All wallets have differing levels of security. With so many ways to access a wallet, it can be difficult to figure out what makes some of them more secure. There are things you absolutely shouldn’t do, regardless of the type of wallet used – like enter your private information directly online. Some wallet creation methods leave the user vulnerable to phishing. Other access methods, like hardware wallets, are more difficult to mess up. Which brings us to...
The Private Tree
(You can read the full Private Tree article here.)
While it’s ultimately up to the user to keep themselves safe, wallets can build security measures into their design to help users along. As we see in the diagram, direct access with software methods is the least secure option. Encrypting the user’s private key adds an additional level of security. Another measure is using a mnemonic phrase or private key for recovery purposes only, rather than the main method of access, avoiding unnecessary exposure.
Hardware wallets are seen as the pinnacle of wallet security, offering cold storage in a physical device that keeps your keys encrypted in the device itself, off the internet, and in your own hands. Most hardware wallets still need to be used with another form of wallet service, such as a web-based interface or desktop app (covered in the first part of this series!) to offer full functionality.
These wallets are Hierarchical Deterministic (HD) wallets, meaning they offer multiple public addresses to choose from when deciding where to store your funds. Each wallet has a root private key and public address pairing, but these split off into thousands of other pairings that are unique to the wallet. The benefit of this lies in creating options, giving some wiggle room for temporary investments or organizing assets. However, this can also get confusing if actions aren’t taken to map it all out from the start.
Each of the hardware wallet addresses comes from a 'derivation path', which is a fancy way of saying the addresses branch off in different ways. If you use one path for your address, you’ll need to continue using that path for all future access. For example, the derivation path for Ethereum is m’/44’/60’/0’/0, but the path for Ethereum Classic is m’/44’/61’/0’/0. Both of these paths result in a different list of public Ethereum addresses, so it’s important to keep track of which path you’re using. Most wallets will tell you when you connect, but if they don’t, they’re likely defaulting to the Ethereum path above.
Hardware wallets are considered cold storage, because they keep your sensitive information separate from online servers. In this way, it’s impossible for your wallet access keys to get phished or stolen. Each hardware wallet uses a different approach to this, but cold storage is the standard for this category of wallets.
Ledger hardware wallets are a little different than the rest, as they have their own desktop wallet called Ledger Live, and they use a different default derivation path than most other Ethereum wallets (m’/44’/60’/0’, taking a ‘0’ off the end). The Ledger comes in multiple models, the newest being the Ledger Nano X, which can connect through USB or Bluetooth.
Trezor is another popular hardware wallet and the biggest contender with Ledger. They also sport multiple models to choose from, with the most popular arguably being the Trezor One. Trezor and all the other hardware wallets follow the standard derivation path for Ethereum. Among the other hardware wallets are Secalot, KeepKey, Digital BitBox, and more. It’s worth doing your own research to discover which one is right for you.
Hardware-like Mobile Wallets
There are many mobile wallets out there, and we will cover them in depth in another part of this series, but only a few phone applications can work as a hardware wallet substitute. One such example is MEWconnect, a MEW companion app meant to allow secure wallet access comparable to that of hardware wallets. Although this is not a separate piece of physical hardware, it still offers an encrypted access method that keeps your keys away from online servers and stored in a secure, local location on the phone itself.
In MEWconnect’s specific example, the wallet is secured with a mnemonic phrase for recovery purposes should the phone become lost, stolen, or broken. Just like other hardware wallets, MEWconnect also functions as a HD wallet with multiple addresses. However, it defaults to the first address of the list and keeps the rest hidden. If you restore this wallet in a different provider, you’ll likely see multiple addresses along with your familiar one at the top.
Other examples of smartphone wallets with hardware-like functionality include the Finney, supported by the MEW web interface, and Samsung’s Galaxy S10 blockchain phone. Most of these hardware-like wallets are not full-fledged wallet interfaces, as they cannot send transactions or interact with smart contracts on their own. They’re used mainly as a secure access method, much like a hardware wallet, to allow users safer interactions with web-based or desktop wallets.
In Part 3, we’ll take a look at mobile wallets and the differences between custodial and noncustodial wallets. We’ll also explore the benefits and detriments of centralization, and how it can have an effect on user experience.