Got Something to Hide?!

Citing the ‘seed phrase‘ as being “imperfect for security” and “bad for on-boarding,” Karl Kreder, cofounder of GridPlus, says he has a better way.

Seed phrases commonly must be written down, saved on a jump drive, or worse, on the computer, making them vulnerable to attackers, being lost, or stolen.

Karl Kreder suggests you could bypass this susceptibility by using a card to sign blockchain transactions. This idea is very appealing, especially to new crypto users.

In his address to the Ethereal Summit on “Killing the Seed Phrase: Crypto’s Biggest UX Challenge,” Dr. Karl Kreder’s point was made by the previous speaker:

Itamar Lesuisse, CEO of the Ethereum Wallet Argent, said, “for years people have been told to write down their passwords for security reasons, and now crypto companies are telling people to write down their seed phrases— a combination of random words and phrases that can be used to recover access to funds.”

Kreder, co-founder and VP of Hardware Engineering at GridPlus, agreed with Lesuisse, saying indeed that’s “kind of bonkers.”

GridPlus initially started as a blockchain-based electric company that aimed to cut customers’ costs by doing away with intermediaries. They currently have around 3000 customers in Texas and needed a way to bypass the bank once the customers’ onboarding is complete.

Writing down Seed phrases don’t always work and for several reasons. 

Since digital commerce already uses the familiar debit card, credit card, or gift card, why not try innovatively using one of these?

Kreder says a seed phrase is prone to what he calls a ‘sock drawer attack.’ Meaning, even if a user has the BEST hardware security available, hackers could still get in to find the seed phrase in the sock drawer. More likely, on the computer’s desk!

Kreider’s solution? A SafeCard, which is like a debit card, and it can sign blockchain transactions. SafeCard can enable two layers of security.

  • A PIN – which users are familiar with using, and they generally can remember without writing down.
  • A PUF – An element that GridPlus builds into the SafeCard is called PUF. PUF is an unclonable function described as an “electronic snowflake,” unique to each card.

This card, however, has to be paired with a smartphone and a GridPlus server. This presents a problem on the mobile wallets which Argent is creating, although Lesuisse has workarounds.

Quite naturally, Karl Kreder promotes his option as the best to replace the seed phrase but is this a good idea?


SafeCard is just one option for storing seed phrases. Let’s look at others:

Metal Blockplate

Metal Blockplate Seed Phrase storage advantages:

  • Fast, Easy, and Efficient – No stamping. No tiny pieces. No hand engraving. 
  • Expert Manufacturing Quality – Precision laser cut. Laser engraved. Workhorse finish. By a US manufacturer.
  • Two [2] Plate Pack – Each plate stores up to 12 words (6 words on each side). Each double pack includes 2 plates for a total of 24 words.
  • Thick, 12 Gauge 304 Stainless Steel – Tough against physical abuse and abrasion.
  • Fire and Heat Protection (Up to 2100 °F) – Withstand well beyond an average house fire (~1100 °F)
  • Water and Corrosion Resistance -For protection against the most extreme conditions

  • BIP39 Mnemonic Phrase Support – Only the first four letters are required for BIP39

Why do I only need the first 4 letters for each word in a mnemonic seed phrase?

Bitcoin Improvement Proposal (BIP 39)

  • Your 12-24 recovery seed phrase most likely comes from the Bitcoin improvement Proposal: 39 (BIP39)
  • BIP 39 uses a mnemonic phrase — a group of easy to remember words — to serve as your back up recovery should your wallet become compromised.
  • These words are pulled from a specific list of 2048 words. In this list, the first 4 letters are unique to each word. (including the words that only have 3 letters — think of a “blank” as a letter)

In other words, there are no two words in this list with the same first 4 letters. This means if you have the first 4 letters, you know the rest of the word by looking for those first 4 letters in the BIP39 list. Some wallets will even fill in the rest of the word once the first 4 letters are entered.

