1 insertion
There comes a time in every crypto-holder ’ sulfur life when he or she has to take a unplayful look at how plug their current holdings are. Over the years, I ’ ve witnessed multiple people storing their crypto in ways that are begging for trouble. This includes the come :
- Leaving their coins in an exchange wallet (with or without 2FA enabled).
- Using a browser-based wallet with an unsecured computer.
- Using a mobile wallet with known security flaws.
- Storing a wallet on a rooted mobile.
- Using a software wallet on their virus riddled PC.
- Not using a hardware or paper wallet to store large amounts of crypto assets.
You shouldn ’ triiodothyronine be leaving your coins on an exchange, and if you can avoid it, you shouldn ’ metric ton be using a software wallet. If you ’ re going to take away anything from this article, make it the fact you must obtain and use a hardware wallet or a paper wallet if you hold more crypto than you are will to lose. If you ’ re concerned in general security system practices, it ’ s worth checking out our post on OPSEC and the best way to stay safe as a cryptocurrency holder on-line .
To drill this point home get ’ s outline some former know events in which users have lost obscene amounts of crypto.
Note: We’ve also published a new for 2020, in-depth Ledger Nano X. We ’ ve besides published a fresh for 2020, in-depth Ledger Nano S review arsenic well as a review of Ledger ’ s latest state-of-the-art hardware wallet, the
2 Known Hacks & Losses
The following are ( largely holocene ) events in which large amounts of cryptocurrency were compromised resulting in losses for the victims. I ’ m not going to list every exemplar, these are cases off the top of my head and should be enough to give you an idea of how common this is. There are probable many exchangeable cases every class that are not made public by the victims. I ’ ll update this list sporadically .
As you can see, securing your coins should be taken seriously ! 
Let ’ s discourse one of the two decent options for securing your crypto : hardware wallets. Paper wallets are besides a good option in certain circumstances but are not as suited for regular access to your funds on an internet-enabled calculator, so we won ’ thyroxine examine them here. Paper wallets are discussed in our blockchain guides .
3 Hardware Wallets – Ledger Nano S vs. Trezor
There are many hardware wallets available, and most manufacturers offer many models. For the sake of simplicity, we are only going to discuss these two options nowadays, as they are normally promptly available and are arguably the most popular. The KeepKey deserves mention here besides as it ’ south been getting some positive reviews .
The bearing of this article is not to shill you my favorite hardware wallets, however, it ’ s an significant leverage, so let ’ s briefly go over the pros and cons of these two :
|
Pros |
Cons |
|---|---|
| Affordably priced device with screen | Currently less adopted than the Trezor |
| Passphrase support | |
| Support for multiple currencies | |
| Integrates with various software wallets |
|
Pros |
Cons |
|---|---|
| Has screen | Recent security issues (patched) |
| Passphrase support | More expensive |
| Support for numerous currencies | Slightly fewer currencies supported |
| Integrates with various software wallets |
decision
The Ledger Nano S takes the cake largely due to price and currency back. That ’ s not to say other hardware wallets aren ’ triiodothyronine well. Do your own research and buy a wallet that ’ s right for you. And remember, always purchase your hardware wallet direct from vendors or authorized distributors. Never purchase from Amazon, eBay or third parties if you can ’ thymine be surely the device hasn ’ thymine been tampered with .
Click here if you ’ d like to purchase a Nano S directly from Ledger .
4 Ledger Nano S – Safe Setup Guide
Before we get started, let ’ s concisely partake on the standard that the Nano, and most hardware wallets, presently use. BIP 39 .
BIP 39 is a Bitcoin Improvement Proposal for the application layer which uses the implementation of a mnemonic prison term to generate a wallet. For the Ledger Nano S, this means you will be generated a 24-word mnemonic idiom which is used to create and restore your wallet. We besides refer to this as your seed .
apparatus
You ’ ve bought some Bitcoin, unbox your trade name new Ledger Nano S, and you ’ re cook to rock. Make sure any webcam or mobile phones are not pointed towards your Ledger device and get started by plugging the USB cable provided into your Nano S and then into your personal computer. Your Nano will load up and show a welcome sieve, you then have to press both of the buttons along the top edge of the device simultaneously to begin set up .
