Storing Small Amounts of Bitcoins
Many easy-to-use methods for storing bitcoins are handy, but they all share one fundamental weakness: A sufficiently sophisticated attacker could potentially breach the layers of security and access your bitcoins from a remote location. However, this situation is not that different from the same event happening with traditional online banking. A hacker in a remote location, whether just on the other side of town or in another country, could drain your bank account by stealing your identity and deciphering your login credentials. For example, if you access your online bank account using a laptop, a malicious program could monitor your keyboard presses (i.e., a keylogger) and steal your password. Banks remedy this weakness by implementing strict daily withdrawal limits or other measures that mitigate the impact of fraudulent access. With Bitcoin, the best mitigation strategy is to store the majority of your funds in cold storage, which cannot be accessed remotely, and to use the more convenient methods for daily spending only.
Three reliable and easy-to-use methods for sending and receiving small amounts of bitcoins are described in the following subsections:
• Online hosted wallet services
• Online personal wallet services
• Personal hot wallet
Online Hosted Wallet Services
As discussed briefly earlier in this chapter, online hosted wallet services are popular because they tend to be easy to use, and users don't typically need to know about Bitcoin's inner workings. No software installation is required; users just sign up and log in to their wallet via a website using a web browser. Online hosted wallets seem familiar because they work like most traditional financial services. For example, when you open a bank account, the service handles your money on your behalf and manages all transfers, deposits, bill payments, and security measures. The same holds true of a hosted Bitcoin wallet: Although the bitcoins are yours, they are not directly in your possession (because you do not have access to the private keys). If the wallet service provider goes bankrupt, for example, you may lose your bitcoins.
Many providers hold bitcoins on behalf of hundreds or thousands of people and have invested in significant security measures. But it's difficult to know for sure whether the service provider is secure enough if it doesn't reveal the details of its storage methods. Be cautious; if you are able to access your hosted wallet using just a username and simple password, that is a warning sign that your provider might be vulnerable to online attacks (if you can access your bitcoins easily, so can a thief). Quality wallet service providers, such as the U.S.-based company Coinbase (which also offers convenient ways to buy bitcoins; see Chapter 4) require the use of two-factor authentication for users to access their bitcoins. Two-factor authentication requires the use of a phone, or another secondary device, in addition to a username and password.
Unfortunately, because the Bitcoin world is so new, no hosted wallet provider can claim a long track record of incident-free bitcoin storage. For this reason, at this time we recommend that you do not trust any third parties with large amounts of bitcoins. Also, note that hosted wallets offer the least amount of privacy when you use bitcoins, because the provider knows who you are, the number of bitcoins you have, and all of your incoming and outgoing transactions.
Online Personal Wallet Services
Online personal wallets, like the My Wallet service provided by Blockchain .info, look and behave much like hosted wallets but with a key difference. These wallet services provide you with the tools to send and receive bit-coins, but they don't know your private key. Instead, once the website loads locally on your device, (i.e., is no longer communicating with a distant web server), you generate your private keys from a password you type in. Whenever you send someone bitcoins, a signed transaction is sent to the web server, but your password (and hence your private keys) never leave your device. Fundamentally, this means these services cannot steal your funds. In addition, if the company goes bankrupt or otherwise disappears, you are only inconvenienced temporarily and none of your bitcoins are lost.
Although just as easy to use as hosted wallets, online personal wallets place a much greater responsibility on the user. Typically, you access these wallets online via a username and password, just as you would a hosted wallet, but if you forget your password, in this case you have no recourse. Because the service providers don't know your passwords, they cannot help you recover them. If you use this method, be sure to write down your password in multiple secure places!
Online personal wallets often offer much greater privacy than hosted wallets, especially if they don't require any personally identifying information to register an account. But the service provider may keep track of usage patterns and other data that could subsequently be requested by law enforcement.
Personal Hot Wallet
Like the Electrum wallet discussed in Chapter 2, a personal hot wallet is a software program that runs on a device you own. Because no third party is needed to operate a personal hot wallet, using one maintains the spirit of decentralization that underpins Bitcoin. These programs give you complete control over your bitcoins without sacrificing convenience. However, an even greater responsibility is placed on you than if you use an online wallet service. Your private keys are saved on the same device that connects to the Internet and communicates with the Bitcoin network (the defining feature of a hot wallet); therefore, you need to be vigilant about protecting your device from malware, viruses, and other hacking attempts that could lead to theft.
Is hacker theft likely to happen to you? To become a target of an attack, you would have to keep a large amount of bitcoins in your hot wallet and have advertised this information somehow. Both conditions are not recommended! Using a personal hot wallet is like carrying a traditional physical wallet; it's unlikely that you'll get mugged, but you shouldn't keep too much cash in your wallet or wave it around just in case.
As with a physical wallet, you can lose your hot wallet. If you are storing your private keys on your computer, keep in mind that your computer might be lost, stolen, or destroyed—and the bitcoins in your hot wallet might be worth more than the computer! Fortunately, unlike a physical wallet, you can back up your Bitcoin wallet. However, be mindful of where you store your backups. You may want to avoid using cloud storage, for example.
Many personal hot wallets are available (a full discussion of the different choices is provided in Chapter 9). Electrum (electrum.org/) and Multibit (multibit.org/) are recommended. Both are open source, have been in use for many years, are available on most platforms, and are lightweight (don't require significant computer resources). The original hot wallet, Bitcoin Core (formerly Bitcoin-Qt; bitcoin.org/), requires significant computer resources to run; therefore, casual users may opt not to use it.
-  Some Bitcoin companies have a tendency to name themselves using technical jargon from the Bitcoin lexicon, which can cause confusion. The company Blockchain.info and the public ledger known as the blockchain are completely different entities.
-  Pun intended.
-  Depending on how the online personal wallet service is implemented, passwords may be recoverable, but some other critical piece of information necessary for spending bitcoins would not be. If the company can recover all of the information necessary for you to spend your bitcoins, it is in fact operating as a hosted wallet, and you are entrusting that company with your money.