How to secure your bitcoin wallet password

Your wallet is only as safe as the password protecting it

digital lock

Depending on how you have set up your Bitcoin wallet, you will likely need a password as part of its security. A good password is long and random. Some password need to be memorable, while other passwords can be conveniently stored in a password manager. 

Password Managers 

A password manager, or password vault, is a computer program that helps you create and store secure passwords. It may come as a browser extension, a separate program, or an app on your phone. Some password managers host your encrypted password in the cloud, while others store them only locally.

If you intend to use your password manager between multiple devices it is often better to go with a paid cloud solution. If you are only using them on a single computer, an open-source tool like KeePassX will do you well.

Password managers are not only more secure because they can create long and truly random passwords at the click of a button, but they are also more convenient—you don’t have to remember hundreds of passwords.

Instead, you only have to remember a single password to open the password manager. To create a random, long, yet memorable password for your password manager, have a look at this Diceware guide. Four to six words will be long enough.

Paper wallets 

When creating paper wallets, it is usually best not to encrypt them separately with a password. It is generally very difficult to remember a good password over a long period of time, and you will likely forget the password by the time you want to recover your funds.

Hardware wallets 

If you use your hardware wallet often, you should definitely set an additional passphrase. That way, in case you lose your hardware wallet or have it stolen, you will not lose your funds (make sure to have a backup seed on paper somewhere).

Because hardware wallets often come with a switch that wipes the wallet after too many false attempts to guess the password, two words from the Diceware list are enough.

Mobile wallets 

Your smartphone should have encrypted storage (make sure this option is enabled in your Android device; iOS devices come with encrypted storage enabled by default). It is important to also set a passcode or passlock, as fingerprint or face scanners can be insufficient for security.

Most mobile wallets allow you to set an additional password or passcode. Make use of that, though if you don’t use the passcode too often, you might want to add it to your password manager, too.

Online wallets 

Your online wallet can be a good place to keep a small amount of Bitcoin without having to worry how to regain access to it after a long time. Make sure your online wallet is associated with your email address so that you don’t have to rely on keeping a wallet identifier ready. Familiarize yourself with the security options of your account and make use of them. Because online wallets are accessible through a web browser from anywhere, it is most vulnerable to hacking attempts 

Two-factor authentication for your online accounts 

While using Bitcoin theoretically won’t require you to open up any accounts, you will likely open up plenty of accounts with third-party services. Is is important to keep those secure too, even if you don’t keep money in them. These accounts include exchanges, payment processors, and debit card providers.

Two-factor authentication means that in addition to your regular password, you need to submit a second code to log into your account. There are plenty of ways to obtain this second code. You can use a combination of any of the following, or just pick the one that best suits your needs.

Secondary passwords by SMS 

A few services will ask you for a second code every single time you log in, especially if you have never logged in from that device before. Services such as Facebook, Twitter, Google, and Dropbox will send you a text message containing this code. This code must then be entered into the website in order for you to log in to your account.

However, for this to work, your phone needs to have reception, which is something that is not always possible. If you are traveling in a country where your phone does not work, or you simply run out battery, you could end up locked out of your account just because you don’t have a working phone on hand.

If you lose your phone, this system could potentially lock you out of your account for good. However, it’s not too difficult to get a new SIM card with the same number. The downside of this is that an attacker could trick your mobile phone provider into issuing them a duplicate SIM, or perhaps find a way to reroute your text messages directly to them.

Snooping governments could also be reading your text messages silently or preventing an SMS from even reaching you (or both!). This would allow them to effectively render your SMS codes useless. At the very least, your phone could give away your location while receiving the text message, something you might wish to avoid.

Generating 2FA codes via an app 

Google Authenticator and Authy are two great examples of Apps that generate codes on your phone instead of sending them to you via text message. Generating the codes on your phone means they are never in transit, making them impossible to intercept.

This process does make you more dependant on your device, though. And if it is out of battery, broken, or missing, you might get locked out of your account. If you are unable to get the device running again, or you lose it, it can be a huge hassle to regain access to your Google Authenticator protected accounts.

Some authentication services will allow you to create emergency codes in such a case, which you have to store securely elsewhere (such as in an encrypted file on your computer). Other services might ask you for a secondary phone number where they can reach you in case your primary number is lost and your 2FA needs to be disabled.

Generate an authentication code with a USB stick 

Instead of getting the secondary codes from your phone or a remote server, you could generate them on a dedicated USB device. These devices are small USB sticks (sometimes as small as a fingernail!) that plug into the USB slot of your computer. They have a clickable button on its side. Pressing this button will generate a random and secure key which can be used as a secondary password.

FIDO U2F is an open source standard that is very easy to set up and is supported by many popular services, such as Facebook and Google. The U2F authentication system will place an instruction to enter the key after entering the primary password.

Lexie M writes about information security, bitcoin, and privacy. She is excited about empowerment through technology, space travel, and pancakes with blueberries and blogs for ExpressVPN who is TechRadar’s number one VPN provider. This is an excerpt from Lexie’s eBook called “Bitcoin Security and Privacy : A Practical Guide” which is free to download on iOS, Android, Kindle Kobo and Nook