Lighting Network (AEZeed)

Lightning Network uses a different seed scheme known as Aezeed. But, it uses the same word list as BIP 39. Thus, the same feature: unique first four letters for each word applies.

Electrum

Electrum Wallets also use a unique But, it also the same word list. Due to the usage of the same list, the first four letters are unique for each word.

Satoshi Labs Improvement Proposal (SLIP 39)

If you use a Trezor’s parent company, Satoshi Labs, unique seed standard of Shamir Secret Shares, Slip 39, the word list is different. But, this word list also has the same design in which the first four letters are the same.

Word List

Steel Backups for Wallet Seed Storage.

Writing your seed phrase can be a risky business since it is much the same and no more secure than a paper wallet.

Most Steel Wallets are resistant to any physical thread – even natural disasters.

Examples of hazards that steel wallets protect your seed phrase from include:

  • Corrosion
  • Fire
  • Hackers
  • Rust
  • EMP (Electro-Magnetic Pulse) – Shocks
  • Water

Steel wallets almost indestructible.

The 4 Best Cryptocurrency Steel Wallets.

BillFodl

Billfodl is made from stainless steel (grade 316), making it a very tough wallet that is particularly resistant to corrosion. At $89, it is a great choice for the “hodler” who wants value for money without compromising on quality.


PROS

  • The easy and simple setup process
  • Compatible with all crypto wallets
  • Scientifically tested at a Dept. of Defense testing facility
  • Very strong and competitively priced

CONS

  • No special characters ($, #, *) in the tileset means you cannot use the Billfodl for standard password backup.

CryptoSteel

CryptoSteel is made from stainless steel (grade 304). A bit pricey at $144, so it is quite a bit more expensive than the alternatives.

PROS

  • The very simple design is easy to understand.
  • Durable and robust to last a long time.
  • Open Source Designed.

CONS

  • Tiles are not consistent, which makes them difficult to insert
  • The price point is higher than for other steel wallets
  • Support no good help.


CryptoTag

CRYPTOTAG is a titanium wallet. It differs from Billfodl and CryptoSteel. The user must hammer or engrave using a pen to stamp his words into a metal plate. 

PROS

  • Allows for up to 48 words to be added.
  • Has an extremely high melting point.
  • Includes all necessary tools needed for set up.
  • Unit is tamper-resistant

CONS

  • Requires hammer and stamping kit to record seed phrases
  • Not re-usable
  • Risk of Injury during set-up


ColdTI

ColdTi is a titanium wallet making it one of the most durable wallets on our list and surprisingly low cost.

PROS

  • Unit is Tamper-resistant
  • it has an extremely high melting point
  • Competitively priced

CONS

  • The unit requires a hammer and stamping kit to record seed phrases
  • Not re-usable
  • Risk of Injury during set-up


What are the Cons of a Steel Backup?

Remember, anyone who finds your steel backup has access to your coins. Because the steel wallet’s whole point is to back-up your recovery seed and is used to get your coins back should you lose your wallet or it is destroyed.

Therefore, you need to ensure your steel wallet is always kept where no one else would find it. At the very least, limit only people you trust to see it. Instructing your spouse or significant other on its use is wise so that they could access your funds in an emergency.

Keep in mind steel wallets are generally only meant to protect your seed phrases from fire and water damage.

Which one will you choose?

Steel wallets serve an important function when it comes to protecting your Bitcoins.

  • You can lose the ability to access your hardware wallets.
  • Seed phrases can help you recover your coins.
  • Steel wallets help protect your seed phrases.
  • You can get a steel wallet starting at $19.99 each.

Hopefully, you’ll find a steel wallet that fits your requirements and budget needs.

P.S.>>>>>>>>>>>>>>>>>>>>

(tips from coolwallet.io)

Now, let’s go over this again!:

☠ Rule 1: NEVER Reveal your Private Keys to Anyone

☠ Rule 2: Never Reveal your Recovery Seed Phrase to Anyone!

