Why not a Trezor?
I was on the fence with the Ledger Nano S and the Trezor for a while, I ended up going with a Ledger Nano S. The Trezor is a really popular device, but the Ledger Nano S seems to have better recommendations. I know not everyone will agree with this, but I think you are good to go either choice. The deciding factor for me was the previous exploit with Trezor where anyone can not only see your bitcoins but can actually steal them inside of 15 seconds just by having physical access to the device. I know every device can have vulnerabilities, but that was just too huge. It was patched in version 1.5.2.
The other deciding factor is it showed up for a brief second at $75 USD on Amazon Prime, they range from $75 USD to $300 on Amazon and frequently out of stock at anything sub $100. At $75 they are roughly the same price as shipping from Ledger directly after you factor in Euro conversion and the crazy shipping rates from Paris. I’m keeping an eye out for when another one is available.
I still want to try a Trezor and will try to get a hold of one to compare them. They are very popular, likely for a reason. I just have a hard time getting over how bad that previous exploit was.
At some point in your life, when your shit coins mature you should consider getting a hardware wallet for cold storage. Before I go further, let me explain the difference between cold storage and a hot wallet and why this is important.
A hot wallet is similar to the wallet in your back pocket or in your purse. You use it for day to day activity and has enough spending money to handle anything you may need in the next few days or even a month. If you lost anything stored here, you wouldn’t miss your mortgage payment. Meta mask for Ethereum and Bread Wallet for Bitcoin are good examples of hot wallets.
Cold storage is what paper, hardware, and air-gap wallets try to solve. These wallets are designed for long term storage and/or highest levels of security. As a shit coin connoisseur I have to be my own bank. I am not protected by FDIC for $250,000 per account. If someone gains access to the keys to your wallet, hacks the Exchange your coins are stored on, or the Exchange decides to freeze your account, all your shit coins are gone. If you don’t own the keys, you don’t own the shit coins.
A simple solution for cold storage is a paper wallet, printing out the 12-24 seed words required to unlock your wallet. A paper wallet doesn’t need to be paper, a popular option is a Steel wallet holding your seed words that can survive a fire. A paper wallet is an extremely secure method of securing your coins from all methods of attach except for physical access. If the paper wallet is lost, so are all your funds. Another advantage of a paper wallet is you can set it up right now and have it ready in five to ten minutes.
An air-gap wallet is a machine or mobile device without Internet connectivity that is used to sign transactions but has no network connection. If you ever watched Battlestar Galatica, they used an air-gap network to prevent the Cylon’s from compromising their network. There are wallets that can work in offline mode to sign transactions which later can be transfered via USB stick or other physical means. The important thing with an air-gap wallet is that the keys never leave the device, and they are never available on a networked device.
Hardware wallets are likely the most popular cold storage devices, but I’d question that claim as paper wallets are very popular. Hardware wallets act like an air-gap wallet where the keys never leave the device, and it is used to sign transactions via USB port connected to a hardware device.
The hardware devices are secure devices with very little interface to the real world. They typically have a small screen and two buttons and that is it. The only purpose of the screen and buttons is to enter your private pin and to select which wallet you want to access. The pin is the only way to access your funds once the device is initialized with the seed words. With a hardware wallet, you still have the physical access security concerns that come with a paper wallet. If anyone can read the seed words, they can access your wallet and ultimately your tokens.
A hardware wallet offers a little better security than a paper wallet as the seed words are not required once you initialize the device. You only need them if you have to recover your wallet or replace your hardware device. Day to day use only requires your pin, which should be something you remember and don’t need to write down for daily use. This minimizes the amount of times your seed words are exposed to any third party.
Hardware wallet is only for Bitcoin right?
No, you can store quite a few coins in a single hardware wallet using a single set of seed words and accessed via your one pin code. At this time, the Ledger Nano S supports all the following tokens:
- Bitcoin Gold
- Bitcoin Cash
As you can see, the device can store a ton of different coins and more are added on a regular basis via hardware updates.
One limitation I noticed immediately with the Ledger Nano S is you can only have 4 apps installed. Each app represents another wallet, like Bitcoin, Etherum, Bitcoin Cash, and ZCash are my current selections. It only takes 5 seconds to remove and add a different application, but it is annoying. Your coins are still safe, it is just a convenience thing. The limitation on the Trezor seems to be much higher and may end up being a deal breaker for me. At minimum I would like access to Bitcoin, Bitcoin Cash, Litecoin, Ethereum, and ZCash.
One big advantage of a hardware wallet is you can use it as a Fido U2F device. U2F is a universal two factor hardware device. For example Google allows you to use a Fido U2F as a backup second factor authentication if you are unable to access your Google Authenticator device or as the primary second factor if you don’t need to use devices that don’t support hardware USB devices.
This is a huge advantage as Google Authenticator has no backup and if your phone is lost, stolen, corrupt, broken you can be locked out of all accounts that use it as a second factor. I believe there is going to be a large amount of users very pissed when their device is lost, stolen, or broken and they lose access to all accounts secured by Google Authenticator. There is no recover option outside of using backup codes for every service you use two factor with. You can also use these devices to with SSH and PGP encryption, although I don’t think many do this.
What if I lose my hardware wallet?
Both the Ledger Nano S and Trezor are able to be recovered via the seed keys, either with another Ledger Nano S or Trezor, or any software wallet that support BIP39/BIP44. In fact, you can restore a Ledger Nano S to a Trezor device and vice versa.