You ’ ll be asked if you want to configure the Nano S as a new device, you do, sol choose the tick for “ yes ” and press both buttons together to select .
You ’ ll then be asked to choose a PIN code. Don’t choose a PIN that you use for credit cards or other apps/devices, create a new fall. You can constantly use a password and choose the correspond letters on your call ’ randomness computer keyboard to create a new pin. Bear in thinker that we will be setting up two PIN numbers for your device ( explained late ). Press both buttons together and then enter your PIN number by using each button to motorbike through the digits, and both buttons together to select a digit. You ’ ll be asked to confirm your PIN code, repeat the procedure .
You ’ ll immediately be asked to write down your recovery give voice .
This is an important mistreat ; you won’t be able to verify your phrase without it written down so cause sure you do indeed carefully. We ’ ll be confirming your entire phrase subsequently excessively as this is what will be used to recover your wallet if your device is defective, lost or stolen. Scroll through the words and write them on the card provided. Once you ’ ra accomplished, urge both buttons together to continue .
now it ’ south fourth dimension to confirm your recovery phrase ( seed ) .
You will be asked to select a few words from your phrase that match the number given, to verify that you wrote it down correctly. Scroll through the words until you see the one that matches and click both buttons to confirm .
Congratulations, your device is now cook ! But not excessively fast, we have more work to do .
first let ’ s brand surely your device is up to date by clicking on the stick to :
Settings Device Firmware
Make certain your firmware version matches the latest version shown on the Ledger web site .
now we ’ ra going to attach a passphrase, more on this downstairs .
Using a Passphrase
The passphrase accession to a hardware wallet enables ( in essence ) you to hide multiple wallets on the device. technically, the passphrase ( or 25th seed discussion ) is not used explicitly in the BIP 39 standard. What it does is scrambles your seed according to a predetermined algorithm. however, don ’ thyroxine populate on this besides a lot, you only need your seed and passphrase to recover your device .
Here’s how it works:
- You can attach a passphrase to your device, with a unique pin.
- The passphrase acts like a password on top of your 24-word seed.
- You can then access either your default wallet derived from the 24-word seed,
- or your passphrase wallet derived from your 24-word seed plus your passphrase.
- The wallet you access depends on the pin you use.
- When it comes to recovering your device, you use the 24-word seed, then you attach the passphrase again (with new pin numbers if you wish).
Let ’ s go through the motions of setting one up. Click the following on your Nano to get to the passphrase frame-up page :
Settings Security Passphrase
You ’ ll be asked whether you ’ d like to set a temp passphrase to access a passphrase wallet promptly or to “ Attach to a PIN. ” For this article, we will be attaching a passphrase to a PIN .
Before attaching your passphrase you will be told that the feature is for advance users and to read the FAQ, you should do so. If you feel uncomfortable with this serve, then you should think about skipping it. however, it is highly beneficial from a security point of view, and we will go through the convalescence march multiple times to ensure you can recover correctly .
You will be asked to choose a secret PIN code, go ahead and enter a fresh PIN. This PIN will be used to access your passphrase wallet only. The PIN you set earlier will be used to access your default wallet .
once you ’ ve entered your passphrase PIN, you will be asked to enter a secret passphrase .
You can cycle through letters and symbols in this section to enter your passphrase. Your passphrase is a password on top of your seed, don ’ t use anything obvious ( treat it like a password ). Enter it carefully and be sure to check and confirm it when asked .
You will last be asked to enter your current PIN. This is the original PIN act you set up earlier .
once you ’ ve confirmed your stream PIN, your passphrase will be attached to your Nano S. Congratulations!