☠ Rule 3: Don’t Lose Your Hardware Wallet Seed

By now, you should know never to reveal your recovery seed or a private key to third parties under any circumstances. However, even more important is to make sure that the physical paper wallet seed is CORRECT and KEPT SAFE.

Don’t try only to memorize it, or keep different sections of it in different locations. Accidents can happen. Keep it in a secure and dry place, perhaps a safe or a steel wallet.

5 Tips to Protect Your Recovery Seed

1. Generate your hardware wallet seed in private

That means doing it alone. IN Private. Don’t ask that techy in your office, your brother in law or even customer support to help you set up your wallet. Don’t trust anyone with your security!

2. WRITE DOWN your recovery seed on a paper wallet

Always write down the seed backup from your hardware wallet’s screen, never type it.

3. Double-check that you’ve written it correctly, and in the right order.

Basically, these words are from the dictionary, and there are up to 2^32 different combinations based on each seed set’s order. So, take a couple of minutes and go over once more, or you may spend a lifetime of regret.

4. Never print, take a photo or store a digital copy of your recovery seed anywhere!

Photographing, printing, or saving a copy of your private key or recovery wallet is taking the lazy way out. You create a digital copy that can be exposed.

5. Never type your hardware wallet’s recovery seed

Your device may not be secure and Key-loggers could steal your seed.

Final Thoughts

Though it is extremely unlikely, it IS possible that a private key can be extracted from a cold wallet. A hacker could do so by gaining physical access to both your device and connected phone/ computer at the same time.

Some Hardware wallets can be broken into by installing physical components into the USB device or intercepting and decoding the transmission signals.

No matter what we choose, we MUST take steps to keep our seed phrases secure and locked away in a safe place because none of us can afford to lose the assets in our accounts!

About the author

Gail holds one of the most challenging role in the Compumatrix Leadership: Membership. She ensures that that members and potential members enjoy the benefits of being part of the Compumatrix community.

Comments

  1. When Karl Kreder suggests bypassing ‘seed phrases’ which are vulnerable to being lost, stolen, being attacked to using a card to sign blockchain transactions, I immediately perked up! When he said this method was very appealing to new crypto users, I can confirm that on my end. But on reading further down there are always pros and cons and choices to make from these which always makes me unsure which to pick! And always the Hackers.

  2. Yes, Janice. This is why we read and read before making choices. Get to know as much as we can to make an educated decision. “All the glitters is not gold” and all forms of security are not good. Read about them further by doing your own research on the internet. My suggestion would be to use “duckduckgo” as a search engine as it adds a layer of privacy!

  3. Good protection is so important,however the choices are mind blogging to me.Like most I take security very seriously
    and do my due diligence when making a decision to apply. Like my home for example,I have more than just a
    key lock on my front and back door for security, I have and will use more than one layer of security starting with NEVER leaving all my eggs(crypto) in one basket(wallet) each with different protection.With each having it own set of Pros and Cons having muiliple at work lessen the chance of losing everything!

  4. Great read, Gail! I am particularly tickled by the “cons” of two of the steel wallets:

    -The unit requires a hammer and stamping kit to record seed phrases
    -Not re-usable
    -Risk of Injury during set-up

    That’s funny 🙂

    It seems we will all by guinea pigs as we discover how to “hodl” our cryptos. At this point, it seems wisest to “spread the love” and have multiple options to test out the waters, and see what works for us individually. Due diligence is a must.

  5. Protection is very, very important. I treated my private keys always with the utmost care. There are two things in my life that have the highest priority. One, my private keys. You won’t find them on any of my devices. They are extremely well hidden in my view. Second, the permanent visa that gives me permission to live in Brasil. Also a very important document for me. Not something that has to be hidden for others but never to be lost.

  6. Excellent and very thorough post on wallet and general computer safety for that matter. I love recovery seeds. And writing them down by hand the old fashioned way seems to be the best and most secure way that I trust. An old Chinese proverb says that the “weakest ink is stronger than the greatest memory”. Just need to remember where you put the paper that you wrote it on and not forget where it is. LOL

  7. Thanks for the info Gail, I have been thinking about these and the choices. The steel wallet cons also made me laugh, having to use a Hammer and stamping kit, and may produce injuries. Made me think of the cavemen carving their messages in stone, which I would think would be harder to hide then a steel wallet!

