Table of Contents

Security Should Be Foolproof

Imagine your best friend told you they had just sent a significant wire transfer to a complete stranger who will hold onto their money until they need it again.

Maybe they moved a truckload of valuable family heirlooms to a storage space in an unfamiliar part of town, but didn't put a lock on the unit.

Or perhaps, they just bought a really cool safe and engraved the lock combination on the front of it, so they wouldn't need to worry about the troublesome rigmarole of actually remembering the code.

Deadpool disapproves

As a good friend, it would be your duty to tell them why any one of the above is a bad, bad idea, each of which represents a fatal flaw in security principles:

  • Ceding control of your funds to other parties = RISKY
  • Failing to lock them away properly = RISKY
  • Keeping the keys to access in plain sight = RISKY

These security principles don't change just because assets exist digitally rather than physically.

In fact, principles of individual sovereignty over funds led to the very creation of blockchain technology and cryptocurrency.

Whether it's used for digital cash or cutting-edge video game assets, one of the most compelling aspects of blockchain's value proposition is that it gives us direct personal custody over our assets, with no need to rely on third parties like banks.

In blockchain, you can be your own bank, just by maintaining control over your public and private keys.

Yet, many people choose to directly ignore or bypass this benefit, leaving control of their crypto funds and blockchain assets to third-party services and exchanges.

Sadly, hacks and thefts happen, costing users millions in stolen funds (see: Mt. Gox, over 850,000 BTC stolen; Coincheck, over 500M NEM stolen; and Quadriga CX, $190M in cash and crypto stolen from Canada's largest exchange—to name a few).

“Not your keys, not your coins.”

― ancient blockchain proverb

By maintaining control of your private keys, you can eliminate the risk of getting your funds stolen like the unlucky victims of the aforementioned hacks.

And if you want to keep your keys safe, there are few better ways to do it than with a hardware wallet.

So.... what are hardware wallets, how do they work, and what are the pros/cons of using them? We've put together a helpful guide to explain all of this and more.

The Complete Guide to Hardware Wallets

Glossary

If any of the terms in this article are confusing, here are some plain English translations. Click each definition to expand for a more detailed explanation.

Blockchain Wallet Terminology

  1. Public Key: A long alphanumeric string that serves as your "address" on the blockchain where your crypto can be stored and sent from.Think of a Public Key like your bank account number.
  2. Private Key: A very long alphanumeric string linked to your Public Key that acts like a password for your blockchain address and is required for transactions. Signing into your address and sending transactions from it will require your private key to confirm your ownership of the address. This "signing" action is usually confirmed on hardware or mobile wallets through use of a proxy action linked to your account (e.g., inputting a password or pressing down a specific button on your hardware wallet device).
    Think of a Private Key like the card and PIN code required interact with your bank account at an ATM.
  3. BIP32/BIP39/BIP44: Different encryption standards (or derivation paths) that use a specific means of encrypting/converting your random alphanumeric public and private keys into a set of 12 or 24 "seed words." Also known as a "mnemonic phrase," the seeds are generated from a list of 2,048 or 4,096 common words—too many possible combinations to brute-force hack. Some derivation paths, like BIP39, can include the addition of an extra word to the seed phrase, acting as an additional password. This makes storing or remembering your private key safer, and importing your wallet into new devices or interfaces easier.
  4. Hierarchical Deterministic/HD: If a wallet is Hierarchical Deterministic, then it has the ability to generate many different blockchain addresses (aka public keys) from a single private key/list of seed words. Some HD wallets will change your receiving address on every transaction (especially common for Bitcoin), but previous addresses will still work, and all funds will be accessed via the private key from the same wallet interface/device.
  5. Hot Wallet/Hot Storage: A wallet or storage being "hot" means it is connected to the internet (including the private key required to sign transactions). This generally also means hot wallets are more convenient to interact with, since there are fewer intermediary steps, but they're not as safe as cold storage due to this exposure. When cryptocurrency exchanges get hacked, it's from hot wallets.
  6. Cold Wallet/Cold Storage: Cold wallets/storage never expose the private keys to the internet, making it impossible for hackers to gain control of them.Thus, only the wallet's owner is able to transact from anything in cold storage. Hardware wallets are the most common example of cold storage.

What is a hardware wallet?

Hardware Wallets
Hardware wallets come in many shapes and sizes, but their purpose is the same.

