LoginSignup
profile image
Stefan21
@stefan_21
5Mon·

$BTC multisig wallets and passphrase: More security for your Bitcoin🔒

Do you have your Bitcoin on a hardware wallet and not on an exchange?

-> Very good, because not your keys, not your coins!


But did you know that there are ways to further increase the security of storage beyond the hardware wallet? There are so-called multisig wallets and passphrases.


With Bitcoin, you take over the Verantwortung🛡️

Bitcoin gives you control over your own assets, but with that comes great responsibility. Unlike traditional banks, the security of your Bitcoin is solely in your hands (and that's a good thing!).


A tried and tested method of storage is hardware wallets, which store your private keys offline to protect them from hackers. But what if someone gets hold of your seed phrase or you hide it in a place that could theoretically be found by a burglar?


This is where multisig wallets and passphrases come into play. They offer additional levels of security by requiring either multiple signatures or an additional passphrase to authorize a transaction.


What are multisig wallets? 🔑🔑🔑

Multisig stands for "multiple signature". In contrast to a classic wallet, where a single signature is sufficient to carry out a transaction, a multisig wallet requires multiple signatures. This means that you need several keys to transfer Bitcoin.


Imagine you have a vault with three locks and three keys. To open the vault, you need at least two of these three keys. The advantage of this is that even if one of the keys is stolen or lost, your Bitcoin is still safe. You can store the keys in different places or even entrust them to different people, which makes the system extremely flexible. This is particularly useful if you want to secure your assets in the long term or involve several people in their management.


What is a passphrase? 🔐

A passphrase is an additional layer of security that you can add to your wallet. It works like an additional password that is required alongside the 24 recovery words (seed phrase) to access your Bitcoin.


Again, think of your wallet like a vault, and the recovery words are the key. When you add a passphrase, it's like adding another lock to the vault that requires a separate password. Without this password, no one can access the safe, even if they know the recovery words.


One of the advantages of a passphrase is that you can theoretically use a "fake" passphrase to create a "fake" wallet. This wallet could serve as a decoy (also called a "honey pot"), while the real wallet remains protected with the correct passphrase.


Example to make this clearer: You own 1 Bitcoin, have 1 hardware wallet and 1 seed. Now you could create two additional wallets, each with a different passphrase. You then move 0.9 Bitcoin to one wallet and 0.1 to the other. Should someone ever break into your home, threaten you and demand your Bitcoin, you could simply enter the password that takes you to the wallet with the 0.1 BTC. In the best case scenario, the burglar will be satisfied with the 0.1 BTC and you could save the majority of your assets.


The big disadvantage, however, is that if you forget your passphrase, you can no longer access your Bitcoin (theoretically, you can still brute force the passphrase, but that's going too far).


Difference between multisig and passphrase 🆚

Both offer additional security, but in different ways:

  • Multisig walletsThese require multiple signatures from different devices or locations to complete a transaction. This means that no single key is sufficient to access your Bitcoin. This method is particularly useful if you want to spread your assets geographically or involve multiple people in the management.
  • PassphraseA passphrase adds another layer of security that goes beyond a single device. Even if someone knows your recovery words, they can't access your Bitcoin without the passphrase. This is a good solution if you want a high level of security on a single device.


When to use what?

Multisig wallets are ideal if you manage a large amount of Bitcoin or if you have multiple stakeholders (e.g. in a company) who should have access to the wallet. If three people in a company each have one of the keys, one person can never abscond with the Bitcoin alone💨


Passphrases are easier to set up and are ideal for individuals who want an extra layer of security without using multiple devices. It's a flexible solution that can be customized for different scenarios.


I personally currently use the BitBox02 with a passphrase, but I could imagine switching to a multisig wallet in the future.


Conclusion / TL;DR 📊

Multisig wallets and passphrases each offer additional security measures in conjunction with one or more hardware wallets, which should be selected depending on your needs and application scenario. While multisig wallets are ideal for larger assets and collaborative environments, the passphrase offers a flexible and simpler way to secure your Bitcoin assets with an additional 25th word.


Consider which method is best for you and prepare well to keep your Bitcoin safe. Mistakes can be very expensive.


Here's another tip: Regardless of whether you set up a wallet with a passphrase or a multisig wallet, never send all your assets there immediately, but always make a small test transaction beforehand and check whether everything has worked.


I didn't want to get too technical in this article, I just wanted to explain the concepts as simply as possible. Accordingly, I hope that this was reasonably understandable.


If you are interested in a technical article on this or if you have any questions, please write them in the comments 👇


