Better security
If you fear that your computer or smartphone might get hacked, you can use a 2-of-3 multi-signature wallet to increase your security.
Setup:
- Wallet 1: Mobile wallet on your phone (without backup)
- Wallet 2: Wallet on your computer (without backup)
- Wallet 3: Paperwallet in separate location
How to use it
Every time you want to make a transaction, you have to initiate the transaction with one device (for example by scanning a QR code on your phone), then review and confirm the transaction on your other device. No transaction can be made with only one device. This means that if your phone or computer get hacked, your Bitcoin are not lost. If your phone or computer breaks or is lost, you can recover your coins with the paperwallet and move them to a new wallet. If the paperwallet gets stolen, the thief does not get access to your coins.
Drawbacks
If both your computer and phone break at the same time, you lose your Bitcoin. You may prepare yourself for this by creating backups of your digital wallets, in which case you need to be careful with how to back them up. Only put two backup seeds together in the same place if you are certain they are safe!
Escrow
Imagine Alice wants to buy cryptokitties from Bob over the internet. However, she has never met Bob before and is unsure if she can trust him. She doesn’t want to send the money first, and Bob doesn’t want to send the cryptokitties first. To resolve the issue, and allow Alice and Bob to trade, they can create a multi-signature wallet with a third-party escrow, Emma.
Setup:
- Wallet 1: Alice on her phone or computer (with backup)
- Wallet 2: Bob on his phone or computer (with backup)
- Wallet 3: Emma on her phone or computer (with backup)
How to use it
Emma is a person or company. Alice and Bob don’t need to trust Emma with their money or their goods, but they do need to trust her with not colluding with one of the participants. All three create a 2-of-3 multi-signature wallet, and Alice sends her funds into the created address.
Bob can now see that Alice has made the payment. She can no longer take the money back after the goods have been shipped, as she only has one of the needed three signatures.
After Bob has shipped the goods and they have arrived with Alice, Alice and Bob can release the funds from the multisignature account and forward the money to Bob. If everything goes well, Emma is not needed at all, making it very easy and cheap for her to provide that service (unlike in traditional, bank-based escrow solutions).
Only if something goes wrong, Emma needs to step in and make a judgement. She can choose to side with one of the parties, or split the funds in agreement with one of the participants. She can’t, however, take the money herself.
Drawbacks
Escrow services are very useful in situations where the participants cannot trust each other at all, like when all participants are anonymous. However, in those situations, it’s not easy to make sure that Alice and Emma aren’t colluding with each other, or even the same person. Alice or Bob could also still try to bribe Emma.
Company funds
A company running on Bitcoin may have a hard time securing their funds in a traditional single-signature wallet. Who should have the keys to the wallet? Who should prepare the payments? If keys are replicated too often between various authorized signers, there is a risk of having the keys hacked or stolen. If too few people have access to the funds, they might become inaccessible after an accident.
Setup:
- Wallet 1: The CEO (without backup)
- Wallet 2: The accountant (without backup)
- Wallet 3: Paperwallet in a safe held by the board
How to use it
In this setup, neither the CEO nor the accountant can run away with the company money. But the accountant can still prepare the payments, sign them, and pass them on to the CEO, who confirms them by adding her signature. If one of them disappears or lose their device, they can regain access to the company funds by explaining themselves to the board.
Drawbacks
The CEO and the accountant may still collude with each other and run away with the company funds. But even if they don’t, they better never get into the same car or plane ever again. If both their keys become accessible, the funds are gone.
Two-factor authentication
Two-factor authentication (2FA) is not common for Bitcoin wallets, but highly recommend for online accounts like your email or cloud storage. With a multi-signature wallet, two-factor authentication can also become possible for Bitcoin wallets.
Setup:
- Wallet 1: Your computer (without backup)
- Wallet 2: The online 2FA service
- Wallet 3: Paperwallet in your safe
How to use it
Every time you initiate a transaction on your computer or phone, the transaction has to be signed off by the online service. Before they sign off on your transaction, they will require you to enter a two-factor authentication code. This code could be generated on your phone, be sent to you by text message, or even come from a hardware device. They can also impose transaction limits on your account, or require different levels of authentication for different transfers.
Drawbacks
If the 2FA service goes offline or is being DDoS’d, your funds will be unavailable until you can find the paperwallet in your safe. If somebody has both your device and access to your paperwallet, they are able to bypass the 2FA service completely.
There are also significant privacy implications to using a third-party service for your Bitcoin wallet
Lexie M writes about information security, bitcoin, and privacy. She is excited about empowerment through technology, space travel, and pancakes with blueberries and blogs for ExpressVPN who is TechRadar’s number one VPN provider. This is an excerpt from Lexie’s eBook called “Bitcoin Security and Privacy : A Practical Guide” which is free to download on iOS, Android, Kindle Kobo and Nook.
