How to Store Bitcoin Securely
As one of the most important topics on cryptocurrency, learning to store your money securely is absolutely essential if you are to use digital payments systems with the peace of mind that your money will still be available when you return. If you make a mistake in the area of storing your bitcoin or another cryptocurrency, there is a chance they will come under the control of someone else, so take heed when we say this is the most important aspect of being a holder. Storing bitcoin securely is a topic cryptocurrency holders must appreciate. Without the necessary understanding, your money susceptible to theft and hacking attempts.
When someone says that you hold bitcoin in a wallet, it is not entirely true. Think of a wallet as a key which unlocks a certain amount of bitcoin in circulation. There are never any bitcoin being transferred from wallet to wallet, but rather the ownership of the bitcoin is what’s being transferred. In fact, there is no such thing as bitcoin as a “currency” in the first place. There is no computer file or data to represent the unit of account itself. The only file associated is a wallet data file which acts as your representation on the blockchain ledger. Instead, when you buy bitcoin, you are essentially increasing the percentage of the blockchain which you claim control over. Your wallet is your key to that amount of ownership. In this sense, Satoshi was correct in labeling it as an “electronic cash system” and not a digital currency, because it is a payment system which was built and not simply a unit of currency. For the sake of simplicity, everyone still views bitcoin as a type of currency, when in truth the control of the blockchain ledger is what is being transferred, not the unit of account itself.
A wallet address functions much the same way an email address might function. Payments are capable of being sent from, and received at, a wallet address. These are the primary purposes of a cryptocurrency wallet. Each wallet is randomly assigned a string of characters which designate its address. For example, if you create a new wallet address you may have a string of 34 characters such as:
This would be the address shown in the blockchain ledger when you send and receive payments. As we have discussed, keeping your real-world identity separate from this string of characters is crucial if you wish to have your cryptocurrency holdings remain private.
Public Key Cryptography
There are two parts to a wallet address. The first is the public key, which is the 34 character string wallet address we just displayed, and the second is the private key. We must always keep our private key unknown to other parties, else the contents in our wallet are not truly controlled by the person using the wallet. Whomever holds the private key to a wallet, controls the ownership associated with the wallet on the blockchain. These two keys in combination are known as public key cryptography and they are what makes using and transacting with bitcoin so secure.
In order to transfer bitcoin from one address to another, a request is broadcast to the network that a certain amount of bitcoin now belong to the receiver’s address. This transfer is authorized by the sender’s private key and the miners verify the transaction through a hashing algorithm. Once the transfer is fully verified, they are added to the next block in the chain of transactions.
Bitcoin addresses are created by first picking a random number and creating an ECDSA (Elliptic Curve Digital Signature Algorithm) public/private key pair with them. This operation alone generates the private key – but bitcoin addresses are not simply public keys, but rather modified versions of them. The generated public key is then put through several SHA-256 and RIPEMD-160 operations, until eventually being converted into a format called Base-58. Base 58 is an encoding that removes the possibility of similar looking characters, such as lowercase L and uppercase I, as well as 0 and O. Finally an identifying number is added to the beginning of the address – for most bitcoin addresses, this is 1, indicating it is a public bitcoin network address.
The first recommendation in regards to using bitcoin securely, is only managing your funds on a computer that has a clean operating system. By this we mean free of malware, viruses, and other hidden key logging programs you may have no idea lurk in shadows on your computer. These programs will crawl your computer hard drive for wallet files and passwords, sending sensitive information to the attacker. Some programs even have the ability to take control of your webcam, microphone, and files without you being aware of it. If you suspect your computer is infected, use another one or reformat your computer in order to erase your hard drive and install a fresh copy of your operating system.
Not all operating systems are created equal. The most inviting operating system for hacking attempts is Windows. Although it is user friendly and compatible with most programs, it is relatively vulnerable by design. In contrast, the safest operating system you could use is a Linux system which runs 98% of the world’s supercomputers and comes in a variety of distributions. Linux can come with a steep learning curve and is not your operating system for typical mainstream needs, but when the essentials of security and performance arise, none best it. Take as many security precautions as you can, and remember that there is no such thing as a computer system which is impossible to hack. Because Linux provides the most resilient and reliable operating system, it is your safest bet, but not guaranteed to prevent hacking attempts to steal your holdings.
Dangerous hacking programs can get onto your system by opening email attachments, transferring files from media storage devices, and browsing unscrupulous corners of the web. The most common way hackers infect your computer is through email attachments. Therefore it is imperative that you never open an email attachment or download a file when you are unsure of the implications it will bring. Always obtain as much information about the properties of the file before you transfer it to your local hard drive.
