There has been much debate on how to store your Nano safely. We will go over a few ways to store you coins safely, along with some ways which you should not store your coins. If you already have a wallet or private / public key set up and just want to know how to store it, please see the bottom of this article starting at the section on Multi-Sig Encryption.
Storing on an Exchange
After the BitGrail (MtGox 2.0) apocalypse, it should go without saying that you should not keep any of your coins on an exchange. Unfortunately, it doesn’t go without saying because many people are still storing their coin in an exchange.
“But Binance is still reputable,” some might say. Even the most rigorously designed and hardened system can still be hacked. Binance, practically being the largest crypto exchange, has a tremendously large target on its back. Malicious actors are likely attempting to hack their servers everyday, unlike most users’ wallets.
Do not store on an exchange. If you do, don’t complain if end up losing some coins. There are much more convenient, secure ways to store your Nano.
Storing on a Web Wallet
This option, in terms of safety, is certainly better than storing on an exchange, but definitely not as good as offline storage. NanoWallet.io and NanoVault‘s web wallet are the options currently available.
I recommend this as a spending wallet where you keep relatively small amounts there if you need to spend your Nano or send to an exchange conveniently.
NanoWallet is open-source and they do not store your private keys as it is encrypted before going to their server, although they require an email to register. While this sounds good, there is still a potential and incentive for a hacker to get access to their server and change their code in order steal everyone’s funds. There have also been phishing sites with similar domains that steal people’s coins from NanoWallet, so be sure the URL (https://nanowallet.io) is correct.
Nanovault does not store any user data, as all your data and actions from the wallet is performed client-side. You will still need to store your recovery seed, so please refer the bottom of this article on Storing Your Wallet’s Seed / Multi-Sig Encryption.
Storing on a Desktop or Mobile Wallet
A desktop wallet is somewhat safer than a web-wallet, however, it is still not ideal for storing especially large amounts. Similar to web-wallets, desktop wallets can make great spending accounts if you need your wallet to be online often. If you want your funds to be secured on a desktop wallet, having a password to encrypt it is a must. Make your password long and complex. Importantly, having upper+lowercase letters and at least 1 number and 1 special character makes it significantly more secure, and thus more difficult for an attacker to brute force. Passwords less than 10-20 characters without any numbers or special characters can be easily brute-forced with the right amount of computational power by a anyone with a modern GPU.
As for the mobile wallet, I would recommend against it for now, unless you really need the convenience and don’t mind the extra security risks. Do not store the bulk of your funds in a mobile wallet. Nano’s iOS and Android wallets are still in beta, and there have been some bugs reported. I would recommend waiting until the official mobile wallet is finished before using it.
Additionally, NanoVault has a desktop wallet. It is open-sourced, cross-platform, and built with security in mind. It also has an encryption feature which is required. Remember, you’re only as safe as your weakest link; in this case, it is the password.
Hardware Wallets: Ledger Nano or Trezor
Both hardware wallets have not yet implemented Nano into their firmware. This is a very secure method of storage, so I would highly recommend getting one when Nano is implemented into those wallets. Note that as far as durability goes, the Ledger is made out of stainless steel casing while the Trezor is made out of plastic, so I would go for the Ledger if you want that extra durability.
Offline / Cold Storage
This is the best option currently available for storing the bulk of your Nano. Please see our Nano Paper Wallet Guide for detailed information on how to generate your private key and address, which can be used to store your Nano. Once you have done so, see the section below on encrypting and storing your wallet’s private keys/seed.
Multi-Sig has traditionally been used with PGP, but our guide will go through a very similar method called Shamir’s Secret Sharing Scheme. You can easily use this encryption by going to the URL below. I have verified that no information is sent back to their server, but I’d recommend disconnecting from the Internet while doing so if you want to be safe.
How it works is, you enter the wallet’s seed. It will split the private key up into your chosen amount of “secrets,” which are essentially encrypted jargon that will later be used to decrypt into your wallet seed. You then choose how many of those secrets are required to decrypt into your wallets seed.
Example) If you split into a total of 3 secrets and require 2 in order to decrypt, you will then be able to use any 2 of those 3 secrets in order to decrypt it into the message, which will be your wallet’s keys/seed in this case.
Once you have done this, it’s time to safely store your secrets!
Storing Your Wallet’s Seed
For all of the methods listed above, aside from storing on an exchange (you do not own the keys when you use an exchange), keeping backups of your recovery seed or mnemonics is a must.
If you chose encrypting your seed with Shamir’s Secret Sharing Scheme, let’s say you used 2-of-3 encryption: you will want to store your keys in separate physical and/or digital locations with no more than 3 (or the amount chosen required to decrypt) within the same proximity. I recommend storing at separate locations as a precaution because if one location becomes compromised, such as your house, then the attacker (be it a burglar or a fire) has the potential to take away access to your keys. If they’re stored separately, then you will retain access to your funds in case of such a compromise. Here’s an example of a 2-of-3 setup.
- Secret 1- Printed on paper. Kept in a relatively safe spot at your home. An extra copy is made on a USB that’s also at your home.
- Secret 2- Printed on paper. Given to the most trusted person in your family/life who doesn’t live at your home. Alternatively, you can keep in a bank safe or other secure location.
- Secret 3- Copy put on Google Drive and an extra on Dropbox (optionally). You can use other alternative cloud providers if you do not agree with the privacy practices of Google or Dropbox.
- Note: Do not keep the majority of your secrets (e.g. 2/3 or 3/5) on the same cloud provider. If you do so, that is no better than keeping it in plain text on the cloud provider.
For extra security, you can do a 3-of-5 setup. I would highly recommend implementing these keys/secrets, or the location of these keys/secrets, in your final will. I am not a lawyer or legal expert, so I can’t offer much information on last wills; however, I know enough to highly advise setting one up. Our time on Earth is both precious and scarce.
If you choose not to use encryption, I would recommend storing it in 2 of the safest places you can think of. For example, one in a bank safe and another in your own locked fireproof safe.
Alternative Ways to Store Funds
There are other ways which I haven’t mentioned yet. They do have some drawbacks.
- Private key engraved in steel plate. A company called Cryptosteel sells these ranging from $80 to $200 The benefit is that these steel plates are indestructible and can easily be passed on to your family or loved ones. The largest downsides include the potential to be lost or stolen, along with the hefty expense. You can buy a Nano Ledger S or Trezor for the same price range if you don’t mind waiting for the implementation.
- AES encrypted backups. You can use a strong encryption algorithm like AES that utilizes a strong password, then store multiple backups of it. The issue with this is that your backup will only be as strong as your password. Ideally, it will be quite a long and complex password; which brings up the problem of being able to memorize it. If you’re able to memorize the password, then you won’t be able to pass your keys down to your family when your time comes, unless you store the password in plain-text somewhere.
- Plain-text. The number of places where you can store your keys in plain text without compromising on security is limited. If storing in plain-text is a must, using something like Cryptosteel, a fireproof safe, and/or a bank safe would be the only methods I’d utilize.