online thefts. Because they can allow backup, funds can easily be recovered in case the device is lost.
Finally, using the latest version of the Bitcoin software allows the user to receive important stability and security fixes. Updates can prevent problems of various magnitudes, include new useful features and help keep the wallet safe. Installing updates for all other software on the computers or mobile devices that host the wallets is also important to keep the wallet environment safer.
To conclude, Bitcoin wallets need to be kept safe and secured, and encrypted to avoid any theft or loss. Huge amounts of Bitcoin should not be stored in clouds, exchanges and wallets. One should not keep a backup copy of the wallet unsecured. Having a good and updated antivirus software on a PC with a Bitcoin client and fully updated OS and third-party software is essential.
To learn more about Bitcoin security issues, contact Payment21® consulting services.