Du kannst auch die deutsche Version dieses Artikels lesen.
Consigue la versión en español de este artículo.
In our previous article about Bitcoin backups, "How Bitcoin backups work and 5 common mistakes you must avoid", you already mastered the basics. Your hardware wallet is properly backed up, and you can restore it quickly if it is lost or destroyed.
The BitBox02 keeps your funds secure.
The BitBox02 is designed to protect your coins even if it gets into the hands of a thief. It simply resets itself after ten unsuccessful password entries and features a dedicated secure chip to protect against physical key extraction. Therefore, It is safe to use the BitBox02 on a regular basis without additional security measures.
But what about the backup?
While the BitBox02 protects your coins, your backup is transparent and must not get into the wrong hands. It is not encrypted and that's true for both the backup on the microSD card and your (optional) manual backup writing down the 24 recovery words. That means that if this backup gets into the wrong hands, a thief can steal all your funds.
Why not simply encrypt the backup?
Our first-generation hardware wallet, the BitBox01 (a.k.a Digital Bitbox), featured an encrypted backup. And from afar, that might seem like the best way to go. But what we've learned over the years is that while no case of stolen coins was ever reported, many users lost their password, and some were not able to recover their funds.
The harsh truth: having a device password, a backup password, and maybe even an optional passphrase (we'll look at this in a second) is just too hard. It's a bit like security techies touting that offline air-gapped single-use Linux laptops are superior to hardware wallets. That might be the case for very specific use-cases, but only a tiny percentage of Bitcoin users can use a setup like this securely.
How can I keep my wallet backup safe?
So what is the best way to make sure your backup is secure? That depends on the amount you are securing and the amount of work or additional costs you want to invest.
Method #1: store it in a safe place
The primary precaution is to keep your wallet backup in a safe place, where not everyone can gain access to it. The microSD card of the BitBox02 is inconspicuous, and if you just throw it into a drawer, the challenge then is more to find it again.
Use the numbered stickers included with your BitBox02 to mark your microSD card backup or backup card, put it in a sealed envelope, and label it with something that does not scream “Bitcoin”. Depending on the amount you secure, a locked drawer, a home safe, or even a safe deposit box are good choices to store your wallet backup.
Method #2: use the optional BIP39 passphrase
The backup secures your master seed that represents a single wallet. On top of that, you can create an unlimited amount of additional wallets by using the optional BIP39 passphrase. It is often called “the 25th word”, but that’s misleading: you shouldn’t use a single word but a strong password consisting of letters and numbers.
Because each passphrase gives an independent wallet, you can use it for additional protection:
- Create your wallet backup as usual (it does not contain the passphrase).
- Choose a strong passphrase and write it down as well.
- In the BitBoxApp (with the BitBox02 connected and unlocked), choose “Enable optional passphrase” in “Device settings”.
- When unlocking the Bitbox 02 the next time, enter the device password as usual and enter the optional passphrase.
- Store the regular backup and the optional passphrase in separate safe locations.
If a thief gains access to either your backup or your passphrase, there’s nothing they can do. Restoring your wallet is only possible if someone has both of your backup elements.
There are a few drawbacks, however:
- The passphrase is never stored permanently in your hardware wallet. That’s good for security but also a bit inconvenient because you need to enter it every time you unlock your wallet.
- You need to back up both elements correctly and store them in a safe location. If you lose access to either one, you can’t restore your wallet.
- The regular wallet backup contains a checksum, so the wallet can detect if you make a mistake on recovery. The passphrase has no checksum: a single typo, or a slurry handwriting, mistaking 1 for an l or an I results in a different (empty!) wallet on restore.
Overall, the BIP39 optional passphrase is a very well-established measure for additional security and works with all major wallets. But it’s an advanced user feature, so make sure to read our guide How to use the optional passphrase with your BitBox02 first.
Method #3: split your recovery words (the proper way!)
General advice: don’t split your recovery words! Unless you know exactly what you’re doing and how the resulting shares can be classified in terms of fault-tolerance and randomness.
Let’s look at this in more detail:
- Fault-tolerance: how many parts of your backup are needed to restore it? Can you afford to lose one or more shares?
- Randomness: how much of the overall secret does a single backup part give away? Does it make it too easy to guess the missing information?
Don’t split your 24 recovery words into two parts of 12 words each. Each part still leaves enough randomness so that it’s not feasible to guess the other 12 words, which is good. But if you lose one part of the backup, there’s no way to restore your backup.