The reasoning behind attaching a passphrase is that you can store a little, credible sum of crypto using your default seed wallet. You then store your independent crypto holdings on the passphrase wallet. This way, if you or your seed are compromised, the thieves should only have access to your default wallet .
We ’ ll now go through the essential steps of testing and verifying your setup. Once you ’ ve completed the verification, you ’ ll sleep good at night knowing your Nano S is setup securely and your wallets can be restored successfully .
Verify Your setup
To verify your apparatus we are going to go through a number of steps to ensure your default and passphrase wallets are accessible and recoverable. To test the wallets, we will need to use some software for sending currency indeed run ahead and install Ledger Live. now you ’ re going to perform the adopt tasks :
- Login to your Nano with your default PIN, run the Ledger Live app and note down your wallet address.
- Login to your Nano with your passphrase PIN, run the Ledger Live app and note down your wallet address.
- Wipe your device by entering an incorrect PIN number 3 times.
- Restore your device from your 24-word seed. (Long and tedious, but it needs to be done!)
- Reattach your passphrase to a PIN.
therefore immediately you know you can restore your wallets, great ! But we haven ’ thyroxine made any transactions yet. So let ’ mho go ahead and make some.
Read more: Could These Altcoins Be Ethereum Killers?
- Send a minimal amount of crypto to your default wallet address.
- Send it back to wherever you sent it from.
- Send a minimal amount of crypto to your passphrase wallet address.
- Send it back to wherever you sent it from.
You can send and receive crypto, excellent ! But here ’ sulfur where I ’ thousand going to badly annoy you :
- Wipe your device by entering an incorrect PIN number 3 times.
- Restore your device from your 24-word seed.
- Reattach your passphrase to a PIN.
excessive ? possibly. But now you’ve verified you can send and receive crypto from both your wallets, and you have restored your device twice. You won ’ thyroxine panic if you need to do it again in the future ( possibly in a rush ) and you ’ ll be less probably to make mistakes. Congratulations, you ’ ve gained peace of mind, and you ’ ve only had to forfeit a little time and the monetary value of a Ledger Nano S. Superb bargain in my opinion !
Usage & Final Security Tweaks
finally, here are some usage and security tweaks to further secure your Ledger Nano S :
- Settings Security Auto-lock – Set this to 3 minutes.
- Settings Security Shuffle PIN – Set this to Yes.
- Always verify transactions on the device screen before approving them. That’s what it’s for; it protects against this.
- If you use a third party to send from the Nano (such as MyEtherWallet) always verify the domain and use a bookmarked link. Again, verify transactions on the Nano screen.
Click here to purchase a Nano S directly from Ledger .
5 Storing Your recovery give voice
now you ’ ve set up your Nano and double/triple/quadruple checked your recovery idiom ( semen ), we need to think about how and where you ’ re going to store it .
Let ’ s begin with how. typically, users store their seed written in pen on the card that comes with their Nano. I ’ m not an preach of this, as wallpaper doesn ’ t have the properties of something that can withstand nature ( water or fire ). But there is a solution : steel .
Storing your seed on a device such as the cryptosteel will protect it against burn, water, electricity, and stains. These devices come with a survival of letters that can be inserted in the arrange required to spell your seed words. It ’ s a bit fiddly to get all the letters in, but worth the objet d’art of take care you ’ ll catch from having your seed phrase safe and fathom, forged in sword. You only need to record the first four letters of each bible for a dependable stand-in, so the cryptosteel mnemonic is the one for the job. If you don ’ triiodothyronine feel like splashing out, you can constantly obtain a sheet of steel and use a hammer, and some letter punches to store your seed .
now you ’ ve got your seed protected from the elements, we can think about where to store it. The best choice, in my opinion, is a base hit deposit box. You ’ ll necessitate to check with your local anesthetic bank as to whether or not they have this facility, but you should be able to find at least one bank offering this service nearby. Depending on your level of paranoia, you could besides buy another cryptosteel and hide/bury one somewhere. In your backyard, for exercise. Although, I would not advise storing a copy of your seed anywhere insecure if you haven’t used a passphrase. In this case, I would recommend you split the seed in two ( 12 words each ) and storehouse in two separate dependable locations, for model, two safety lodge boxes in different banks .
