15 sats \ 6 replies \ @frostdragon 31 Mar 2023 \ parent \ on: Stop pushing HWW and complex multisig setup to normies bitcoin
So here's how I see it (not saying this to be argumentative, just hoping to be helpful, and to each their own):
If you really want to be secure with single sig, you need:
- HWW
- Passphrase for the HWW (which is essentially just an extra seed word)
- Seedphrase backup(s)
- Passphrase backup(s)
- PIN
It's game over if:
- Passphrase is lost
- HWW wallet is lost and EITHER seed phrase OR passphrase is lost (you need both for recovery)
- PIN is forgotten and EITHER seed phrase OR password is lost (again, you need both for recovery)
Often, with single sig, it's suggested that you keep passphrase and seed phrase separate, and unfortunately a lot of people think of the passphrase like an account password - but it's not. If you lose it, you're done, you can't reset it. That's such a huge newcomer pitfall.
So if you lose ANY of the items above, best case scenario is, you've been reduced to a single point of failure. And this isn't to mention the fact that if you store any of these digitally, it likely defeats the purpose of having a cold wallet in the first place.
If you set up collaborative custody multisig w/ unchained, here's what you need:
- HWW A
- Seedphrase A
- PIN A
- HWW B
- Seedphrase B
- PIN B
- Account login / ID verification for third party like Unchained
- *XPUBS file
So, this sounds complicated, but this is what it takes to lose your bitcoin:
- Between HWW A, Seedphrase A, HWW B, and Seedphrase B, lose THREE of those
- Third party completely fails and you lose your XPUBS AND either HWW A AND Seedphrase A, or HWW B AND Seedphrase B
Notice - you don't need to stress about the PIN, and you don't need to keep track of a passphrase. You keep track of 4 physical items, and you're only pwned if you lose 3 of them.
*asterisk for XPUBS file, because this doesn't actually contain sensitive info to compromise a wallet. You need it in the second recovery situation, but you can store it digitally in a password manager, cloud, on your computer, or all of the above. You can make it really difficult to lose and don't have to handle it with the same level of security as a private key.
So to me... Multisig takes more set up, but it's SO much simpler to maintain. You can set it and forget it, and if something goes wrong, it's not dire. You don't have to scramble to secure funds, you can have peace of mind, and take your time re-securing your funds.
EDIT: for $5 wrench attack, you can just give a HWW to the attacker, and they won't realize they can't actually access your funds with it. Or, if you're really worried about it, you can use ColdCard or another wallet that has duress funds.
all of that assumes your collab partner continues to exist. otherwise recovery is a giant pain in the ass when it is possible at all. I'd rather trust in my own ability to not lose important things.
reply
Even if it’s a pain (which is ultimately relative), it’s way better to have a real option to recover funds instead of losing them completely, like if you lose a passphrase.
Think of collaborative custody as security diversification. There are real benefits to using experts that specialize in bitcoin wallet security, especially when the only risk in the event that they become FULLY compromised is some added inconvenience.
Security is not convenient.
reply
security can very well be convenient, it's all up to you.
reply
To some extent yes - it's all about balancing what's practical/convenient vs what's actually secure.
For example, using the same password for everything is more convenient than using a different one each time. Using a password manager is a good compromise, but is still more inconvenient than just using the same password for everything, especially when there's no autofill. Using MFA always adds inconvenience, and the things that make it more convenient bring the potential for vulnerabilities. Using a hardware key (like a yubikey) is probably the best form of MFA, but requires the extra step of having a physical device.
Bitcoin is objective and irreversible, and to take security as seriously as is necessary, there is going to be some inconvenience. Engraving a seed phrase into metal is less convenient than writing it on paper, but it's disaster-proof.
And I mean, ideally, your single-sig recovery process doesn't require going to a second location. That's inconvenient. But it's safer than keeping everything at your house.
reply
Another problem of collaborative multisig !
Still another one, any centralized database will leak. 99% users of HWW send with real names addresses and numbers, once the data leaks they are now targets for all kind of attacks. Unchained, Ledger, indirect sellers like Amazon ...
reply
First off - if your view is that breaches are inevitable (which is not unreasonable), hot wallets are a significantly bigger target.
Second - if ledger or trezor were breached, an attacker could come to your home and steal it. You’re either done right then and there, or you have a backup that you’re fully reliant on. Multisig fixes this.
In the worst case scenario for unchained, they lose every private key - you STILL don’t have a single point of failure, you can easily recover funds, and the attacker can’t do anything with the unchained keys. Not only does that make them less of a target, it makes them a futile target.
reply