10 Requirements: Choose a Good Hardware Wallet

--- by D. Petkovski ---
hardware wallet

Choosing aย hardware wallet is a serious and extremely responsible decision.

A user has to do dedicated homework instead of picking the cheapest or the first available option.

When I was evaluating which hardware wallets to buy, I relied on the following list of requirements. Read on and see the reasoning behind each.

1) Has to Be BIP39 Compatible

This is a must.

BIP39 compatibility means portability.

If, for whatever reason, you don’t have access to your device anymore, you should be able to easily import your seed phrase in another wallet and access your funds.

So hardware wallets that restrict their users to an ecosystem should be discarded immediately.

You don’t want a hardware malfunction after the company went bankrupt to restrict your access to your wealth.

2) Must Support 24-Word Seed Phrases

This is more of a nice-to-have, but since it’s an industry standard to support it, there’s no need to settle for 12 word seed phrases.

Both 12 and 24 word seed phrases are practically impossible to guess. But a scrambled set of 12 words can be brute-forced.

Now, of course, I disapprove of becoming too creative with seed phrase management, but if someone gets a hold of (a part of) your words, they might be able to figure it out.

3) Not Susceptible to Physical Attacks

The device shouldn’t be able to be used by simply having physical access to it.

Most solutions are protected by a pin, but if there are infinite tries available, an attacker might figure it out.

Also, some devices lack a secure element and thus can be hacked with physical access.

4) Lack of Coin Support

Diversity of coin support sounds cool to n00bs, but if you have a concentrated position, you don’t really care if the device supports 100 tokens you’re not interested in.

Also, every extra functionality is a potential attack vector, so for maximum security, you’d prefer a hardware wallet that supports only the assets you’re holding.

For example, all three, BitBox02, Keystone 3 Pro, and Trezor have Bitcoin only editions.

5) Security Before Convenience and Extra Functionalities

Some hardware wallets become unnecessarily fancy.

This is not always at a cost of security, which is great, but it introduces more components that can break.

Of course, given the portability it’s not the end of the world. But you don’t want a hardware failure preventing you from transacting at the worst possible time.

That’s why I always recommend having multiple hardware wallets readily available, but if you’re going for your first and single one, you might optimize for simplicity – doing one thing and doing it good.

6) Must Support Passphrases (25th Word)

This is crucial.

The ability to access infinite sets of addresses by adding an extra word on top of your seed phrase is of massive value.

Whether for purposes of plausible deniability, pedantic portfolio management, inheritance planning, or anything, supporting a passphrase is important.

This is already a part of the BIP-39 standard, but it’s always good to double check if and how passphrases are supported.

7) Third-Party Software Wallets Integration

Again relating to the point of not trapping users in an ecosystem.

Ideally, the hardware wallet is aย signing device, not a product that needs to optimize for UX, given the options available on the market.

Thus, I’d always prefer hardware wallets that can be used with third-party software instead of just with the native app of the company.

This also allows you to pick preferred software (i.e. open source, no analytics, etc.) and just use the hardware wallet for its single intended purpose.

8) Software and Firmware Must Be Open Source

If the software and/or firmware aren’t open source, you can’t know whether your device satisfies theย onlyย qualification:

The keys should never be exposed to a device connected to the internet.

This is the only improvement of hardware wallets over software wallets, so it shouldn’t be taken lightly.

A notable example is Ledger’s ability to extract the seed phrase, effectively making it a hot wallet.

9) Must Have a Self-Destruct Mechanism

Most devices have a self-destruct mechanisms for various attack vectors.

For example, after 3-10 wrong pins, the devices wipes out all the data and does a factory reset.

Or if the device detects physical tampering, it self-destructs, wiping all the data.

This is a layer of security that can make users comfortable in losing their hardware wallets or not panicking if it gets stolen etc.

10) Track Record

And lastly, a less technical requirement, but still an important one:

The track record of the company.

This is not about “trust”, but about the history of good decisions, customer support, and high-quality solutions the company brought.

I put it last because it should be considered lastly – given two equally suitable options, one might consider the provider’sย reputation to make a final decision.


Need a step-by-step guide to buying Bitcoin and securing it safely with a hardware wallet? Head to:ย The Self Custody Manual.

 

Author

  • D. Petkovski

    D. Petkovski

    ๐Ÿ““ The Authorย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย ๐Ÿ‘ช Husband & Father
    ๐Ÿ–ฅ๏ธ Software Engineerย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ๐Ÿ’ชย StrengthCentric
    โ‚ฟ โ‚ฟitcoin Hodlerย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย  ย ๐Ÿ“ˆย Long-Term Investorย 
    ๐ŸŒ Everything Enthusiast ย  ย  ย  ย  ย  ย  ย  ย  ย ๐Ÿ”ฅ Optimist

    READ MORE