What are hardware wallets and why are they important?
No, it’s not about walking down the street with a wallet full of cash
“Would you walk around town carrying a million dollars in your pocket?” is the imagery some invoke when pitching hardware wallets. That analogy is not entirely correct. The better analogy is asking whether you’d leave your house keys unattended on the table at a crowded pub. I’ll get to that in a moment, but first let’s delve into addresses, wallets, public keys and private keys. Let’s take a detour to… the gym.
Imagine a huge gym locker with many transparent compartments, so many that it’s almost infinite. The lockers are publicly accessible; anyone can walk right up to any compartment, see what’s inside and put something inside. Each compartment is numbered and although you can clearly see what’s inside, you can’t retrieve the contents because the compartments are locked.
An address is like the locker numbers; it identifies a compartment. For Ethereum, addresses start with “0x” and is a a string of letters and numbers. For example, the address I use for requesting ETH donations is “0x48006B1134f9935e5AD64a97C8e6f54b7898E19b”, it identifies the locker compartment holding the donations. The address is also known as the public key. It’s called a public key because it’s OK to expose this key to others just as it is ok to let others know the number of the compartments; otherwise nobody would know which compartment is which nor be able to make deposits.
The counterpart of the public key is the private key. As the name implies, it should be kept private and confidential. Why? Because the private key is the key to the lock on the locker compartment. If the private key is exposed, anyone could make a duplicate and open the compartment (remember that the locker itself is publicly accessible). When you hear people warning not to give anyone your keys, they are talking about the private key. An interesting thing about the private key is that it is linked to one and only one public key; they come in a pair. If you have the private key, you will know the public key, analogous to the locker key having the locker number engraved into it. In fact, the public key is derived from the private key by the way of math (The concept of public/private keys is the in domain of Asymmetric Cryptography).
The terms “address” and “wallet” are often used interchangeably. Most of the time they refer to the same thing, but to me there is a slight difference. An address is the label on the locker compartment, but a wallet is the interface to interact with it. Just as you may peek at the transparent compartment by walking right up to it or using a telescope, or unlock the compartment using a metal key, or a keycard, or a combination code; there are also many ways to view and access the contents of an address. Each method is a wallet, in other words, a wallet is a method of access to an address. So when you hear phrases like “send it to my wallet” or “use this and that wallet to buy something”, they actually mean “send it to my address” or “use this or that method to access the contents of your address”.
What is a hardware wallet?
Whichever wallet you use, it will give you a few ways to access the contents of the underlying address (otherwise why would you use it?):
- The wallet may keep the keys for you and ask you to login to access the contents. One example is mobile wallets that you unlock with a PIN.
- The wallet could let you export the unencrypted private key, giving you freedom to use another wallet, but essentially also giving you the responsibility of keeping the key safe.
- The wallet could let you download what is called a “Keystore” file. This is essentially your private key but encrypted with a password that you set during the download or set up.
All of the above are “software” wallets. They keep your key in a file on your computer. If your computer is connected to the Internet, it is susceptible to hacks and malware. That’s why using software wallets are like leaving your locker key at a table at a crowded Hard Rock Cafe. Someone who walks past could take it with or without you knowing, and since the compartment number is on the key, that someone could immediately head to the locker, open the compartment and take all the contents.
A hardware wallet on the other hand, stores the keys in an encrypted format in a dedicated physical device which you connect to the computer when you want to use the keys.
What are the benefits of using a hardware wallet?
- The actual private keys are always encrypted and in fact never leave the device, even when you are using them to access the address.
- Just like logins that require Multi-factor Authentication, the address can only be accessed by someone holding the physical device.
- Some hardware wallets support multiple coins from different blockchain technologies, so with just one device you can keep many coins safe and don’t have to manage multiple files. This convenience is in fact a really understated feature of hardware wallets.
- Since the keys are all stored in the device, they’re easy to port between devices, as compared to multiple files on the computer.
What are the trade offs?
- Just like logins that require Multi-factor Authentication, the address can only be access by someone holding the physical device. This is both a pro and a con.
- The device could be damaged or be misplaced.
- It costs money to purchase.
At the end of the day, I think the biggest benefit of using a hardware wallet is the peace of mind it offers. Sure, it may not be 100% secure (but no wallet is), but it beats waking up one day and finding that that the contents are gone because the computer with the software wallets got hacked! I personally stake Ontology, which involves keeping the coins in my wallet for a long time ranging from months to maybe even years. I would prefer not having to constantly worry that the coins get stolen.
My personal rule of thumb: if the cost of the hardware wallet is less than 10% of my total holdings, I think it is worthwhile getting one. I treat it as spending 10% to secure the remaining 90%. At pixel time, the cheapest hardware wallet from Ledger is about 75 USD, which means I would get one if my total holdings exceeds 750 USD.
What if the device spoils or gets lost?
Popular hardware wallets usually provide a recovery method to restore onto another device.
Should I get more than one?
It’s up to you! Some people get multiple as backup devices. Some actually divide up the assets into several wallets. For me, the benefits of having one vs having none is way bigger than that of having multiple vs having one.
What are the brands?
The more popular ones are currently Ledger and Trezor. There are multiple brands out there but please do due diligence before buying any. I don’t particular recommend any brand, but I personally use the Ledger.
ABC brand is selling a hardware wallet for very cheap!
As with safes, I would get from a reputable brand. Shady brands may sell for cheap but the device could potentially be not as secure as they claim, or worse, that they reuse keys or even secretly keep the keys for themselves to use in future. (Remember, the addresses are publicly available)
XYZ website is selling a branded, popular hardware wallet for very cheap!
As with safes, I would get from a reputable distributor. My recommendation is to get direct from the brand, or get from an official distributor. The danger in getting from unofficial sources is that the device could be compromised. I wouldn’t want to buy a safe from a middleman who may or may not have made duplicates of the key. If i’m not sure, I would err on the side of caution.
What are unsafe methods of keeping keys?
There are no 100% safe methods, but there are many many unsafe methods.
- Storing keys in cloud storage apps (Dropbox, Google Drive, email) are really unsafe.
- Keeping the plain text (unencrypted) private keys in a file on your computer is also really unsafe (unless the computer has no access to the Internet).
- This also applies to encryption passwords and recovery phrases.
I’ve heard of “paper wallets”, are the the same as hardware wallets?
Well, technically paper is a physical object and so might be considered hardware. But that’s where the similarity stop. A paper wallet is essentially printing out the private key on something (eg, paper or coin) either as plain text or QR, akin to writing down password on a paper. To use it, either type the private key or scan the QR code. As you can probably imagine, this is not only cumbersome to use but also incredibly dangerous if the object is lost.