Bitcoin User Security Best Practices
In this article, we learn about the best practices for user security on the Bitcoin blockchain network.
Table of contents.
- Introduction.
- Physical Storage.
- Hardware Wallets.
- Balancing Risk.
- Diversifying Risk.
- Multi-signature Wallets.
- Survivability.
- Buying Crypto.
- Summary.
- References.
Introduction.
Even though we have had a lot of experience with physical security controls such as security guards, picture identification cards, motion, and thermal sensors, and biometrics among others, digital security is something new and we are still learning. Operating systems both phone OS and computer OS are insecure and therefore cannot be used to store digital currency. This is because they have installed a lot of other third-party software created by different authors with different levels of expertise all having some access to the system. Among these many applications, a poorly coded one or a rogue one could cause the loss of digital assets.
Bitcoin and the cryptocurrency ecosystem have escalated the problem by creating digital assets with intrinsic value that can be stolen or change ownership irrevocably. Compared to compromising credit card information and bank accounts that could then be fenced or laundered, bitcoin frees hackers from having to fence or launder digital assets because the intrinsic value is within the asset itself.
Despite the above, Bitcoin has also created the incentives that motivate people to improve computer knowledge and security, in that, a user holding Bitcoins in a computer system is forced to improve his/her own security to protect the digital assets. This is because, unlike the former financial cyber crimes which were not clear, Bitcoin makes the risks clear enough for users to take appropriate action. This has led to hackers getting creative and at the same time, security systems being improved. In other words, hackers have incentives when hacking since the possession of the digital asset itself is the prize, and on the other hand, users are also incentivized to protect their digital assets.
In this article, we learn about the best practices for user security on the Bitcoin blockchain network.
Physical Storage.
Physical security has been trusted and it provides most people with comfort knowing that hackers need to physically compromise them for them to lose funds.
Bitcoin wallets don't store actual coins instead they store a set of keys that are used to access funds on the blockchain. This means that the keys can be physically stored on a piece of paper or a flash disk or even a bank safety deposit box.
We have learned about paper wallets which are physical wallets with QR codes that provide access to coins on the blockchain. We have also learned about how bitcoins can be stored on a USB stick and used for day-to-day transactions. All these are forms of cold storage. Although they can be used for day-to-day transactions, they are mostly used to store value.
Hardware Wallets.
Hardware wallets hold Bitcoins securely, they have limited interfaces and are therefore very hard to hack.
The following image shows an example of a hardware wallet;
Examples of trusted hardware wallets include Ledger Nano S, Trezor Model One, SafePal S1, Steel Bitcoin Wallet, Trezor Model T-Next Generation, D’CENT Biometric Wallet, SecuX V20 Most Secure, and SecuX W20 Most Secure.
Hardware wallets can be compared to a wallet or purse that one carries around but instead of carrying a few thousand can hold keys that have access to millions or billions on the blockchain. Just like we secure our wallets and purses we should also secure hardware wallets because once they are lost, the cryptocurrency cannot be recovered. It is therefore advised to diversify the risk. We discuss this in the following sections.
Balancing Risk.
Bitcoins can be lost either by the user being compromised or the user losing keys due to human error. For example, a user may be very cautious and opt to bury keys under many layers of encryption and make backups after which he/she loses a password or the backups.
In such a case, if the keys are also the funds are also lost. To summarize this point, securing bitcoins too well could also lead to a loss of funds.
Diversifying Risk.
Diversifying risk involves not keeping all our eggs in a single basket. In the case a user has stored all his/her coins in a single wallet, once the wallet is compromised so are the funds. On the other hand, if the users spread the risk across multiple wallet addresses, then even if one is compromised, the user will still have the rest secure and this action will act as an incentive for him/her to better secure the left bitcoins in order to prevent the next attack.
In addition to the above point, it is also advisable to use different wallet addresses for transactions, this makes sure that nobody can trace transactions back to you. Most wallets provide the option of 20 different wallet addresses, there are also options to generate more addresses according to the user's needs.
Apart from using different wallet addresses, we can also opt to use different wallets altogether because it does not matter how many addresses a wallet can generate, as long as the funds end up in the same wallet once the private key of the wallet is compromised so are the funds.
Multi-signature Wallets.
Multisignature wallets of multisigs are wallets that require multiple keys for a transaction to execute. They should be used by a group that holds a huge amount of Bitcoins such that multiple parties have keys that are required to execute a transaction.
In this case, even if a single key is lost, the funds are still secure because for the hacker to compromise the funds, he/she still needs the remaining keys. We can think of this form of security as a safety security box or volt in a bank that requires multiple keys to unlock.
Keys can be stored in different locations, this ensures redundancy. When a key is lost, the rest can be used to generate a new one.
Survivability.
Bitcoin is a decentralized system and as such, key holders are responsible for their own accounts. Unlike banks where when the account holder is deceased the family can claim the remaining wealth, Bitcoin holders risk loss of funds in the case of death. If the account holder passes away, the family will still not be able to recover the funds unless they have the private keys.
Large Bitcoin holders are advised to share their keys with trusted parties such as relatives or lawyers such that in the case of death, the funds are still available.
Buying Crypto.
The world of cryptocurrency is unregulated, there are no laws and as such if one loses his/her funds through scamming there is no law to protect such a person, therefore, we should take extra precautions to protect ourselves.
The following is a list of websites where one can buy Bitcoin or any other cryptocurrencies;
- Coinbase - This website supports a lot of cryptocurrencies not just Bitcoin. Its transaction fees are reasonable.
- eToro - it is regulated and beginner-friendly.
- Blockchain.com - crypto wallet, mobile, and web app, discounts on high volume transactions.
- Crypto.com - mobile and web app, a wide range of cryptocurrencies, discounts on higher volume transactions.
These are just some of the few most popular sites to checkout. If there are others out there not mentioned here, we can check if a site is a scam using other sites like Scam Adviser or read a website's reviews from other sites like trust pilot.
Summary.
Operating systems both phone OS and computer OS are insecure and therefore cannot be used to store digital currency.
Securing bitcoins too well could also lead to loss of funds.
Diversifying risk involves not keeping all our funds in a single wallet, instead of spreading the risk to multiple wallet addresses.
Multisignature wallets of multisigs are wallets that require multiple keys in order for a transaction to execute. They are effective in decentralizing control of funds e.g escrow accounts and at the same time are secure compared to single key wallets or accounts.
Bitcoin is a decentralized system and as such, key holders are responsible for their own accounts