  8. Thank you for a really informative post Gail.
    It’s really strange trying to get to used to being more security conscious.
    I grew up in a part of the UK where all the front doors were left unlocked and people looked out for each other. Now I am daily blocking emails from people trying to get my personal banking details. Spoof PayPal emails, emails to say my Netflix account has been blocked, click and update your details, etc (I don’t have a Netflix account).
    It makes you realise how much more security conscious we have to be.
    I am so grateful for all the advice and reminders you give us. Thank you.

  9. This article explained many topics and vocab words that I had never seen before, and now are more educated on. I had never heard of Cryptotags or Cryptosteels and I think they are two very interesting topics I would like to learn more about and use one day. I think sometimes people forget the important of protection and security so these blogs that talk about security are very educational.

  10. We continue learning, another great article with very practical suggestion though due diligence is a must and also effort to learn and research more to make the best choice for your security, as the scammers and other online attackers have become smart so are we, no time to be lazy when it involves our security. have enjoyed this and I’m coming for more.

  11. Well…I’m all for any added security, and since it’s news to me that there has actually been seed-phrase hacking going on (what?!?), bring on the new and safer storage devices! Like many others, I appreciate the fact that there are developers constantly upgrading security of crypto storage devices. This gives us added assurance that cryptocurrencies are the way of the “now” AND the future!

  12. Thanks for this article, Gail. There are different choices to consider and each one has its pros and cons. I have a steel backup that I keep in a safe place. I also use a Trezor device for accessing my cryptocurrency wallet. Even though I have these devices, I’m still always open to suggestions on what new technologies might be out there that might be more secure.

  13. I’m brand new to this whole cryptocurrency world and space, so many of these terms are also new to me. I can learn, though, and while reading these blogs, I am learning really well. I look forward to your teaching blogs, Sophye, as they help clear up the fog a lot!

  14. As always a very informative blog Sophye! Our first step in avoiding hackers is to provide security It is very important to use the private keys for your wallet.we must choose different phrases for secure our precious cryptos and as well as our wallet.all above details i saved to read more.Thank you for the guiding  us for your valuable article.

  15. very detailed info and great info and I am definitely reading many times as the security factor of any of our estates is probably the top priority to maintain our lifes works and with the internet and technology it has become so much more difficult to just be secure — you actually have almost go back to school perse’ and learn all over Again — thank you Gail —

  16. Thank you Gail for updating on the coldest wallets! When I started Compumatrix, I was learning about exchangers, paper wallets, Trezor, and Ledger. It is amazing the evolution of steel wallets. I read somewhere that a crypto investor had millions of BTC on a steel wallet in a framed picture in his living room.

  17. Thank you Sophye for the excellent detailed and elaborate blog regards Security.Various options with their pros and cons are noted and need for our own due diligence is undestood.You have done a fantastic job of doing research and putting together such an informative post .Your regular blogging for our education is always welcome.Keep it up.

  18. Such knowledge for hiding our assets from the crooks and hackers who would take from us what we have worked these years. I appreciate the reminder of the other issues that can destroy our crypto. I am so thankful for you and all who understand all the things we elderly need to know. Some times I sense frustration from you, but you continue to address something we need to understand, and with patience. You know how vital it is for us to grow with Compumatrix and to be compliant and to be secure. This crypto world was a world of incomprehension when I first began with Compumatrix. There is light being shed on our pathway as we take each step into the depth of this world of technology, its security and foreign words about digital aspects and cryptocurrencies.

