Wallets & Security

This article is a translation of the German IOTA Beginner’s Guide by Schmucklos.

General security tips

The new Distributed Ledger technologies allow financial freedom like no other technology before. Users are now their own bank.  But being their own bank also means a high degree of personal responsibility. Various security measures must be taken to make it difficult for hackers to access their assets.

These security measures already start with the basics as your email address. Please create your own email address, which you use exclusively for the purchase of cryptocurrencies. Also the e-mail provider should be chosen carefully. The privacy of most providers is zero. Everything is read, analyzed and sold. I can recommend the e-mail provider ProtonMail from Switzerland. They also offer their service with limited memory etc. for free. For our purposes this is sufficient.

You should also pay special attention to the various passwords. Please use different passwords with all service providers and under no circumstances use the same password for both your e-mail inbox and your account with the crypto exchange. For password management I can recommend the free open-source password manager KeePass.

Wallets

Before buying MIOTAs on an exchange you should deal with the safekeeping of your newly bought MIOTAs. The access of third parties to your assets should be avoided at all costs. Under no circumstances should you leave your balance on a crypto exchange because in this case you do not have the seed (private key) and entrust a third party with your balance. In case of a hack of the exchange itself everything is gone.

Your IOTAs are not stored in a wallet and certainly not on your computer. All credits are stored in databases (Tangle). These databases are stored in countless copies distributed over the network on the IOTA nodes. Your IOTA wallet only manages addresses. You can delete them at any time and reinstall them later. A wallet is just a “browser” that retrieves data from a database (Tangle) to show your credit balance. Your transactions are “signed” with your private key. This data is distributed in the network and checked. If everything is in order the sent amount of IOTAs is received by the recipient’s address and stored in the database (Tangle).

Before using a wallet please take a detailed look at how it works. If you make any serious mistakes your MOTAs will be lost. Even after the first purchase I recommend to send a small amount of IOTAs (1 IOTA is enough) back and forth between different accounts to get familiar with the use of the wallet.

Different types of IOTA Wallets

Desktop Wallet: This wallet is located on your computer. This assumes that you protect your PC properly because it offers a relatively large number of attack points for hackers, for example via compromised emails or links. Currently I recommend to use the official Firefly Wallet (Successor of Trinity) and to get it only from the official website. This wallet has already passed external security audits and is under constant development. In the future the wallet will get further features like a messenger function.

Smartphone Wallet: Again, the official Firefly Wallet is the first choice. It can be installed directly from the respective stores. From a security perspective, this wallet should only be used to manage small amounts of money. Your cell phone is relatively easy for a hacker to crack.

Browser extension: Extensions are currently being worked on (e.g. Metamask).

Paper-wallets consist of a printed sheet of paper containing a cryptocurrency address and a private key that is accessed with a QR code. The advantage of a paper wallet is that it serves as cold storage meaning that it is not connected to the Internet and therefore there is no danger of being hacked.

With a paper wallet your funds are safe until you use a computer. If the computer you use to access your funds is compromised and you enter the private key from the paper wallet your accounts could be hacked and your funds stolen. If you lose your wallet and have not made a backup copy there is no way to restore your access to your currency. Also, it can be quite tedious to have to get the Paper-Wallet out of hiding for each transaction to enter the private key manually on the computer.

I wouldn’t use a paper wallet and I can’t recommend it to a newbie as this requires that your computer is not compromised (key logger etc.).

Hardware Wallet: A hardware wallet is a physical wallet that stores the user’s private keys offline and securely (cold storage). Hardware wallets contain a special security chip that stores the seed (private key). This stored key never leaves the wallet. Not even the owner knows the stored keys. To access the wallet with the keys a PIN code must be entered, which means that even trading on a compromised computer is more secure. Although each transaction is entered via a terminal device and specific software via a browser the action itself is encapsulated by the system and signed by the hardware wallet. If the hardware breaks down or is lost, you can still access your currency by entering the previously written recovery code (24 words, in a specific order) on a new device. Hardware wallets such as Ledger Nano S or X are mandatory when managing larger amounts of money.

Please pay attention to the following points when buying a hardware wallet:

  • Only buy directly from the provider, like Ledger. Never buy from Amazon or Ebay (too many unknown persons may have access to the wallet)
  • If there are traces of use on the package or the hardware wallet itself please do not use it and return it.
  • Is the paper for the seed (24 words) already filled out? If so, please do not use it and return it.
  • If the device is already pre-configured and asks for a pin code when first switched on please do not use it and send it back.

How to store the seed correctly?

How can the seed or the recovery code (24 words) of the hardware wallet be protected against theft, environmental influences and loss?

In the following I will write down a few points that everyone should keep in mind:

  • Paper is not a good idea. It can be damaged over time by external influences such as water or fire.
  • Please use weatherproof solutions like https://easy-passphrase-saver.de/ or similar solutions.
  • Store the seed in a safe place, e.g. a bank safe or a proper safe.
  • Do not make the seed available to any other person even if they ask for it directly in order to help them with problems.
  • Do not store your seed in a cloud or online.
  • No photographing of your seed.
  • Do not print your seed. Printers can be read out if necessary.
  • Do not enter your seed into a cell phone.

Original source

https://iota-einsteiger-guide.de/wallets-sicherheit.html

Last Updated on 14. April 2021