Crypto wallets have differing levels of security. With so many ways to access a wallet, it can be difficult to figure out what makes some of them more secure. There are things you absolutely shouldn’t do, regardless of the type of wallet used – like enter your private information directly online. Some wallet creation methods leave the user vulnerable to phishing. Other access methods, like hardware wallets, are more difficult to mess up.
Secure by design
While it’s ultimately up to the user to keep their wallet keys safe, wallets can build security measures into their design to help users along. Direct access with software methods like private key or mnemonic phrase is the least secure option – it leaves the 'naked' keys more vulnerable to being compromised. Encryption of the private key with a keystore file is slightly more secure, but in truth, mnemonic phrases and private keys should only be used for recovery purposes, rather than as the main method of access.
Hardware wallets are seen as the highest standard of wallet security because they offer cold storage that keeps your keys encrypted in the device itself, off the internet, and in your own hands. Most hardware wallets still need to be used with another form of wallet service, such as a web-based interface like MEW or a desktop app to offer full functionality.
Hardware devices are Hierarchical Deterministic (HD) wallets, meaning they offer multiple public addresses to choose from when deciding where to store your assets. Each wallet has a root private key and public address pairing, but these split off into thousands of other pairings that are unique to the wallet. The benefit of this lies in creating options, giving some wiggle room for temporary investments or organizing assets. However, this can also get confusing if actions aren’t taken to map it all out from the start.
Each of the hardware wallet addresses comes from a 'derivation path', which is a fancy way of saying the addresses branch off in different ways. If you use one path for your address, you’ll need to continue using that path for all future access. For example, the default derivation path for Ethereum is m’/44’/60’/0’/0, but the path for Ethereum Classic is m’/44’/61’/0’/0. These paths result in different lists of public Ethereum addresses, so it’s important to keep track of which path you’re using. Most wallets will tell you when you connect, but if they don’t, they’re likely defaulting to the Ethereum path above.
Hardware wallets are considered cold storage, because they keep your sensitive information separate from online servers. This way, as long as you keep your seed phrase written down in a secure location and never share it with anyone, it’s nearly impossible for your wallet access keys to get phished or stolen.
Ledger and Trezor are two of the most popular hardware wallets on the market. Both come in multiple models that start around $60. While this is more expensive than a free-to-use web wallet or mobile app, if you need to hold a significant amount of crypto currency, a hardware wallet is a worthwhile investment into your assets' security. Ledger and Trezor have their own native software interfaces, but can also be used with MEW web for more features like swaps, DApps, and NFT support. Among the other hardware wallets are CoolWallet, KeepKey, BitBox, and more. It’s worth doing your own research to discover which one is right for you.
A Secure Mobile Alternative
Hardware wallets are the best solution for cold storage of large amounts of crypto, but they are not the most convenient for daily use. While it may feel counterintuitive, some mobile wallet apps can provide high security for your wallet keys and let you transact directly from your smartphone. The MEW wallet app is a non-custodial mobile wallet that generates keys securely right on your device and protects them with multiple layers of encryption.
Although this is not a separate piece of physical hardware, the app still offers an encrypted access method that keeps your keys away from online servers and stored in a secure, local location on the phone itself. The wallet is secured with a mnemonic phrase for recovery purposes should the phone become lost, stolen, or broken. Just like hardware wallets, MEW wallet app functions as a HD wallet with multiple addresses, allowing you to create multiple accounts. Read our guide to custodial and non-custodial mobile wallets to see if a mobile wallet could be the right solution for you.