Bitcoin security 101: How to create the healthiest environment for your devices
By now, we all should be familiar with the mantra of “not your keys, not your coins.” A lot of guides and information are available to Bitcoin connoisseurs regarding how to secure your keys and seeds. However, I don’t see much information published about how Bitcoin hodlers can secure their environments when using those keys.
The following are some practical and “paranoid-level” tips and steps I use to help secure healthy environments for my devices and hardware wallets.
When using key material in any form, one should take into consideration the room and layout they will be operating within. Public spaces are not recommended due to the multitude of peering eyes, cameras, and general lack of privacy and security. To start evaluating for potential physical security threats, it is better to use an access-controlled location of your choosing, such as a bedroom or personal office. When evaluating a physical space:
- Location should be access-controlled, which prevents key operations from being interrupted.
- The space should be relatively private and not in a public place like a crowded coffee shop.
- Take note of all cameras and what they are facing. This goes for mobile phones, webcams, and smart watches. When in doubt, cover it up, or remove the device from the environment entirely.
- Be aware of various Internet-of-Things (IoT) listening devices, such as the ones offered by Amazon and Google. They are always listening!
- Power off all unnecessary electronic devices that may contain cameras or microphones.
- Close the blinds, shut the door, and give yourself ample time to do things correctly and without interruption.
Using hardware wallets and performing key operations is NOT a team sport. These tasks should be performed alone and in a silent manner, unless a second witness is needed for attestation.
Hardware wallets, by design, are engineered to protect your key material without the fear of an infected computer or malware stealing your funds. Having said that, attackers can be extremely clever. One can still take additional steps to ensure they are using the latest security tools to promote a healthy compute (laptop/mobile phone/tablet) environment.
- Use your own computer or tablet wherever and whenever possible.
- Use the included operating system firewall and malware detection tools. If you do not trust these, a third party application would suffice.
- Ensure a healthy system environment by staying up to date on operating system patches. These patches sometimes include critical security updates which can help keep your computer safe.
- Use only approved vendor binaries and software releases from official vendor websites and official mobile application (iOS/Android) stores.
Those that wish to be extremely cautious may choose to use an air gapped computer to sign transactions offline and broadcast them through a separate online computer. This is only recommended if you know exactly what you are doing, as fully securing an air gap computer is an intensive and comprehensive task.
The “keys to the kingdom” that control your bitcoin should reside in your hardware wallet. If you are not using a hardware wallet, sign up for a Casa account here. Before we touch any hardware, let’s ensure we are electrically grounded by either touching a door knob, large piece of metal, or a common ground. This ensures we don’t zap our devices with static charge when handling them.
- Run hardware device firmware updates periodically to ensure the latest security updates have been applied. (At Casa, our team reviews every firmware update for the hardware wallets we support. If you're a Casa member, be sure to consult our help center before updating your firmware.)
- Perform a Casa Health Check in the Casa mobile app to ensure the health of each of your hardware devices.
- Use only the supplier-provided USB cable. USB cables vary in voltage, stability, and there are even attacks that can be built into makeshift cables!
- Always verify all prompts and addresses on the hardware wallet screen.
- Use a Casa-branded Faraday bag from https://store.casa/ for long-term device storage.
By incorporating some of the tips above, you are taking the steps to ensure the safety of your keys and bitcoin, as well as the safety of you and your operating environment. Stay safe!
Need peace of mind for your bitcoin? Let's get it handled.
Casa Gold is FREE to try for 30 days and only $120/year after that. Ready to move directly to our Platinum or Diamond tiers? You can get started here or book a call with our Client Services team to learn more.
Stay safe out there
Casa's CTO Jameson Lopp regularly reports on the Bitcoin security + privacy landscape. Sign up for our weekly security newsletter to stay in the know.