Hardware wallets are physical devices designed to keep your private keys isolated and offline on the device itself. Remember, private keys essentially act as your address' password, allowing you to transact from it on the blockchain.

It's important to keep in mind that—as is the case whenever you hear the word "wallet" in a cryptocurrency context—a hardware wallet is not a wallet in the traditional physical sense.

Cryptocurrency wallets don't store your funds on the device or wallet app. Rather, they store the public and private keys related to your blockchain address and provide an interface for you to interact with the funds held there.

Instead of having to manually input the private keys at the heart of blockchain cryptography on every transaction, wallets help to automate that process.

Hardware wallets come in all shapes and sizes, with a variety of inputs ranging from USBs to Bluetooth and cameras. While some look like an innocent flash drive, others seem to scream "look at me, I'm a hardware wallet!"

Inconspicuousness can be a virtue when it comes to protection

Some hardware wallets allow storage of a broad range of cryptocurrencies and tokens, while others are limited to Big Daddy BTC.

In most cases, they need to interact with a separate device (e.g., laptop, PC, mobile phone, tablet) before any cryptocurrency can be sent, effectively acting as a two-factor authentication (2FA) device.

One common characteristic that all hardware wallets do share is that they're designed to provide ultimate security for your funds by keeping private keys safely hidden away in cold storage.

Why do hardware wallets exist?

At their core, hardware wallets empower everyone, regardless of their technical knowledge, to benefit from blockchain technology's potential to give users control of their funds.

They do this by giving you control over your private keys and preventing them from being exposed to the internet during sign-ins or transactions.

This means that hackers can't spy them from inside your browser if you sign in to a service like MyEtherWallet to interact with your address, even if your computer is vulnerable or compromised.

A hardware wallet also:

  • Keeps private keys safe from any malware or keyloggers that may be on your computer, because they're kept on the hardware wallet device and not released or transferred to the computer or web browser. (consider this a friendly reminder to do a scan on your computer to make sure it's malware-free)
  • Helps you generate a more error-proof backup system, because seed words are much easier to double-check after copying than a 64-character random alphanumeric string
  • Runs the sign-in process in an obfuscated manner to make hacking things like passwords or pins more difficult (e.g., Ledger uses physical pin inputs, Trezor randomizes the position of numberpad inputs for PIN code on the computer screen, Enjin Wallet on Samsung Galaxy S10 scrambles the keyboard)
  • Allows you to safely interact with your crypto with minimal technical know-how, thereby decreasing the odds of losing access through user error

History: From Paper to Hardware

If we think of them as "offline private key storage," then hardware wallets have been around pretty much since the dawn of cryptocurrency.

However, this definition is a bit too liberal, as it ignores the primary benefit of hardware wallets: allowing you to transact whilst your private keys are kept safely offline.

Before hardware, paper wallets enabled us to keep private keys off the internet by writing them on a piece of paper.

How to Make a Paper Wallet

Paper wallets may be an older concept than hardware wallets, but they provide comparable security at a fraction of the cost. Here are the pros and cons of paper wallets and a guide on how to make your own.

blog.enjin.io

While paper wallets can be great for safely storing cryptocurrency, as soon as you want to spend it, you have to enter your private key somewhere online—thereby compromising the security of the wallet.

Paper wallets can be considered the first conceptual ancestor of hardware wallets, but when it comes to the dedicated devices themselves (at least in mass market form), it all started with the Trezor One in 2014.

Trezor is a project of SatoshiLabs, founded by Market Palatinus (aka Slush), a key developer in Bitcoin's early history, and Pavol Rusnák (aka Stick), a fellow early Bitcoin and cryptography enthusiast.

An evolution of a hobby project of Slush and Stick, the Trezor One was based around creating "a small, single purpose computer for keeping private keys in an isolated environment."

This was particularly impressive foresight because it predated the notorious Mt. Gox hack—the first real wakeup call on controlling your own private keys—by several years.

Complete Guide to Hardware Wallets
The original 3D-printed prototype of the Trezor One, a landmark in hardware wallet history 

Prominent hardware wallet manufacturer Ledger followed in December 2014 with the original Ledger Nano, followed by its low-cost, stripped-down alternative, the Ledger HW.1 in 2015.

