How to keep your crypto investments safe without trusting even yourself

One of the biggest challenges with mainstream cryptocurrency adoption is that people who own the currencies need to be personally 100% responsible for the safekeeping of their money. Traditionally this has been the responsibility of the banks, credit card companies etc. Of course there are similar choices with crypto, but as we yet again saw with the Bitfinex hack, trusting third parties might not be a good idea. So, how can you keep your investment safe, without having to trust anyone?

Before we go deeper into the subject, I would like to point out that Steem is a bit of a special case to these instructions. I thought I would write a separate guide for Steem, but as the developers are doing radical rethinking and things are developing so rapidly, it would probably be outdated as soon as I'd write it. This post is directly applicable for Bitcoin, Ether and other such cryptocurrencies, and you can still easily use the same principles to secure your Steem keys (especially the owner key).

What are the risks?

Bitcoin is the most widely used cryptocurrency, and when we look its history of threats (these are the same with almost any crypto), there are a couple of threat categories.

1. Third party risk (Mt. Gox, Bitfinex and a long list of other
   hacked or unreliable storage services)
2. Insufficient computer security (the funds get stolen from your own computer)
3. Human error (forgotten passwords, lost wallets and keys)

Categories 2 and 3 are something that average people may not be used to handling properly, because when it comes to regular fiat money (dollars and euros) those risks are mostly handled by banks. Fortunately even with crypto, anyone can take care of these issues by following this guide.

Reliably handling category 2 risks used to require advanced computer skills up until a few years ago. Then we started to see easy-to-use commercial solutions emerge: the hardware wallets. They keep your private keys (cryptographic signatures needed to move the money) offline, while still allowing you to use your money online. This is important, because the single biggest threat comes from the Internet. When the hackers can't get to your wallet remotely, you've essentially eliminated the online hacking threat.

You still have the human errors to account for. This is also important for a reason not many people think of: What happens to your money if something happens to you? In case of traditional money it wouldn't be lost because your bank would give it to your family (or people defined in your will). With crypto, what happens without special precautions is simply that the money is lost with its owner. There are ways around this too.

What to do?

First things first: your safest option is to buy a hardware wallet. There are also software solutions that are free, but as they require more expertise, I won't cover them in this post. Recommended hardware products are Trezor and Ledger Wallet. I use Ledger myself.

You might think that when you get your product, your worries would be over. Unfortunately I've found that at least with Ledger Wallet this is not exactly so. While the private keys are held on the device, it is strongly advised not to trust only the physical device. They can break or be lost. That's why you need to back up the wallet to paper (you are guided through the simple paper backup when initializing the device, but as I try to present in this guide, it is not quite enough). The thing with paper backups is that they are easily perishable, and you don't want your money to just vanish. So what you need to do is back up your backup.

This brings us to another challenge: the backups are actually an added security risk (yes, there is a way around this too, if you'll bear with me :)

The challenge with paper backups and how to solve it

At least with Ledger wallets standard instructions the paper backup is fully written on one piece of paper/cardboard that comes with the package. What happens if someone you don't trust (such as an educated burglar) finds this piece of paper? Well, they can input the data on any wallet software that uses the same BIP-protocols, get full access to your funds and the private key, and steal your money. Not good. How do we solve this dilemma?

The answer is to divide the information to separate locations. Depending on the security level and the level of your paranoia (remember, you're not paranoid if they're really after you), you can do this in a couple of different ways. The most obvious solution is to divide the backup into two pieces. In Ledger the default backup mode is to have 24 words, that together in the right order define the wallet. If you write words 1-12 on one paper and words 13-24 on another one (and keep them in separate locations), you've essentially eliminated this "accidental information leakage" risk.

Information security is always a trade-off between ease of use and strongest possible security. That is the case also here, and fortunately it is easy to set things up according to your own situation and preference. The challenge with dividing the backup in two is that while you've increased security, you have also doubled the risk of information getting accidentally lost. The remedy for this is to add redundancy by having a 2-of-3 backup. In our case of 24 words per backup, you would take 3 papers. One the first paper you'd write words 1-16, on the other one words 9-24, and on the third one words 1-8 and 17-24. This way, whichever two papers you have, you can always restore your wallet. And of course you can add even further redundancy by just having identical copies of each paper, such as 2-of-3 X 2 = 6 papers.

That's the basic idea how to handle paper backups safely and securely. Of course you can modify this in whatever way you want: to be super secure, divide the backup in 6 parts with 4 words per paper, and take the papers to different continents (remember to find remote caves and draw a treasure map, where X marks the spots).

Don't rely too much on your memory

The treasure map brings me to my final point, which is to have a list of your backup locations. When I first tried this tactic in practice, I thought it would be easy to remember where I took the backups. Well, it was only six months later that I started to be a bit unsure where I had only planned to take the papers, and where I had actually stored them... but then again, I didn't have to try to remember for long, because I had the list of locations (in my Dropbox, encrypted with Truecrypt). If you go with these instructions, do yourself a favor and make the list. It's one less thing to worry about.

Advanced version of this backup tactic (that I haven't tried to implement yet) might include a dead man's switch that would monitor if you periodically press a button indicating that you're alive and well. If not, it could email the location list and these instructions to your family, lawyer or trusted friends. This is something that smart contract technology would be well suited for. Non-technological version would be to just include this information in your will, but that's not nearly as cool :P

Recap:

1. Get a hardware wallet
2. Make the paper backups and divide the information on more than one paper
3. Store the papers in secure locations
4. Make a list of backup locations so you don't have to remember where you hid them
5. Rest easy knowing that your investment is safe

If you liked this post, please upvote and follow me. I'll be writing more stuff related to cryptocurrencies in the future :). And please share your own methods of keeping your cryptocurrencies safe in the comments!