Would you leave your purse or wallet lying around? Would you toss it into some corner of your house when you get home? Probably not, especially if the wallet had gold coins that could potentially grow in value.
Your bitcoin wallet is not any different. In a previous post, we showed you how to protect your funds by storing them in a multisignature wallet. Today we're going to show you how to securely back up and protect your wallet's private keys themselves.
Understanding Private Keys and Wallet Backup Phrases
The first time you open the BitPay app and create a new wallet, you will see this screen:
At this point, you'll need to back up your wallet. This means writing down a twelve word backup phrase (like the one shown below) and keeping it safe. It is not secure to take a screenshot or picture of your 12 word backup phrase. Never share your backup phrase with anyone – even BitPay – unless you want them to have access to your money.
These 12 words can be used to regenerate your bitcoin wallet's "private keys". Private keys generate the digital signatures required to spend your bitcoin.
Simply put, a private key is sort of like the password to your email address, except it can't be reset. Since the backup phrase gives a bitcoin wallet access to your private key, you can use the 12-word backup phrase to recover your bitcoin if your device is stolen or damaged.
Backup phrases are a simple, secure way to protect and restore private keys. But this means your bitcoin is only as secure as your backup phrase. You might want to take extra care to secure and protect your backup phrase once you've written it down.
Tips for Private Key and Backup Phrase Security
Before you think about how to secure your bitcoin wallet backup phrase and private keys, count the cost. It’s likely not worth it to spend $1000 to store a backup phrase with $20 worth of bitcoin. But you will probably be alright with spending more time and money on securing the private keys for a large amount of bitcoin.
Here are some ways you can secure your backup phrase and your private keys when you create a bitcoin wallet.
Recording Your Backup Phrase
Be sure to write down your backup phrase on a strong, durable sheet of paper with a quality pen. You can also secure that paper in a protective sleeve. The key is to make sure the ink and paper hold up over time.
Storing Your Backup Phrase
Instead of storing your backup phrase in a physical wallet or box, you may want to store your backup phrase in a fireproof and waterproof safe or lockbox. If you wish to share emergency access to your wallet in case of accident or death, you can entrust multiple copies to trusted friends and family whom you can trust to store the phrase securely.
If you want to take your backup phrase storage to a new level of security, you can keep your backup phrase in a safety deposit box at a bank.
This recommendation comes with several caveats. First, you must be sure that you trust the stability and integrity of the bank. Some banks in countries with unstable financial systems have confiscated the contents of safety deposit boxes in the past. Second, safety deposit boxes can cost at least $60 annually, and you may have to wait for over a year to get access. Finally, the contents of a safety deposit box in the US are not FDIC insured, so there is not a safety net for your bitcoin wealth.
Securing Your Private Keys
Once your backup phrase is secure, you can focus on securing your wallet and your private keys on your device. In case your device is stolen, you don't want the thief to be able to access your bitcoin. There are two things you can do to prevent this.
Using an App PIN
To prevent a thief from accessing your backup phrase through your app, be sure to set a strong PIN lock on your phone. You can also set a PIN specifically for the BitPay app, as shown in the image below on the left. Here are the steps to set a PIN in your app:
Open "Settings" by clicking the gear icon at the bottom > Select "Lock App" > Select "PIN" > Enter Your PIN
Note that this method only provides security against non-technically skilled thieves. If thieves can access your smartphone hard drive, a PIN will not prevent them from accessing your private keys.
Using Spending Passwords
Fortunately, the BitPay wallet makes it easy to encrypt private keys with a encrypt password, as shown in the image above on the right. The wallet will prompt you to enter this password every time you initiate a bitcoin payment, and the password will protect the private keys on your device.
Here are the steps to set a spending password for any of your wallets:
Open "Settings" by clicking the gear icon at the bottom > Select "Request Encrypt Password" > Enter Your Spending Password
Remember that this spending password will not protect your private keys if your backup phrase is lost.
Learn More About Bitcoin Security
Want more tips for bitcoin security? Subscribe now to get our blog posts delivered to your inbox.
Originally published Sep 13, 2017 9:42:00 PM, updated April 21 2020