Alongside Ledger and Trezor, who have since released updated versions of their flagship models (the Trezor Model T and Ledger Nano X), KeepKey has also stood the test of time, a player since 2015.

In 2019, Samsung made a big splash in the space, with cryptocurrency storage and transaction capabilities on their flagship Galaxy S10 smartphone, and private keys protected by Samsung Knox hardware and software.

This was the first time that a hardware wallet was really integrated into an existing device, rather than requiring interaction with another (online) device to be used.

Not only did this make hardware wallets more accessible, but it exposed blockchain and cryptocurrency to a mainstream audience.

Since the release of the Trezor One, hardware wallets have undergone iterative rather than revolutionary improvements:

  • Bigger screens with color and higher resolution, able to display QR codes
  • Support for more coins and tokens
  • Touchscreens
  • Bluetooth capabilities

The evolution of hardware wallets is mostly visible as a gradual series of small UX upgrades for users, but the core and purpose of their technological proposition remain the same: keeping your private keys isolated.

Tech: Not One-Size-Fits-All

The particular technology employed by hardware wallets varies from device to device, with some shared principles (e.g., keeping your private key isolated within the device itself).

Creation and storage of private keys is generally achieved through—as the name suggests—dedicated hardware. For example:

  • Trezor acts as a miniature computer with an ARM Cortex Processor.
  • Ledger features a "secure element," a microcontoller chip (like those used in SIM cards of chip/PIN bank cards) within the device dedicated to private key storage.
  • Samsung utilizes Samsung Knox, built on hardware-backed security featuring ARM TrustZone for data isolation.

Hardware wallets are mostly hierarchical deterministic (HD) wallets, providing you with a list of seed words, which—when combined together in the correct order—are decrypted using derivation paths like BIP32, BIP39, or BIP44 to generate your private key (and all the wallet addresses associated with it).

Generating seed words for you thusly means you'll be able to import and access your wallet across any wallet (whether hardware, browser, or mobile) that supports the relevant derivation paths.

Some element of physical input will be included as a means of securing the device from any remote attacks. This gives the transaction process 2FA security, proving your identity through 1.) something you have (the physical wallet) and 2.) something you know (e.g., a PIN).  

Physical input can take various forms, such as the press of a button, PIN input , or another action that can only take place when one is in physical control of the device.

Whilst hardware wallets are great devices for signing in to your blockchain address and confirming transactions from it, they tend not to handle the finer details of interacting with the blockchain so well (e.g., finding an address to send to, specifying an amount to send, selecting a specific crypto or token to send, etc).

For this reason, they generally have to interact with their own proprietary apps or websites like MEW to let you actually access and do stuff with your crypto.

Not all wallets will be compatible with all operating systems or platforms. Some may be mobile-only, some may not be iOS compatible, etc.

As ever in the realm of blockchain, it's important to Do Your Own Research and make sure the wallet you choose is fully compatible with your technological infrastructure (which is just a fancy way of saying "make sure it works with all the stuff you own").

As well as perhaps being limited by platform, hardware wallets can be limited in currency support as well. While several support many, no wallet supports all crypto, because there is no such thing as universal tech shared by all cryptocurrencies.

There is no One Wallet to Rule Them All.

Pictured: first known example of private key being kept on device with fingerprint lock

Choosing a Hardware Wallet

We've name-dropped both Ledger and Trezor here as the two most prominent and respected companies in the space, so it's no surprise they're featured atop our list of the five best hardware wallets available.

The 5 Best Hardware Wallets in 2020

Hardware wallets are a great way to safeguard your crypto and blockchain assets—but how do you choose the right one? Here's our list of the 5 best hardware wallets available, from industry titans like Ledger to emerging alternatives like CoolWallet S.

blog.enjin.io

While there are many companies that produce hardware wallets across a variety of shapes, sizes, and price points, it's crucial that you feel fully comfortable and secure with your purchase choice, rather than just going for the cheapest option.

Here are some important criteria to consider when choosing the right one for you. Click each category to expand for more detail.

