10 Rules to Securely Use Your Cryptocurrency Hardware Wallets

10 Rules to Securely Use Your Cryptocurrency Hardware Wallets

Purchase the wallet only from its official vendor instead of a reseller to reduce the probability of itbeing counterfeited or tampered with. There was a case in which an eBay reseller managed to accessbuyer’s even if he sold them legitimate and unopened products.

A pre-initialized hardware wallet could just carry a wallet that is a copy of a wallet which could havebeen installed by a scammer. Make sure that you are the only person to initialize your hardwarewallet before you use it. Go through the initialization setup for your hardware wallet provided on itsofficial website.

Never use recovery words that have been pre-selected. Always make sure the wallet has beeninitialized from zero and use only new random on-device generated recovery words. The person thathas the recovery words is able to access the wallet and steal its coins.

Before you purchase your hardware wallet, make sure that you will receive a document or some sortof proof that shows the origin, authenticity, or integrity of the product. Try to find the softwaredeveloped by the device manufacturer which can interrogate a Secure Element embedded on thedevice and prove the device’s integrity.

Go through the verification instructions given by your wallet provider (Ledger has availableinstructions for verifying attestation through its secure element attestation).

A very important rule that sometimes overlooked is verifying the backup. Your wallet backuprepresents a set of recovery words. You can test the recovery words to see if they work on a differenthardware wallet device.

If the wallet has been completely and successfully recovered, then you can be certain that thebackup works. After this, you have to erase or reset the test hardware. It is not recommended to useyour usual computer or software wallet to check if the backup works.

The instructions for performing a recovery test for your backup seed should be provided by yourvendor.

Do not type the recovery words into a computer or take photos of them or print them. The only safeway to store your recovery words is by writing them down on paper. You could later on laminate thepaper so it can stay safe against environmental factors that might degrade it.

Store it in a place that only you have access to. Keep in mind that the wallet’s PIN code does notguarantee fund protection if an attacker gets a hold of the wallet physically and finds the recoverywords next to the device. Under no circumstance do you store the wallet alongside the paper whichcontains the recovery words.

A desktop software that is backdoored can be a threat to your funds. Hardware wallets make use ofdesktop software for transaction initialization, firmware updates for the device, as well as otherimportant operations.

In order to prevent an attacker from tampering with the device software after it has been installed,there should be reproducible builds and code-signed executables available. By using code-signedexecutables, the operating system automatically verifies the code signatures each time theapplication is launched, as opposed to manual verification, which is usually only done once.

If just one computer is used to access and operate your hardware wallet, it can provide even moresafety as it is not used for daily tasks, thus reducing its exposure to other online threats that mightcompromise it, and by association your wallet.

By option to use your hardware wallet only from a PC that has immutable configuration, you increasethe security of your private keys. This computer would have to be disconnected from the Internet,and dedicated exclusively to initiating and signing transactions via the hardware wallet.

First, you will have to disable all of its firmware configuration (for instance, restrict boot devices,disable network boot, etc.) to make sure that nothing connects to it during its booting process.

“Multi-signature” is the process which involves more than one key when authorizing a transaction.This feature offers protection against a single point-of-failure. A multi-signature wallet will generatemultiple keys which can be kept in separate hardware wallets.

Multi-signature wallets are formed by merging a number of private key-owners into one addresswhich is stated in a script. This type of address is called P2SH or “pay-to-script hash”.

This process of creating the address is performed in the user interface of the desktop software viathe use of public keys, not the hardware wallet. If you use a compromised PC when the scriptgenerates the new P2SH address, then the hacker may be able to modify the script terms and attachitself to the multi-sig wallet.

This means that he could secretly insert himself as an additional owner to the address and thus gainaccess to said joint wallet.

Final Thoughts

With this, we conclude our article regarding how you can increase the security of your hardware wallet. It may seem a little too much (or paranoid, by some accounts) to implement all these rules,but as recent reports have shown us, greedy malevolent actors stop at nothing to get the digitalfunds of others.

 

source: https://coindoo.com/10-rules-to-securely-use-your-cryptocurrency-hardware-wallets/

TheBitcoinNews.com is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network Tippin.me tool!

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

Loading...
No comments yet, be the first to comment this article