Introduction
Picture this- You wake up on a fine morning to discover that all your digital assets have vanished. You’re tense and angered because your hard-earned money is not in your wallet. You’re unsure of how your assets disappeared, and you’ve become a victim of digital theft.
In the ever-evolving landscape of digital security, two unsung heroes that stand as guardians of our online assets are: passphrases and private keys. These unassuming elements play a pivotal role in ensuring the safety of our digital lives, from safeguarding cryptocurrencies to protecting sensitive data.
In this series of ‘Dumb Ways To Lose Money’, we embark on a journey to master the art of securing passphrases and private keys. By delving into their significance, we equip ourselves with the knowledge needed to navigate the complex terrain of digital security confidently.
How Keys And Cryptography Function
Public and Private keys are essential for making crypto transactions. Before we dive into public and private keys, let’s first understand the basics of cryptography.
Cryptography is like a secret code that keeps information safe when sent online. We rely on this code to keep our transactions safe when we use cryptocurrencies and blockchains.
Crypto keys come in pairs, found in every cryptocurrency wallet. These keys are long alphanumeric sequences, usually 25-36 characters long. There are two types of keys: public key and private key.
Public Key
A public key, as the name implies, is meant to be shared openly, much like your checking account and routing numbers. Just as you can safely provide these banking details to facilitate direct deposits, your public key can be freely given to anyone looking to send you cryptocurrency.
Whether it’s in your email signature, on a website, or within a social media post, sharing your public key poses no immediate security risk. It’s important to note that public keys are derived mathematically from their corresponding private keys, but this process is not reversible. Sharing your public key does not grant access to withdraw funds or gain control over your account.
Private Key
Unlike public keys, your private key is your secret. You should never share it with anyone because having it means having complete control over the money in your wallet.
Some privacy-conscious crypto users won’t even share their private keys with centralised exchanges. Centralised exchanges offer custodial wallets for users to manage their keys. Conversely, self-custody wallets put you in charge of your private keys.
In crypto, your private key is a bigger deal than your crypto. The private key proves that the key’s owner has authority over the funds held at that particular address. Private keys are often encoded in hexadecimal format, making them easier for people to read and write and easily recognised by gadgets.
A private key is like a secret code for your cryptocurrency wallet. It’s made up of a bunch of random letters and numbers, kind of like a password. This key lets you do things with your crypto, like receiving it or sending it to others.
Here’s what you need to know about private keys:
- They have uppercase letters, lowercase letters, and numbers, all mixed together.
- They’re complicated because the characters are all jumbled up randomly, which makes it really hard for hackers to figure them out.
- Private keys are made by turning a passphrase into this special code.
Custodial Or Non-Custodial Wallet: What's The Basic Difference?
The fundamental contrast between custodial and non-custodial wallets is whether a third party controls your cryptocurrency. In a custodial wallet, a third party (like an exchange) manages your assets and private keys, while in a non-custodial wallet, you retain complete control over your private keys and, consequently, your cryptocurrencies.
A custodial wallet means you trust a centralised business to look after your digital assets and private keys. You don’t have to remember your keys. To send cryptocurrencies or NFTs from this wallet, you log in to your user account and provide the recipient’s address (their public key).
The wallet provider handles sending the necessary private key to complete the transactions. Examples include Binance and CoinDCX.
Non-custodial wallets are for those who want complete control and don’t want to rely on a central business. You keep all your private keys and sensitive info secure. This wallet lets you transact your crypto assets without third-party involvement or delays. Remember not to lose your keys, or you’ll lose access to your assets. Examples include Electrum and TREZOR One.
This table highlights the main distinctions between these two types of wallets.
Aspect | Custodial wallet | Non-custodial wallet |
Private Key custody | Wallet provider manages the keys. | You are in control of the keys. |
Transaction reports | May have delays. | Real-time reports, quick withdrawals. |
Anonymity | Requires user verification. | Real-time reports, quick. |
Withdrawal limits | May have limits. | Usually, no withdrawal limits. |
Account recovery | Possible with assistance. | Often impossible if you forget your keys. |
What Is A Recovery Phrase?
A recovery phrase, seed, or mnemonic phrase is a set of words generated by a cryptocurrency wallet during its initial setup. This sequence of words serves as your wallet’s backup and recovery mechanism.
Typically, a recovery phrase consists of 12, 24, or sometimes 25 words, depending on the wallet’s specification. It’s essential to emphasise that only you should be aware of and safeguard the recovery phrase.
