While we’ve already covered what a Hardware Wallet is, today we’re going to dive much deeper into the many different advanced hardware wallet security features that are available. Sure it’s great to have a PIN that protects your funds, but these devices have a powerful computer at their core, they can do much, much more!
Contents
Passphrases & Hidden Wallets
A Passphrase (BIP-0039) is an extra, magic word (the 13th or 25th) that’s added onto the end of your 12/24 word seed phrase. They are one of the most commonly supported advanced hardware wallet security features and are supported on over 35 of the 45 different Crypto Wallets we track.
Entering in your Passphrase – which can be any word at all – generates an entirely new wallet. This wallet is totally separate to the wallet generated with just the 12/24 seed words.
The brilliance of this feature is that this Passphrase wallet remains entirely hidden until you enter in the correct Passphrase. Even if an attacker gets your seed phrase, it’s useless without your Passphrase. In essence, it’s similar to a 2-of-2 Multisig Wallet, as you must ensure you never forget either the seed phrase or your Passphrase.
If you do decide to use this feature, always make sure you craft your Passphrase to be at least 20 characters long and utterly random. This is to ensure that an attacker cannot brute force it simply by using a computer that guesses millions of combinations each second.
You should also ensure you have multiple backups of the Passphrase (as well as your seed phrase) and that at least one copy is kept off site. The seed phrase and Passphrase should also always be stored in different physical locations too.
One clever use of Passphrases is to set up a decoy wallet alongside your hidden wallet. The decoy wallet is simply the wallet generated using the normal seed phrase. This decoy wallet should have a plausible amount of funds in it, so that if an attacker forces you to open it, they can steal those funds and not think twice.
Meanwhile, your real wallet (the hidden wallet) is generated using the same seed phrase + your Passphrase. This is where you store your actual wealth, safe and sound, even if an attacker forces you to unlock your hardware wallet.
Anti Phishing & Security Words
Despite their robust design, hardware wallets can still be tampered with. In order to combat this, some manufacturers have implemented what’s called anti-phishing or security words.
These unique words are shown to you during the login process and are different for each hardware wallet. The idea is that if someone has secretly swapped out your real hardware wallet for a fake or altered one, the words displayed will be different. This instantly alerts you that’s something wrong.
Typically you input an initial login PIN, after which the security words appear on the screen. If you recognize them, proving that the device hasn’t been tampered with, you are then prompted to enter the second part of your PIN. This two-step verification process prevents you from accidentally entering in your full PIN into a compromised or fake device.
It’s recommended that your write down your anti-phishing words along side your hardware wallet PIN to ensure you don’t forget them.
Duress PINs
A duress PIN is a PIN that, when entered into your hardware wallet, will show you and any attacker a fully functioning duress wallet that’s totally separate to your real wallet. Again this duress wallet should have an appropriate amount of sacrificial funds in it for the attacker to steal.
Unlike with Passphrases, there aren’t any extra seed words you have to remember as the duress wallet is generated from the main seed words of your real wallet. Critical to the operation of a duress PIN is that it makes the hardware wallet look and operate exactly like normal.
While this can be a great way to keep your main wallet hidden during an attack, you do have to remember two different PINs. We would recommend writing both PINs down and hiding the duress PIN in a much more obvious “non-secure” location like in your top draw, filing cabinet or even a post it note.
The whole idea is to ensure the attacker can quickly and easily find your duress wallet, steal those funds, be 100% satisfied with their efforts and never return. As such, make sure the sacrificial funds you store in your duress wallet match your surroundings. For example, no thief is going to believe that someone in a million dollar house and a lambo out the front only has $1,000 in their wallet!
New to Athena Alpha? Start today!
Login Countdown Timers
The Login Countdown feature on COLDCARD hardware wallets allows you to set a timer that you have to wait for before being able to gain access to your hardware wallet.
First you login as per normal, but instead of gaining access straight away you’re presented with a countdown timer. Once the timer has expired, you’re asked to login a second time. After this second successful login you then gain access as per normal.
