Why choosing a hardware wallet over a software wallet

Image for post
Image for post

The number of users who start buying cryptocurrencies is growing every day, and they get introduced to it through different systems. We can classify the solutions to store crypto-assets in two main groups: hardware wallets and software wallets, each one with its pros and cons.

It is widely believed that software wallets are secure enough, and their use is widespread for two reasons: it is convenient to carry a software wallet in the smartphone, and we avoid the expense of a hardware wallet.

In this post, we will show why you should trust a hardware wallet instead of other weaker solutions.

What do we call a “wallet”?

Historically, a “wallet” has always been the space where we carry our paper money and also some documents. Later, in this traditional wallet, we started to keep credit cards, which give us access to our money. Today, if our credit card gets stolen, we not only lose access to our money but also someone could use it without our consent to increase the stolen amount enormously.

In the last few years, we have moved these credit cards to new carriers such as mobile phones and online platforms. Now the funds are interoperable, and a wallet can be a physical or virtual element. If we are carrying less and less cash in our wallet and more holders (such as credit cards) that provide access to our funds, the difference between carrying plastic cards in a pocket wallet or a mobile App is disappearing.

In this process, we have changed our “hardware wallet” for a “software wallet”, as it is a more comfortable and practical solution. Why should we need physical support if we can perform operations with more freedom through software? Isn’t it better to have all the payment methods at hand in our mobile? Besides, we always have it with us, and so we can eliminate old support.

A crypto “account” is not the same as a bank account

With the arrival of cryptocurrencies, we take a new step: we move from the credit card related to a traditional bank account to having our funds in crypto instead of FIAT currency. Although the processes are similar, there are significant differences between the way of accessing a bank account and our crypto-assets.

A bank account is nominal and secured: in case of disagreement with a transaction, we can file a claim with the bank, and the transactions (especially with a credit card) are reversible. We delegate the security duties to our bank, which also invests large sums in insurance companies to protect against theft or fraudulent use of credit cards.

But when it comes to guarding funds in crypto-currencies, we don’t have such protection. An “account” in crypto-currency is neither insured nor supported by a superior entity that holds the balance, and the transactions are not reversible. Each user is his own bank and is therefore solely responsible for what happens to his funds. In the case of cryptocurrency theft, we cannot make any claim, as it has been signed with a private key of which we are the only responsible.

Let’s repeat it:

If someone steals a credit card from us (physically or virtually), we can complain to the bank, and there is a chance we can get our funds back.

If someone gets our private key in a blockchain, they become the owner of the funds and can transfer them to another account without any possible claim.

Remember that in the crypto world, if you don’t control your keys, you don’t control your money.

An Exchange is not the same as your online banking

The first step to enter the crypto world is to exchange our FIAT money for cryptocurrencies. Exchanges were the first access doors to this world, but to provide a complete solution, there were also wallets guarded by the exchange itself. The user accesses the exchange with his password and therefore believes that he doesn’t need to know any other keys that are very complex and consequently impossible to memorize.

The exchange is, without a doubt, the most convenient system for obtaining, maintaining and managing cryptocurrencies, but it is also the most dangerous. All the private keys of all the clients are hosted in the exchange servers with cryptographic protection. But if a cybercriminal manages to break this security, he has free access to all his customers’ accounts. These thefts are happening again and again, as in the cases of Mt. Gox, CoinCheck or the finally aborted attempt that affected Binance.

Clearly, if you don’t control your keys, you don’t control your money. But if we say that each user must control his keys by himself, what is the best method, a software wallet or a hardware wallet?

Hardware wallet vs. software wallet

Both are storage solutions for cryptocurrencies. But what’s the difference?

In a softwallet, keys are generated and stored in a software device such as a smartphone or a computer, while a hardwallet is a physical device for storing keys. Also, to prevent theft of these keys, the signature is done inside the device itself.

A softwallet is always connected since it is a program executed in a continuously running machine. On the contrary, a hardware wallet will remain disconnected except when performing a transaction. This feature doesn’t improve the usability of a hardware wallet, but it increases security as it becomes a “cold wallet” when turned off.

A softwallet can be updated regularly, while a hardware wallet can only be updated when it is running. The updating feature offers a lot of flexibility. Still, in turn, it is a vulnerable point: even when the secure element cannot be accessed, anybody could sign unaccepted operations with it.

The more generic the hardware in which the software is hosted, the more vulnerable it is to external actions. Attacking an exchange (which has all the keys centralized) is not the same as targeting a softwallet, but you can launch an attack on the software that impacts a large part of the systems. Therefore, it seems to be more productive to attack a softwallet than a hardware wallet, since it provides better results.

In both types of wallet, it randomly generates the seeds from which the private keys are created. Hardware wallets generally use the BIP 32/39/44 protocol, which means that after generating the seed, it is converted to a string of words (BIP39) that allows it to be regenerated. Users must remember or store these strings in case of damage so that they can recover the seeds. The problem is that the process of reintroducing the word chain in the wallet is vulnerable, and in a softwallet we can suffer a keystroke attack that captures our seed. This cannot happen in a hardwallet, although the introduction of the seed is very unfriendly, and it is easy to make mistakes. It would be useful to have an easy, friendly and safe method which doesn’t need the BIP39 protocol.

How do we access a hardware wallet?

A hardware wallet cannot remain unlocked, because in that case anyone who finds it could potentially use it. You can protect it with a PIN or a PassPhrase, which are unlocking codes applied in the key generation process from the random seed. Its simplicity is responsible for breaking access to Trezor devices. A complex PassPhrase is safe, but at the same time quite unfriendly for the daily use of the device and therefore it won’t be used.

There is a simple process to improve access to the hardware wallet and still guarantee the security of the keys. The biometric access of HASHWallet provides greater protection of the keys and brings easiness in accessing the device. Besides, we can input more than one fingerprint (activating, for example, family members) so that the funds won’t remain blocked in case of decease. A fingerprint will always be more secure than a PIN, as you cannot borrow one.

About HASHWallet

HASHWallet is a hardware wallet based on an innovative technology deployed on a smart card that allows the user to authenticate or sign a transaction, in a secure environment that avoids any risk of impersonation and the possibility of fraud.

Follow Us:

Twitter: https://twitter.com/hashwallet

Website: https://www.gethashwallet.com/

Telegram Discussion: https://t.me/hashwallet

Instagram: https://www.instagram.com/hashwallet/

Facebook: https://www.facebook.com/HASHWallet-113385190072138

Reddit: https://www.reddit.com/user/HASHWallet/

Written by

eSignus is a consultancy firm experienced in the financial, technology and crypto security sectors. We run HASHWallet, the most secure hardwallet in the market.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store