Losing control of it can have serious consequences since anyone who possesses the recovery phrase can access your cryptocurrency holdings. If you accidentally delete or misplace your wallet without securely storing your recovery phrase, you risk losing access to your cryptocurrencies permanently.
How Does A Recovery Phrase Function?
A recovery phrase is essential for accessing your crypto wallet and funds. If you lose your device or it gets stolen, you can use the recovery phrase to set up your wallet on a new device. The recovery phrase can help you regain access if you forget your wallet’s password.
In the event of wallet software issues or corruption, the recovery phrase can be used to restore your wallet. It’s crucial to keep your recovery phrase safe and secure, as anyone who possesses it can potentially access your wallet and funds. Store it in a secure, offline location, and never share it with anyone you don’t trust.
Losing your recovery phrase can result in the permanent loss of your cryptocurrency holdings, so it should be handled with great care.
Stefan Thomas: The Man Who Lost 7,002 Bitcoins
Stefan Thomas is a former Bitcoin developer who was given 7,002 bitcoins back in the early days of Bitcoin’s existence as payment for a video he made. At the time, Bitcoin had relatively little value, and Thomas didn’t think much of it.
However, as the value of Bitcoin surged in the following years, those 7,002 Bitcoins became incredibly valuable, potentially worth hundreds of millions of dollars. But Thomas lost access to the private key needed to unlock and access those bitcoins. Thomas stored his private key on an encrypted IronKey, a specialised hardware device designed for secure storage.
However, he lost the paper containing the password to unlock the IronKey. As a result, he has been unable to access his Bitcoins for years.
Passphrases In Hardware Wallets
Passphrases enhance the security of hardware wallets by allowing users to create an additional string of characters linked to their seed phrase. Unlike a password, which accesses a recovery secret separately, a passphrase becomes an integral part of the recovery phrase itself.
Modern crypto hardware wallets usually generate a seed phrase of either 12 or 24 words. The passphrase doesn’t unlock or back up the seed phrase; it’s unlike a typical password. It’s often called the ’25th word’ of a seed phrase due to its distinct role and integration.
Benefits Of Passphrases
- Passphrases offer flexibility in using various characters, words, capitalisations, and numbers.
- They make guessing the correct ordering of 25 words much more challenging than a standard 24-word seed phrase.
- Experienced users can use passphrases to create fake wallets, confusing potential attackers.
Drawbacks Of Passphrases
- Passphrases are complex and require careful handling, as adding one generates a new key pair and wallet.
- They are case-sensitive, so even a single character change can create a new wallet.
- Losing the passphrase means losing access to the wallet, as it’s an integral part of the wallet backup.
- Precise storage and security on par with the seed phrase are essential.
What Steps Should I Take To Keep My Private Keys Safe?
Custodial Wallet Service
- Research and select a reputable custodial wallet or exchange. Look into their track record, security measures, and user reviews to ensure they are trustworthy.
- Utilise all available security features the custodial service provides, such as two-factor authentication and withdrawal limits.
- Keep an eye on your account for any suspicious activity. Report any unauthorised transactions immediately.
Custodial Wallet Service
- Do not share your private keys with anyone except your trusted family if needed.
- Always set up and securely store a recovery phrase provided by your wallet. Only share this recovery phrase with someone you trust and want to have access to your funds.
- Never take a screenshot or store your private keys or recovery phrase in digital form, including digital photos. Digital storage is vulnerable to hacking. Instead, opt for offline methods.
- Consider using a hardware wallet if you have a significant amount of cryptocurrency. These devices store your private keys offline and are highly secure. They only connect to the internet when needed to sign transactions.
- The safest way to store your recovery phrase is to write it on a physical piece of paper. Store it in a secure, undisclosed location, such as a safe or a locked drawer. Ensure that only trusted individuals know how to access it in case of an emergency.
Conclusion
Losing access to your private keys or passphrases can lead to irretrievable asset loss. This emphasises the need for careful handling and secure storage. As cryptocurrency continually gains prominence, individuals and investors must educate themselves about securing private keys and passphrase protection.
Responsible wallet management is crucial for safeguarding your cryptocurrency. Whether you use hardware, software, or other methods, prioritise security to protect your digital assets. We conclude this article, ‘Dumb Ways To Lose Money,’ by letting you know- that in the crypto world, security is not an option; it’s a necessity.