When you are confident in the security of the computer you are using, the next biggest threat is that of handling your wallet information with complete confidentiality. When settling upon a password to access your bitcoin wallet, it is imperative that you tattoo the phrase into your mind in a way that you will surely never forget.
A brainwallet refers to the concept of storing bitcoin in one’s own mind by memorization of a passphrase. As long as the passphrase is not recorded anywhere, the bitcoin can be thought of as existing nowhere except in the mind of the holder. If a brainwallet is forgotten or the person perishes, the bitcoin are lost. The importance of remembering your password cannot be stressed enough. If you forget your password and do not have your private key, your money will be impossible to ever be reclaimed. Writing down your password somewhere private is a helpful deterrent in the event you forget your password, but it makes it accessible to someone who may come across it. Furthermore, the complexity of your password cannot be understated. It is very important when creating a brainwallet to use a passphrase that would be not be susceptible to a dictionary attack or brute force attack. If this is not done, theft is an eventual certainty if a hacker uses a high level of computing power. In the event of a brute force attack, an attacker will unleash a machine to continuously attempt passwords until they are locked out. Another method, a dictionary attack, will figuratively throw the dictionary at your login system, using word combinations found in the dictionary.
“The simple fact of the matter is that hacking a brainwallet password is a mathematical exercise that requires no internet access, no communication, and leaves no trace, so hackers can collectively try multiple trillions of passwords every second in the privacy of their own homes with the very same equipment they use for mining bitcoin.” (Bitcoin Wiki, 2012)
Backing Up Your Wallet
You may also want to consider making a copy of your wallet file and storing it with a cloud computing service (Google Drive, Dropbox, Microsoft OneDrive). In the case where you lose access to your wallet, you can restore it by opening your saved wallet file and using your password. Access to your wallet file alone will not give the user the ability to move your bitcoin unless you have left it unencrypted with no password.
As well as storing an electronic copy of your wallet file, you can also print out what is known as a paper wallet. Bitcoin storage does not entirely require the use of computers, and using a paper wallet is one of the safest methods of storing your bitcoin holdings. This method of storage works because the private key to your bitcoin wallet is printed on the paper, making it easy to enter the information when you want to access your wallet file. If you use a paper wallet, realize that it represents the key to accessing your bitcoin and should be kept in a safe location.
A final method to storing your bitcoin is keeping your wallet file on a hard drive belonging to a computer which has never connected to the internet. To achieve this, many large bitcoin holders have purchased an old computer, wiped the hard drive clean, and transferred their wallet onto this system. This gives you the most security because you know the operating system is clean. Without an internet connection, an outside attacker cannot make changes to your wallet file.
You can also put your wallet file on an external media device such as a USB stick. Many large holders of bitcoin put their wallet file on a USB and then lock that device in the safe at their bank. That’s about the highest level security for your bitcoin you could come across. This is known as cold storage and is the most effective way of storing bitcoin safely.
A further step in securing your bitcoin, and one that is highly recommended, is using 2-factor authentication to gain access to your wallet. Online exchanges offer 2-factor authentication which involves an outside source to verify the request before granting access, even if they know the password. Typically this is done by sending a text message to a smartphone or by inputting a code sent to the email associated with the wallet. Always enable 2-factor authentication on your bitcoin wallet and always associate a secure email address with an exchange account.
Generally, the safest way to store your bitcoin is to do so offline or with a paper wallet. One sure way of putting your bitcoin holdings in jeopardy is by keeping them on an exchange. In a world filled with tech-savvy criminals, even businesses which promise to practice security procedures and guarantee the safety of your money are susceptible to hacks. These exchanges are targets for some of the most skilled hackers in the world and leaving your money on the exchange means when that service goes down, your money sinks with it.
Already many times exchanges have been on the receiving end of a calculated hacking attempt or an unanticipated technical glitch, causing users who kept their holding on that exchange’s server to lose everything. Don’t let this happen to you. Move your money off the exchange if you do not plan on actively trading it. Furthermore, be wary of phishing attempts (hacking attempts which attempt to imitate trusted services and ask you to submit sensitive information) on your wallet information and passwords. Always check the URL an email or webpage is being broadcast from and use common sense when dealing with customer inquiries. You will never be asked for your password from any legitimate business because it would be more sensible to simply reset the password.
Remember, the magnificence of bitcoin is that it is a financial obligation between you and your money, no third party need be involved. Never, under any circumstances, should you reveal your private key.
There are as many different private key combinations as there are physical atoms in the known universe.