A better way to split your recovery words is to create three parts, of which you need two to restore your wallet:
Part 1 XXX w02 w03 w04 w05 XXX XXX w08 XXX XXX XXX XXX w13 w14 w15 w16 w17 w18 w19 w20 w21 w22 w23 XXX Part 2 w01 XXX XXX w04 XXX w06 w07 w08 w09 w10 w11 w12 w13 w14 XXX w16 w17 w18 XXX XXX XXX XXX w23 w24 Part 3 w01 w02 w03 XXX w05 w06 w07 XXX w09 w10 w11 w12 XXX XXX w15 XXX XXX XXX w19 w20 w21 w22 XXX w24
Although each card contains 16 words, the missing eight words still leave over one sextillion possibilities to guess. From a technical perspective, that’s ~80 bits of randomness, which would take thousands of years to brute-force even with the most powerful supercomputer currently available. So enough randomness is preserved.
The significant advantage of using a 2-of-3 recovery word split is that you gain fault tolerance. You can store the three parts in separate locations and just need two of them to recover your wallet. If you lose one backup part (or only the access to it because it’s with your ex), you’re still okay.
Method #4: create a multisig wallet
A multi-signature wallet is the way to go to secure large amounts. You create a special wallet that requires multiple hardware wallets if you want to spend your coins. Unfortunately, only Bitcoin features this natively, so it does not help you secure other cryptocurrencies.
But even for Bitcoin, multisig is secure only in theory. Most multisig setups that use hardware wallets are less secure in the real world than a regular single-signature hardware wallet.
The issue with multisig is that it’s much more complicated, especially in combination with hardware wallets:
- Ledger hardware wallets are insecure for multisig because they cannot show you a secure receive address and have issues when sending bitcoins. You’ll be relying entirely on your software wallet to not lie to you, which makes every incoming or outgoing transaction susceptible to being stolen.
- Trezor hardware wallets cannot automatically verify receive or change addresses. When sending, you always need to manually compare each hardware wallet’s extended public keys (and each is over 100 characters long). In reality, nobody does that, again leaving you at the mercy of your software wallet.
Read more about common misconceptions about the security of multi-signature wallets in our article How nearly all personal hardware wallet multisig setups are insecure.
The BitBox02 stores all important information directly on the device. The BitBox02 is aware of all relevant multisig setup parameters, including all public keys of the co-signers, which is a prerequisite to ensure your transactions’ security. Although we like the idea of using a multisig wallet protected by different hardware wallet models, we can’t recommend this in good faith in their current state.
Although a multisig wallet is more secure if done correctly, the backups of the individual hardware wallet backups are more complex:
In addition to the regular wallet backups, each backup must also include the following information:
- How many signers with how many signatures required, e.g. “2 of 3”
- Bitcoin script type used, e.g. “p2wsh”
- Derivation path used, e.g. m/48'/0'/0'/2'/1
- Extended public keys for all hardware wallets used
You need to have all this information properly secured and verified against your hardware wallets. Only then will you be able to restore your multisig wallet.
You need to verify the extended public keys against the hardware wallets; otherwise, you’re trusting your software wallet again to not lie to you. At the moment, only the BitBox02 can display the Electrum-style extended public keys directly on its display.
Make sure to read our detailed guide How to create a multisig wallet with Electrum and BitBox02 before storing real money in a setup like this.
So here you have it: four great ways to increase the security of your hardware wallet backup, applicable to Bitcoin, Ethereum, and many other cryptocurrencies.
Bonus pro tips
Some additional recommendations for you to consider:
- Don’t obscure your backup.
It might be tempting to “slightly alter one of the recovery words” or “swap a few words” here and there. We’ve seen it all. The randomness left is probably easy enough to brute-force with a simple computer. But no regular user will be able to restore the wallet if you’re no longer able to.
- Add resilience by creating multiple backups
It’s a good idea to create multiple backups. With the BitBox02, you can store the wallet backup on as many microSD cards as you want (you can get additional ones in our shop) or write down the 24 recovery words in addition to that.
Check out our ageing-resistant Backup card protected by lamination, or print out the free community edition.
- Make sure your loved ones know about your backup
It’s essential to think about how someone else will be able to restore your wallet in case something happens to you. We know, not the most uplifting thought, but an important one nonetheless.
Check out our article Prepare your bitcoins. For your heirs.
BitBox backup solutions
With the BitBox02 hardware wallet you have everything you need to properly secure your funds. But how can you improve the security of your backup? We have thought of a few additional options depending on your specific needs.
You can find more details on our Backup solutions page.
Check out our online store, we ship worldwide!
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.