How To Set Up A Smartphone For Cold Storage

in #bitcoin7 years ago (edited)

smartphone-cold-storage.png

While being entirely in control of your money is very empowering, such empowerment comes with inherent risks. With cryptocurrencies, it is up to you to protect your investments, thus taking the proper steps to secure your wealth is imperative. In this guide I will show you how to set up a smartphone to safely and securely store your cryptocurrencies offline and keep them out of reach of thieves and hackers.

Cold storage is where you store your private keys offline so they can’t be accessed or stolen through the internet. The most common method of storing private keys offline is with a hardware wallet, such as Trezor. While hardware wallets are the most popular method, they aren’t the only method; one alternative is a smartphone.

There are three primary reasons why you’d use a smartphone over a hardware wallet:

  1. Hardware wallets are often back ordered and aren’t always easy to get.
  2. You may already have an old smartphone laying around and don’t want to pay the money for a new device.
  3. A smartphone gives you more options, as you can install multiple wallets on it and thus store a greater variety of coins.

I will be using Android for this tutorial, but this procedure can be adapted to work on other platforms. When done, this will be a dedicated, single task device. It will be used for nothing but storing your cryptocurrencies; any other tasks performed on this device will introduce security risks.

Step 1: Prepare your phone

  • Remove the SIM card if your phone has one. You don’t want any cellular communications, only WiFi.
  • Perform a factory reset. This is typically found under Settings/Backup & Reset. This procedure wipes all personal data from the device and returns it to a factory state. Obviously back up anything you need before hand.
  • After resetting the device and connecting to your WiFi (make sure your WiFi is password protected), you will have to log in to a Google account during the setup process. Do not use an existing account. Instead, create a new account with a fake name. Save the details of the account for later. This new account is to be used for absolutely nothing but tasks related to interacting with this device. Also during setup, don’t back up your phone to Google’s servers, don’t select to stay up to date, and don’t add any billing information. When it asks you to secure your phone, choose PIN and make sure it’s at least 6 digits long; I use 10. Remember, this isn’t about convenience, it’s about security. When prompted, choose to not show notifications when the device is locked. Lastly, don’t enable any of the offered services like backups, location, bug reporting, etc.
    Once the phone is done setting up your profile, turn off data communications. On most Android phones, swipe down twice from the top of your screen to bring down your quick menu. Click on the icon for your data or cellular connection and then disable mobile data.
  • Go into Settings/Apps, swipe over to All, and uninstall or disable every app that isn’t explicitly needed for using the device for offline storage. If in doubt, leave enabled all of the apps with the green android avatar. Also leave enabled Google Play, Google Play Services, and Google Keyboard. Don’t worry, if you accidentally disable something you need, it can always be re-enabled; just make sure you’ve tested everything before you start moving the bulk of your coins to the device. It’s also a good idea to reboot your phone before moving on to the next step.
  • Go to Settings/Security. Set it to automatically lock after sleep. Enable the “Power button instantly locks” option, disable “make passwords visible”, and disallow installation of unknown sources
  • Finally, encrypt your phone. There should be an option on the Security page. It will warn you that encryption will take a long time but since there’s hardly anything installed or stored on the phone at this time, it will only take a few minutes. If the option to encrypt isn’t available, don’t use this device. If you can’t encrypt your device, your security is highly compromised and isn’t worth the risk and you’ll be better off using something else.

Step 2: Install software

  • Install a VPN client. While there are free ones available, I don’t trust them. I use and pay for Private Internet Access (PIA); they have a strong history of protecting their customers. A VPN (virtual private network) encrypts and routes all data coming and going to and from your device through a proxy server masking your IP address. If your VPN allows for it, set it up so that if the VPN loses connection, it will kill your network connection and prevent any unencrypted data from leaving your phone.
  • Install LastPass. LastPass is a free (with paid premium features) app that allows you to manage passwords and secure notes. It is a fully encrypted cloud based service that nobody can access but you, not even LastPass. Since LastPass is cloud based, you can log in to your LastPass account from any computer or device. When setting up LastPass, make sure you use a good master password and DO NOT LOSE IT. If you lose your LastPass master password YOU POTENTIALLY LOSE EVERYTHING!!! Write it down and memorize it. Do not save it as an unprotected file on your computer.
  • Install wallets. There are a number of wallets available on the Android platform, all with different features. Do NOT use a hosted wallet app such as Coinbase. Using a hosted wallet completely defeats the purpose of using your device for offline storage. When choosing your wallet, always try to choose wallets that offer a 12 word recovery phrase. If you ever lose your device or it malfunctions, you’ll need this phrase to recover your money. The wallet that suits my needs best is Coinami. It has a good interface, holds several of the coins I own, can be protected by a password, and has a 12 word recovery phrase.