The adjacent subject I ’ thousand going to touch upon is sharing the placement of your seed with your husband/wife/parent/significant early. many may not be comfortable with this, but if you want your spouse or syndicate to have access to your funds should the unthinkable happen, you ’ ll want to take natural process. There are probably ways in which they could only get access in the shell of your death ( in a will, for exemplify ), therefore this might be a better option. Remember, if you ’ re using a passphrase on your Nano, they ’ ll need to know this besides. They can know the passphrase and without access to the seed, have no access to your funds .
6 Memorizing Your convalescence give voice
While memorizing 24 words, in decree, may seem like a daunting tax, I can assure you it ’ s a patch of cake. The approach we will use is called : The Method of Loci .
The Method of Loci 
The method of locus, besides known as memory travel, memory palace, or mind palace technique, is a method adopted by the ancient Romans and Greeks. Since its origin, it ’ randomness been used, in some human body, by many memory competition champions to recall building complex lists, numbers and diverse early items .
How It Works
Imagine you are walking back into your childhood home. Do you remember the layout ? Can you visualize some of the items in each room ? normally, the answer is yes. This is because most people are more effective at remembering using spatial memory than explicit memory, which means they can remember things which fit into spaces more well than they can remember lists of words or numbers .
To memorize our seed, we will take an complex number walk through our childhood home ( or any build that you see match ) and integrate the words from our sow. They can be incorporated in any way truly, if words are peculiarly obscure, try to think of rhymes or related items to include in your floor to help you remember. Your house is real, but the fib you create can be pure fabrication .
The Story
Let ’ s begin with a randomly generated BIP 39 mnemonic sow :
mother pelican drastic minimum twice arouse enter museum firm purity hurry cage nephew part bulb fender news frost marble savage afraid pin width service
caution : Do not use this seed under any circumstances. If you use it, badly actors can and will access your funds. Your hardware wallet will generate you a singular seed during setup .
now, let ’ s tie these seed words to a story as we walk through our dwelling :
| I enter the front door into the kitchen and my beget is frying lamb chops (my favorite) at the stove. She is wearing an apron with a large pelican design across the front. drastic rhymes with plastic and she’s using a plastic spatula. She’s only cooking one lamb chop, that’s the minimal lamb chops someone can cook! I walk into the living room and turn the light on and off twice. Being here provokes childhood memories. My father figures the room; he’s been on a trip to the museum with his firm. My father quickly mentions the purity of the new coffee beans he’s purchased but has to rush into the dining room to let the dog out of its cage. My nephew plays with the frump in the dine room. He ’ mho equitable finished eating a assemble of cake. He turns the lamp on and off ; the pawl likes seeing the bulb ostentation. My father is sat at the dining table watching the small television. A fly is on the news talking about a perturb bring due to the frost . I take my nephew upstairs to the bedroom to find my old marble set. We find it, and he has a blast play with it. I ’ thousand afraid he ’ ll end up eating one though. I head back downstairs and notice the photograph of my grandfather on the rampart. There is a flag in the background, the photograph frame is very wide, but I don ’ triiodothyronine know the specific width. I think about how my grandfather must have felt spending during his years of service with the armed forces . |
And there we have it, a weird and fantastic fib incorporating our 24 words from our seed phrase. It ’ s far more words than the original 24, but I can assure that it will be much easier to memorize. Don ’ triiodothyronine save your report on any electronic device and if you write it down, do therefore away from any webcams or mobile phones with cameras ( paranoid much ? ). now here ’ randomness how we store it in our long-run memory :
set Reminders
You ’ re going to need to review your story regularly to imprint it in your memory for easily access down the cable. To do this, merely set a issue of reminders in your calendar to practice your story. Start off using your sow phrase written down as a steer and then lento try to recite your floor using less and less avail from the guide. After foremost creating your fib, spend a good 30-60 minutes going over it and trying to memorize it. For the comply days, you will need much less time to recite your history. possibly 5 minutes or therefore at foremost, to good a few seconds once you ’ re begin to remember the solid fib without looking at your seed idiom .