Hardware Wallets: Criteria to Consider

  1. Currency Support: If you're thinking about investing in a hardware wallet to keep your crypto safe, make sure the one you choose can actually store your respective coins. Whilst BTC, ETH, and ERC-20 support is standard across most devices on the market today, that's not exclusively the case—so always check if your coins are supported.
  2. Security: This is the reason you're buying a hardware wallet, right? Here are some important security-related questions to ask: Are there any known instances of security breaches? Has the device been independently audited? Do you back it up with a Hierarchical Deterministic phrase? Do you sign in with a pincode? Do you physically confirm transactions on the device? Is it packaged with a special seal to prevent tampering?
  3. Operating System(s): Similar to currency support, you'll want to ensure the wallet you choose is compatible with your device(s). For example, if you have an iPhone, avoid hardware wallets that only work with Android.
  4. Reviews: Seek out independent reviews of the devices you're considering. If there aren't many reviews available, that could be a potential factor to consider when trying to choose between different options. What do reviews say about the company's customer support? Do they have a track record in this space?
  5. User Interface: Will accessing your funds be nice and easy, or a confounding experience? Does the device have a screen which clearly outlines what's happening, or can you only interact with it via apps on other devices? Is it easy to navigate and interact with the wallet itself?
  6. Size & Look: Part of keeping your crypto safe is being discrete about the fact that you hold crypto. If a wallet is bulky or looks conspicuous, it could arouse suspicion, stoke interest, and potentially attract the wrong kind of attention. Plus, bulky wallets can be trickier to carry around with you—and nobody wants that.
  7. Price: Hardware wallets aren't free, so depending on your budget, certain options may be preferable to others. You may also need to factor in shipping costs. Ultimately, the point of a hardware wallet is to protect your funds, so money spent is an investment in and of itself.

Pros & Cons of Hardware Wallets

While this article has been fairly positive about hardware wallets, it's worth reviewing both the pros and cons of this particular tech.

Pros

  • Safety: Keeping private keys offline in cold storage makes remote access to your account impossible.
  • Backup: Seed words provide a more human-friendly approach to backups than painstakingly copying down a random private key.
  • Compatibility: The seed word backup approach allows you to easily import your address and private key to a variety of different wallets if you lose or damage your hardware device.
  • Integrity: Since private keys never leave the physical hardware wallet device, it doesn't really matter which device you hook it up to (that said, we still recommend scanning your computer to ensure it's clean of malware—that's just good practice).
  • 2FA: All transaction signing is done on the device itself, with information only you know.

In essence, all the pros boil down to hardware wallets being built for security.

Cons

  • Physical Inconvenience: With the exception of the Galaxy S10, multi-device access is required to transact in any semi-convenient fashion.
  • UX: User experience on hardware wallets is often clunky, and requires downloading individual wallet software for every cryptocurrency you wish to store on your device.
  • Learning Curve: With only one opportunity to write the seed words down correctly—the very first time you initialize the device—there is a risk of being left forever unable to import your wallet.
  • Costs: As physical devices, hardware wallets aren' free.
  • Logistical Inconvenience: Due to the dangers of counterfeit or compromised devices from 3rd-party sites, you have to buy from official sites, which could lead to longer waits for delivery.
  • Conspicuousness: If you leave your hardware wallet lying around (or even worse, show it off), you could become a target.

Ultimately, the cons of hardware wallets predominantly revolve around various UX trade-offs caused by the security of the devices, which could make them slightly intimidating to blockchain newcomers.

Security, low cost, and convenient UX—when it comes to hardware wallets, you can generally choose two of the three.

Trying to have them all? Well, that just might be a bit greedy.

X Marks the Spot: 10 Places to Hide Your Hardware Wallet

Getting a hardware wallet is a great way to keep your crypto safe, but that's only half the job done. You need to keep your wallet safe from prying eyes, too.

blog.enjin.io

Better Very Safe Than Very Sorry

If you're serious about getting involved in blockchain and the value of your cryptocurrency/blockchain assets is an amount you wouldn't be comfortable losing, then investing in a hardware wallet is well worth the cost involved.

Of course, it's important to take a few initial precautions before purchasing your hardware wallet to ensure that you understand how it all works—and that it works for the particular crypto storage needs that you have.

Hardware wallets aren't a magic fix; even though they keep your private keys safe, you still need to undertake basic security measures to ensure they function as intended.

So long as you take such precautions, you will find priceless peace of mind from having your funds safely secured—and being your own bank.

Track Your Hardware Wallet with Your Phone

Hardware wallet-like security and encryption, superior UX, and the ability to import hardware wallet addresses or track them through the simple scan of a QR Code—all in one handy device.