Step 3: Backup your data

  • Create a new Secure Note in LastPass. Choose the Generic template and give it a name that’s not too obvious as to what it’s being used for. Make sure you check the box “Require Password Reprompt”.
  • In the Notes section, add the following information:
    • Google Account info. Enter the username, email, password, and personal info of the fake account you created earlier.
      Screen Lock PIN. This is the PIN you need to unlock the phone
    • Wallet Info. Record the name of the wallet, its password, and most importantly, the 12 word recovery phrase.
  • Enter the addresses for all of the coins in your wallet. By saving these in LastPass, you can log in to LastPass from another device and access your addresses and send money to your cold storage device without having to power it on. However, note that some wallets use what are called ‘change addresses’. Whenever you send money out of an address, it moves all of the remaining money in the originating address to a new address. If you use a wallet that uses change addresses, you will need to record the new address and key every time you send money from this wallet if you want to maintain backup redundancy. Since this is cold storage and rarely used for sending money though, you shouldn’t have to do this very often. Coinami has the option to turn this feature off.
  • Optionally, for redundancy in your backups, you may want to record your private keys as well.
  • Backup LastPass. On your computer, login to LastPass. While you can do this from the website, I recommend getting the browser plugin. Once logged in, click on Options/More Options/Advanced and choose Export. Choose the csv export option and save it to your computer (if it displays in your browser window instead of giving you the option to save a file, copy and paste the data into Notepad and then save it). If you don’t have Z-Zip, you’ll need to install it. Once you’ve done that, open 7-Zip and navigate to the the export file you saved. Select the file and click on Add. On the setup screen enter a password (I use the same password as my LastPass master password) and click ok. Now in the same location where you saved your export file will be a new encrypted .7z volume containing your exported file which can’t be accessed without a password. Save your new .7z file to a secure location. It’s a good idea to save a copy of this file on a thumbdrive or some other removable storage. Lastly, go back to the original, unencrypted export file you saved and while holding the shift key, delete the file. Holding the shift key bypasses the recycle bin and permanently deletes the file.

Step 4: Test your setup

  • On your computer or device where you access your existing currencies, log in to LastPass and search for the Secure Note you created in Step 3 and open it.
  • Copy the address of the coin you want from the Secure Note and use it to send a small amount to your address. Go back to your smartphone and open up your wallet and verify the transaction went through. Do this for all the coins you wish to store on this device.
  • Wipe your wallet and then restore it with your 12 word recovery phrase. If it restores properly and show the correct balances, you can now be confident in your setup and may start transferring your money to this device. You may need to create a new password after restoring so make sure you check on this.

Your smartphone is now fully configured for offline storage. All that’s left to do is to power down the phone, remove the battery (if possible), and store it in your safe or other secure location. It’s a also a good idea to power up the phone every once in awhile to make sure everything is still working.


Much thanks to @r0nd0n for giving my tutorial some style!!

I hope you found this tutorial to be helpful. If you did, I greatly appreciate tips!

BTC: 151tnEExNCmng1iLvU68DmrDHbgp2rcK2z
ETH: 0x31c27004c6e414e32152d7c7cf486b8ccffd9029
Dash: XfEtySqmRkyhwc79pKTUJh1wHAb1wrvMCk

Sort:  

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by r0nd0n from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, and someguy123. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you like what we're doing please upvote this comment so we can continue to build the community account that's supporting all members.

Great article! The concise descriptions and thorough instructions make it seem much less daunting than I imagined. Thank you for this great work!

Congratulations @anarcrypt! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes
Award for the number of upvotes received

Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

What if you lose your phone or it stops working? A ledger nano s (https://amzn.to/2DEUMVj) is protected against theft or losing the device. Your wallet is very important, i wouldn't be cheap about it.

I was wondering if this was possible. Thank for the info. You gained a follow!

I'm going to try this, since all the hardware wallets are on back order. Thanks!

You're welcome!

Thanks for the post! Do you know, whether this is possible on an old iPhone 4?

I've never owned an iPhone. It comes down to whether you can encrypt the phone and if you can get the wallets you need to install on the older OS.

Thanks so much for this! I am going to try it out.

Thanks for this useful information! When you said Coinami, is Coinomi Wallet? This one https://play.google.com/store/apps/details?id=com.coinomi.wallet

Great tips, thank-you so much!
Would you have any update to suggest since we are now in Jun 2019?

Coin Marketplace

STEEM 0.26
TRX 0.20
JST 0.038
BTC 95463.81
ETH 3628.72
USDT 1.00
SBD 3.79