- For the first week, set a daily calendar reminder to recite your story.
- For the following three weeks, set a reminder for every three days.
- For the following month, set a reminder for every week.
- For the following year, set a reminder for every month, or until you know it like the back of your hand.
This process will reinforce the nervous pathways used in your brain to locate the information. By the time you are finished your 24 words will be imprinted in your memory constantly !
To see more about this proficiency check out these Youtube television from Ron White and Joshua Foer. Joshua can remember the first 100 digits of Pi, and pretty much anything else ! He is a erstwhile U.S.A. Memory Champion .
7 Worst Case Scenarios – Are You Covered ?
If you followed the advice in this article, you should be on the way to having secured your crypto holdings for most scenarios ( short of the Apocalypse ). Let ’ s see how well your frame-up holds up to the pursuit manque disasters :
|
Scenario |
Result |
|---|---|
| Your Nano is stolen. | No big deal, you have your seed backed up and memorized. Buy another Nano or use a BIP 39 recovery tool (if urgent) to restore your wallet. |
| You’re hit on the head and suffer permanent amnesia. | Your significant other knows where your seed is stored and knows your passphrase. Let’s hope you’ve been treating them well or you might end up with a seed and no passphrase! |
| The bank’s safety deposit boxes are flooded. | Your cryptosteel is fine; your seed is also memorized. |
| The bank’s safety deposit boxes are burnt in a fire. | Your cryptosteel is fine; your seed is also memorized. |
| Your safety deposit box is compromised. | Your cryptosteel is in the hands of the thief. They can restore the default wallet which only holds a small amount your crypto. The rest is in the seed + passphrase wallet. Your seed and passphrase are memorized, so buy another Nano or use a BIP 39 recovery tool (if urgent) to restore your wallet. |
| You’re held hostage and forced to reveal your pin/seed. | You give them your pin/seed that’s not attached to your passphrase and hope that they believe it’s your main wallet. Beware the $5 wrench. |
| Death by lightening | While it’s sad you won’t be able to spend your crypto gains on yachts and Lamborghinis, at least your significant other will have access to your funds. They do have access to your seed and know your passphrase right? |
I hope you ’ ve enjoyed learning how to secure your crypto holdings. If you are rocking back and away in the corner uttering paranoid delusions, then my job here is done. Joking aside, you can never take security system besides badly when it comes to cryptocurrencies. We are entering a new earned run average, hacking and larceny are merely going to get more persistent – guarantee yourself now ! And remember :
Just because you’re paranoid, don’t mean they’re not after you.
If you haven ’ thyroxine already, it ’ sulfur worth reading our article on OPSEC and general security practices to help you stay safe in your day to day activities online ( including using crypto exchanges ). besides, please help us spread the word by sharing this article with your friends and family if you feel they would benefit from the advice we ’ ve outlined. Sharing is caring!
- Oct 18, 2017 – Originally posted.
- Nov 13, 2017 – Updated Known Hacks & Losses table to include details of the 2nd Parity Multi-sig vulnerability.
- Jan 3, 2018 – Updated Known Hacks & Losses table to include details of the EtherDelta DNS Hack.
- Jan 6, 2018 – Updated Known Hacks & Losses table to include details of the eBay Ledger Nano Scratch-off Seed Scam.
- Jan 29, 2018 – Updated Known Hacks & Losses table to include details of the Coincheck NEM hack.
- Jan 30, 2019 – Updated to include Ledger Live application.
Leave a Comment