I'm a bit embarrassed to say but I've been a bitcoiner since 2017 and have been using a ledger nano for my hard wallet for the large majority of the time. I am aware ledger are a bit dodgy and I think its time to improve my security. I am not the most technical but I can learn.
To provide some context, I keep my HW wallet and seedphrase in the same location (stupid I know, but I have no where else safe to put it).
I have some questions.
Is moving to a bitbox02 (the btc only version) an upgrade and good choice?
How would I go about setting up multisig to improve my security? Is this a smart move?
Thank you guys, apologies if my questions are dumb!
The main concern you have right now is that your backup scheme has a single point of failure. If your backup were lost / stolen / destroyed, then your funds are gone.
The easiest way to improve your current security model is to implement a passphrase: https://support.ledger.com/hc/en-us/articles/115005214529-How-to-set-up-a-passphrase-?docs=true
A passphrase allows you to generate an entirely new wallet using your existing seed. You'll require both the passphrase and the seedphrase to recover the wallet. This makes it more difficult for an attacker to steal your funds, as they need both elements, but on the flipside it means you also have more things to back-up.
Much like a password, the longer a passphrase is the better. 6-8 words chosen from the BIP-39 wordlist is a good strategy: https://www.blockplate.com/pages/bip-39-wordlist
An example back-up scheme would be the following:
  • HWW loaded with seed @ location #1
  • Seed on physical paper / steel @ location #2
  • Passphrase on physical paper / steel + HWW PIN @ location #3
  • Passphrase + PIN memorized
This setup has no single points of failure. If one back-up is lost / stolen, the funds are still safe and recoverable.
It's good practice to have back-ups stored at different geographic locations you are able to access semi-regularly, although judging from your post this may not be possible. It's also good practice to store back-ups in anti-tamper packaging so you know if they have been accessed.
reply
How might you change this, if you were using the SeedSigner, or any signing device that does NOT store the seed on it (stateless)?
reply
I'm not familiar with that brand of devices so shouldn't comment.
I assume one would need an additional seed backup at minimum if nothing is stored on the HWW.
reply
Great question about using stateless signing devices for enhanced security
reply
reply
I appreciate this. Thank you.
reply
setting up multisig to improve my security?
If you start asking this, that means you are OVER-COMPLICATING things. Multisig is recommended more for corporations and scenarios where more individuals have access to a single wallet.
In terms of security, here is an example (hide seed into an image) - please try break it:
please read my guides and pay attention to the details Keep it simple, don't complicate things more than is necessary.
reply
I'm already confused lol. Step 1 is to buy a HW that isn't Ledger, such as bitbox02?
Step 2, is to hide seeds using steganography?
I cannot break that image.
Go easy on me, I'm genuinely low IQ. Sorry.
reply
yes, bitbox is ok. But as a HODL wallet, not day to day. And you should have many HODL wallets not just one... You didn't read the whole guide. Pay attention to all details there. Not just cherry pick what you like.
reply
My tip for you: avoid all hardware wallets. And go DIY SeedSigner. Read my early post from today, there is a section there about HW.
reply
Run a node not a hardware
reply
No specific advice here, just wanted to say that I think your questions are NOT dumb.
Lots more people than you may think are confused/uncertain about the details of securing bitcoin. Advice that comes in the form of hundreds of thousands of words that you should read is not necessarily helpful.
reply