You own a hardware cryptocurrency wallet, e.g. a Trezor Model T or a Ledger Nano X and after setting up the wallet device, it is time to keep it in a secure and safe location.
There are several ways to take good care of your new hardware wallet, especially on implementing better security and adopting best practices when storing and using your hardware cryptocurrency wallet.
What are the best practices to keep cryptocurrency hardware wallets safely?
Below are the ELEVEN (11) ways to take note of and be cautious when using and handling your hardware crypto wallet.
- 1. Use the provided USB cable
- 2. Always use a trusted computer.
- 3. Use a secure Internet Connection
- 4. Use a strong PIN for your wallet
- 5. Do Not Share your Recovery Seed/Phrase with anyone
- 6. Do Not Store your Recovery Seed/Phrase digitally
- 7. Physically Secure Your Recovery Seed/Phrase
- 8. Environmental Protection
- 9. Cunbreakableg a Wallet Passphrase
- 10. Consider Using Shamir Secret Sharing
- 11. Do Not Talk About It
1. Use the provided USB cable
Always use the USB cable provided with your hardware wallet purchase for security reasons.
The Trezor Model T device comes with a USB-A to USB-C cable for users to connect the Trezor wallet to their computer.
2. Always use a trusted computer.
Your hardware cryptocurrency wallet needs to be connected to a computer to provide you with the interface to perform all its functionalities. So the computer, in this case, is crucial in security.
Always use a trusted computer, such as your one, where no one else can access it. This prevents anyone from installing malicious software, e.g. keylogger software, to record and monitor your keystrokes and take snapshots of your screen.
Do not use a public or shared computer where you do not have full admin controls and full ownership.
3. Use a secure Internet Connection
Your computer must be trusted, but your internet connection must also be secured.
An insecure internet connection can be easily prone to an, e.g. man-in-the-middle (MITM) attack, where the attacker will be stationed between your computer and your internet destination website/service. As a result, the attacker can see exactly what you are doing and insert malicious web content into either party.
Do not use a public Wi-Fi connection, such as in a cafe or even a hotel public Wi-Fi.
Use a wired internet connection to your computer whenever possible. For laptops, you can use adapters with an ethernet port.
If this is not possible for your device, ensure that you use a reliable personal residential internet with a strong router & SSID password for extra security.
4. Use a strong PIN for your wallet
All hardware crypto wallets support PIN protection, i.e. digits from 0 to 9. This feature is often optional but strongly recommended for further security protection. If someone has physical access to your wallet device, the hardware wallet device is still protected by a PIN code.
Always use a PIN on your hardware wallet.
Trezor Model T allows up to 50 digits (i.e. numbers from 0-9), while the Ledger Nano X allows up to 4-8 digits.
5. Do Not Share your Recovery Seed/Phrase with anyone
Your recovery seed is the backup to your wallet. Anyone with access to your seed can restore your wallet anywhere, e.g. on another computer.
In most circumstances, you do not share it with anyone else, and you are the only one who knows the seed words.
Unless necessary and intended, you only share it with important persons, such as your spouse or family members. Think of it as a form of a will or asset distribution.
6. Do Not Store your Recovery Seed/Phrase digitally
Digital files can be easily copied, edited or even stolen entirely. Therefore, always write your recovery seed works on paper and store them in this state.
As a rule of thumb, the following should apply;
- Do not take photos
- No taking screenshots,
- Don’t email yourself,
- Do not store it in the cloud (e.g. Google Drive, Dropbox, etc.),
- Do not print it,
- Do not send it via text message,
- Do not store the digital file on a USB flash drive.
7. Physically Secure Your Recovery Seed/Phrase
This is about the physical security of your recovery seed. As with anything valuable, avoid moving it around frequently.
Whenever possible, keep it under lock and key, using, e.g.;
- CryptoSteel capsule – to protect your wallet seed phrase from fire and water damage;
- Billfoodl – steel wallet
- Fireproof safe;
- Steel cabinet with a proper lock
8. Environmental Protection
Do not expose it to extreme temperatures, fire, water, sand, vapours or chemicals. Trezor device is not waterproof and not un-breakable.
9. Cunbreakableg a Wallet Passphrase
A passphrase is an optional feature for most hardware wallets. However, once set, it allows users to create hidden wallets and serves as a 2FA protection of the recovery seed.
10. Consider Using Shamir Secret Sharing
Trezor wallet, for instance, allows users to split their seed words into multiple “shares”. Say, for example, five different shares to give to your trusted individuals, e.g. your spouse, family members, lawyer, etc.
Any three shares are enough to reconstruct back your recovery seed. You do not need all five shares, and you do not have to risk your recovery seed from being discovered in one single location. In this example, the attacker must find at least three shares from different places to steal your crypto funds.
This technique is called Shamir Secret Sharing and offers an enhanced level of physical security over your recovery seed. Consider using it when your hardware wallet allows for it.
11. Do Not Talk About It
This may seem common sense, but more than often, individuals mention how many cryptocurrency assets they have to others. This may raise many eyebrows and threats to you.
DO NOT say the following to anyone;
- Talk about how much cryptocurrency you own
- Talk about the exchanges you frequent and use
- Talk about the specific type of hardware wallet you use, e.g. Trezor Model T or Ledger Nano X.
- Talk about where you kept your hardware wallet at home or in the office.