Special Mention: The Bitcoin Hardware Wallet
The hardware wallet is a relatively new Bitcoin storage method. It is a small device that fits in your pocket and stores your private keys in such a way that no one can extract them from the device. The hardware wallet acts as the offline computer in the previously mentioned offline transaction-signing method, but it is more convenient because you can plug it into your online computer. Your bitcoins are never at risk, even if you have viruses on your online computer. When you click send bitcoins in your Bitcoin wallet software on the online computer, you then need to confirm the transaction on the hardware device—usually by pressing a button. The hardware wallet uses the internally stored private keys to sign a transaction, which is then sent to the online computer.
This method is almost as convenient as using the personal hot wallet, but it is more secure because it is impossible for your private keys to be exposed to the Internet. Your bitcoins on the device will always be in cold storage. One downside to this method is that you need to purchase a piece of hardware, as opposed to just downloading a free open source program. Another disadvantage of using your hardware wallet is that you can lose it, which might result in lost bitcoins (although some hardware wallets provide ways to back up your bitcoins). Although the hardware wallet is an excellent combination of convenience and security, you might not want to rely on one to store your bitcoins for decades, because no data is yet available on the lifetime or durability of such devices.
One brand of hardware wallet that has received a lot of attention is Trezor (bitcointrezor.com/]. We find the Trezor hardware wallet to be an excellent, relatively easy-to-use use device, but because Trezor devices are new, there is still the possibility that a bug or security flaw is yet to be discovered (as is true, in principle, of Bitcoin itself).
Created by SatoshiLabs, the Trezor (see Figure 3-2) is a small device that "stores your bitcoins" (that is, it stores your private keys). When you want to spend your bitcoins, you use a USB cable to plug the Trezor into a laptop. It doesn't have to be your own laptop; you can use a complete stranger's laptop and still safely spend your bitcoins. This is, perhaps, the defining feature of the Trezor: It doesn't require you to trust the laptop that you plug it into. This is helpful if you're traveling and don't have your own laptop with you: You can use any computer at your destination. Since most bitcoins are stolen by exploiting security holes in smartphones and laptops, using the Trezor dramatically cuts down on the risk of Bitcoin theft. So how does it work?
Figure 3-2: The Trezor device
Smartphones and laptops are also devices that can store private keys, but unlike the Trezor, they treat those keys like any other data, i.e., as information that can be viewed, copied, or modified. Viruses on a laptop can search for the private key data, copy them, and broadcast them to a remote server, leading to stolen bitcoins. The Trezor, on the other hand, never allows the private key data to be viewed or copied by you or a virus. Instead, when you want to spend bitcoins, it uses its internal private keys to sign a transaction that it then gives you. The Trezor is like a paranoid chef who will never reveal his secret recipe but will cook for you anytime you want.
Configuring the Trezor is slightly laborious (it may take 5-10 minutes for beginners), but this does not need to be done more than once.
1. Plug the Trezor into your laptop.
2. Visit https://mytrezor.com/ Install the necessary plugins so that your laptop knows how to communicate with the Trezor. You may need to restart your browser to continue once the plugins are installed.
3. Navigate to https://mytrezor.com/ again. The website will recognize that your Trezor has not been configured yet and will ask you to give your device a unique name. Enter a name and click Continue.
4. Enter a new PIN using your laptop.
5. Enter the PIN again to verify you did not make a mistake in the previous step.
6. The Trezor device will now display a recovery seed so that you can recover your bitcoins in case you lose your device. This is the only time that the Trezor will ever reveal (indirectly) its private keys (they are derived from the seed). Once the configuration process is done, the private keys can never again be viewed or accessed. Write down the recovery seed on a piece of paper (or two), and store it in a safe place.
7. Congratulations, you are ready to use your Trezor! If you have bitcoins stored elsewhere, you can send them to your Trezor by clicking Account 4 Receive to find a receiving Bitcoin address.
Operating the Trezor is much simpler:
1. Plug the Trezor into a laptop.
2. Open a Bitcoin wallet program on the laptop that is configured to work with the Trezor (or visit https://mytrezor.com/ a website created by SatoshiLabs designed specifically for Trezor users).
3. On the laptop, choose how many bitcoins you want to spend and where you want to send them. Click Send.
4. The Trezor will ask you to enter your PIN. (This is to prevent someone from being able to steal your Trezor and spend your bitcoins.) Enter your PIN using the laptop.
5. The Trezor will display the transaction details. Press the corresponding button on the Trezor to confirm (or the other button to deny) the transaction. The Trezor will now create a signed Bitcoin transaction and send it to the laptop.
6. The laptop automatically broadcasts the transaction to the Bitcoin network. Your bitcoins have been sent!
These steps take only a minute to carry out and are quite convenient for tasks like online shopping (the Trezor was not designed, however, to be used at a point-of-sale terminal like the cash register at a coffee shop).
The Trezor also supports advanced features, such as the use of passwords (in addition to the PIN) and hierarchical deterministic wallets for multiple accounts. These features are more than we can cover in this little box, but you are encouraged to check out the Trezor website (bitcoin-trezor.com/) for more details. At the time of this writing, the Trezor is selling for about $120, but you can pay only with bitcoins.