The timer can be set for a few minutes, right up to a full month. This can be a powerful form of protection against physical duress attacks as it makes it clear that even with you fully complying, they still won’t be able to get access to the funds immediately.
In person attacks get significantly harder the longer they continue on for. Thieves want to be in and out as quickly as possible, but if they break in and are instead met with a “1 week login countdown” then that’s an entirely different story.
Even if they want to take the hardware wallet with them, that still won’t help as you can go retrieve your backup seed phrase and sweep the funds to a new wallet before their login countdown expires.
Obviously the longer a timer you set, the longer you’ll have to wait before being able to spend your funds, but this type of feature isn’t meant for your every day wallet. It’s meant for long term savings or cold storage and is a very simple way to add a lot of protection to your stack.
Brick & Self Destruct PINs
A unique advanced hardware wallet security feature to the COLDCARD Mk4 and COLDCARD Q is the Brick Me PIN. This PIN, as the name suggests, totally destroys the hardware wallet and turns it into a useless brick.
This self destruct feature is supposed to be used if an attacker is forcing you to unlock your device. Once it’s entered in, a normal looking login countdown timer is shown on the screen. Under the hood though the device is bricked instantly.
This way you can plausibly “unlock” the device and give it to the attacker who then presumably will leave thinking it’s fully unlocked and usable. In reality they now have a completely unusable device and you can go recover your funds using a backup such as your seed phrase.
Countdown PINs
Another advanced feature that is only available on the COLDCARD line up is its countdown PIN option. Once enabled, it allows you to set a special PIN that first triggers a countdown timer. Once the countdown timer has ended a few different options can happen depending on what you setup:
- Brick: As per the Brick PIN option above, the entire device is wiped and bricked
- Final PIN: This option removes all but the final PIN attempt. You then have one and only one chance to enter in your PIN correctly and if not, the device will also be bricked
- Test Mode: Puts the hardware wallet into a test mode that doesn’t do any damage
Coinkite don’t really elaborate on what these options might be used for, but it’s possible it’s just a more configurable version of the Brick Me PIN feature. Maybe you don’t want the device to brick instantly or want it to give you one last chance before it’s destroyed.
Wipe PINs
Similar to a brick me PIN, but less destructive, the Wipe PIN does as the name suggests and totally erases all data from your device if entered. Afterwards you can still use the device again, but it’s obviously fully reset. This feature is mainly on the popular Trezor hardware wallets and during the wipe process it displays a warning that all data has been erased on the device.
One thing to keep in mind with this feature is that it tells you or any attacker that might be with you that it’s wiped the device, which could be a good or bad thing depending on the situation. Maybe the attacker takes the hint and leaves. Then again, maybe they get angry that you’ve just stuffed up their plans and takes it out on you or someone else in the house.
Even if the attacker accepts that the hardware wallet is now erased, they could just then demand you give them your backup seed phrase. As such, we see this feature as having relatively limited use cases.
MicroSD Card Login Encryption
Finally we have what Trezor calls SD Card Protection. This feature creates a randomly generated secret which is saved to a microSD card. In order for you unlock your hardware wallet, you have to not only know the PIN to it, but also have the secret on a microSD card in the hardware wallet at the same time.
During the unlock process your PIN is combined with the secret on the microSD card. Once combined it’s then able to decrypt the device and login as per normal. This way no one can access your device unless they have the microSD card, making it kind of like an old school physical key that you have to use to unlock your device.
Endless Possibilities
While not all of these advanced features are available on all hardware wallets, many of the top devices have at least one or two of them. The clear stand out is the COLDCARD Mk4 and COLDCARD Q which both have a whole host of advanced features in their settings menu.
This was a big part of what we loved about the Mk4 when we reviewed it as it allows a huge range of possible setups. No matter what your threat profile is, there’s a hardware wallet available that can help better secure your funds, even more so if you combine them in a Multisig Wallet.