  19. here i am reading and re-reading and the information here in this blog alone is so detailed and truly with each read I get more and more comfortable in my offline world of notebooks and handwritten but also am now as life progresses moving farther into the lock and more safety that is also available online — still much much More to comprehend and very thankful —

  20. Wow! What a smorgasbord of available means and methods safe storage! I have had coolwallet since it first came out. It is cutting edge and, in my opinion, quite safe. I am amazed at the ingenuity and creativity in the blockchain world. I used to be somewhat anxious about options to protect a large portfolio. Today’s safeguarding possibilities can meet anyone’s necessity. Thanks for the thorough list!

  21. YES, YES, YES, I do!!! We ALL do!! Gail, I am thrilled to see this blog article because we all need to be constantly reminded of the importance of striving to achieve great security! We have to continue to update the security practices we have learned because things constantly change.

    Regarding the “seed phrases”, I would love to see those replaced with a card! But I can guarantee that I will not be first in line to use one if/when they first come out, Lol. I will gladly suffer through the very inconvenient practice of using my seed phrases until ANY replacement technology has been proven in the field by lots of happy users.

  22. As circumstances would have it, today I needed to set up a new crypto wallet and was once again faced with the dreaded process of securely recording my recovery seed.😆 As I was carefully STRUGGLING through the very inconvenient process, meticulously writing down and triple-checking those golden words, I remembered this blog post and laughed while thought, “Since I don’t have a Steel Wallet yet, at least I don’t need a hammer and I’m not at risk of INJURY during this wallet setup!” 😊 Ya gotta love crypto, but watch out for your fingers! 🤣

  23. Wow great blog so much information and I agree with all of it security is extremely important in the crypto world my wife got her laptop fried from ransom ware a few years back from clicking on one link that is all it took and they took over locked it up no recovery she had no important info on it so we are not paying the creeps. Protection does not always work especially if you click the link. I think her VPN was off at the time though she can’t remember if was on or off, check that always when your loading up sometimes you have to turn it on. I think stealing has increased by 5000% since the 50’s and 60’s so beware.

  24. With all the fires around the globe recently, this becomes a good option.
    Having a set of metal stamps or an ingraver, makes it even more appealing.
    With a bit of thought and ingenuity, you don’t even need the high-grade stainless steel. Some nice thin aluminum sheet punched with the Wallet name, web site, Key or password on it. Then lightly oil and place in an airtight bag. Now the fun of creating an inconspicuous, outside volt like a concrete bench that has a secret compartment built into it. Fire, flood or wind are not going to dislodge it. I feel a new “Lock down” project coming on.

  25. Great article. I have always been concerned about backing up such important information on paper and jump drives that can be destroyed or lost rather easily. Having a metal plate or number of plates with important Keys inscribed on them and then stored in a safe place is more assuring. Our grandchildren and generations to come may think it is strange at first but will be glad we took the time and effort to do it.

  26. I think there should be far stiffer penalties for any type of cyber crime. The internet is a great asset if used properly. Unfortunately it is open to horrific abuse by hackers trolls and villains.
    We all try to beef up our security but it comes at a cost which puts many off so they take risks. When major players absent their responsibiities by allowing all sorts of misinformation and downright lies to be posted the average person has little option but to hope for the best.
    If hackers can infiltrate government sites that are amongst the most secure in the world detection and prison, with no access to phone or computer, are to me the only deterrant. The major players that are making billions from normal people using their platforms should be heavily taxed to pay for it. I have seen how destructive facebook an be to innocent people by others reading posts and taking advantage of private invitations. I never use it as a result.

  27. this is just so interesting a read — the blog itself is so much information to be studied and as i learn put parts into everyday biz makeup — but honestly as i look at the replies and put together there is a ton of info and good info and for right now it is a bit overwhelming — but after read again and read some more i will get there —

  28. Gail Thank you this was great information, We still have some waiting on the fence after years of being told what to do as far as safety. Pishing is everywhere now. I see it almost everyday. I just delete. I never open an email I don’t know. It could have a virus that lets the into your computer then to get it back they want Bitcoin ransom. So Beware…

Leave a Reply

Your email address will not be published. Required fields are marked *