See you Baldrian,

Your Stefan


#bitcoin

@hero333

attachment
88
43 Comments
profile image
Nostradonkey💩@DonkeyInvestor
5Mon
Definitely a contribution for the "Best of" category 👍
16
profile image
Christian@christian
5Mon
2
profile image
Kundenservice von getquin@Kundenservice
5Mon
2
profile image
Chris@Psychedelic_Sunflower
5Mon
Thanks, I've learned something new.
2
profile image
Testo-Investor@Testo-Investor
5Mon
Discouragement much too complex, there are only desktop apps no desire for it and nothing good for mobile... at least according to my research ... passphrase good.... Can you set this up later if you have 24 words and are already working with it or do you have to create something completely new... ? I'll have to have a look at my SafePal...
1
profile image
Stefan21@stefan_21
5Mon
@Testo-Investor Passphrase can be set up afterwards. An additional wallet is then simply created. If you then enter your pin/password on the hardware wallet, you will be asked for it in the next step if the passphrase is activated.
If you do not enter anything and simply confirm, you will be taken to your original wallet with the 24 words without a passphrase. If you enter your passphrase, you will be taken to the new wallet - so it's actually quite easy :)
2
profile image
Testo-Investor@Testo-Investor
5Mon
@stefan_21 so then you have 2 wallets to manage? So you could store small values on the wallet without a pass and then the big things with a pass.... Ahhh that's why it's also called a hidden wallet..... I'll have to look into it again... of course you get completely new receiving addresses for the pass wallet, right?
profile image
Stefan21@stefan_21
5Mon
@Testo-Investor Correct.
You then have 2 completely separate wallets. Should someone ever threaten you with a gun and demand access to your Bitcoin, you can simply enter the passphrase with the small amounts on it :)
2
profile image
Testo-Investor@Testo-Investor
5Mon
1
profile image
Sam@wealth_strategist_652
2D
@stefan_21 with a lot of imagination
profile image
Ben@Bart_S
5Mon
The more complicated you make it, the more likely it is that you will end up locking yourself out. It has happened many times. So be careful with all the security measures
1
profile image
Stefan21@stefan_21
5Mon
@Bart_S absolutely. So always test with small amounts beforehand and know what you're doing. Otherwise it can be expensive :)
1
profile image
Uwe@SchlaubiSchlumpf
3Mon
Do you know what the stupid thing is about such good articles? Questions still come up months later 😄

Since my btc is slowly reaching a value where I'd like to have a hardwallet (over 3k, curse you, Trump) I've now gotten myself a bitbox for my paltry amounts.
A passphrase seems to me to be a good opportunity to distribute my seed around the world (rather than storing it with friends or relatives and keeping access in my hand via passphrase. Both redundant, of course, and locally separated.

The question: is the passphrase something that is stored in the blockchain, or does it just encrypt my seed phrase and turn it into a new one? This is how I have interpreted it so far from discussions. And is there a standard here? Or do I have to rely on Bitbox as a provider because others can't interpret the passphrase?
1
profile image
Stefan21@stefan_21
3Mon
@SchlaubiSchlumpf Servus🙋‍♂️
The BitBox was a very good choice :)

The passphrase is anchored in the BIP-39 standard and is therefore manufacturer-independent. So you don't have to worry about that.

The wallet derives an address band with associated private keys from the 24 words.

With passphrase, you can simplify this by adding the passphrase as a "secret" to the 24 words. The address band is then derived from the 24 words + secret with the corresponding private keys. Thanks to the passphrase, however, this is a completely different address band.

Thanks to the passphrase, you can use a BitBox to create an infinite number of wallets, each with a different passphrase :D

Hope that was reasonably clear🫣
1
profile image
Uwe@SchlaubiSchlumpf
3Mon
@stefan_21 I think so. This means that every BIP39 wallet should also be able to handle passphrases. I was a bit confused because I had read somewhere that different wallet manufacturers (Bitbox, Ledger, Trezor etc.) support different passphrase lengths (50, 100, 150 characters). This suggested to me that I was running the risk of not being able to get the passphrase to work with another manufacturer that uses BIP39. That would of course be a showstopper.

So that means, as I suspected, that I have actually more or less re-encrypted my private key with the additional secret, with the advantage that I can access several wallets in a very practical way?

I love the idea behind it. Including the honeypot. Even if it's probably by the time you're asked for the passphrase during the robbery that the trick is known 😂
profile image
Stefan21@stefan_21
3Mon
@SchlaubiSchlumpf Correct. Every BIP39 wallet should support the passphrase.
There is no prescribed maximum length of the passphrase in the BIP39 standard, but it is true that different wallets may have different limits.

If your passphrase is 100 characters long and you buy a new wallet that supports a maximum of 50 characters, you will not be able to recover your private keys with it.

However, these limits are so high that there should never be a problem😅 I wouldn't want to type 100 characters or more passphrase into the BitBox, for example😂
1
profile image
Uwe@SchlaubiSchlumpf
3Mon
@stefan_21 true. I wouldn't have thought of that either. I just suspected that it wasn't a real standard. But I didn't find anything about it after my first Google search. So it makes sense and I have enough input to make myself smart again with the keywords. Many thanks ❤️
1
profile image
Marcel@Lalarobo
5Mon
What happens to your Bitcoins if you suddenly die? Purely hypothetical question.
profile image
Stefan21@stefan_21
5Mon
@Lalarobo Of course, you have to take care of that yourself :)
I can only speak for myself, but I, for example, have stamped my 24 words on steel and keep them in a safe deposit box that my partner also has access to.
But that's a very good point to think about.
profile image
Marcel@Lalarobo
5Mon
Exactly. I wonder who I would have to tell. Just your partner is also risky. You can die at the same time and, if you have children, they don't know anything.
profile image
Stefan21@stefan_21
5Mon
@Lalarobo absolutely. I don't think there is "one strategy". You have to decide on a strategy that suits your personal situation. For example, you could also distribute a multi-signature wallet in the family.
But I've never really thought about it that much either :)
profile image
Testo-Investor@Testo-Investor
5Mon
@stefan_21 Please reconsider your safe deposit box. Very gross mistake! Details tomorrow in a possible post
1
profile image
Stefan21@stefan_21
5Mon
@Testo-Investor is not an optimal solution, yes... but I preferred it to hiding the thing in the cupboard at home :D Post would be great👌
profile image
Testo-Investor@Testo-Investor
5Mon
@stefan_21 but it's great how we can learn from each other on different topics. 💪💪
1
profile image
Stefan21@stefan_21
5Mon
@Testo-Investor absolut🤝
1
profile image
“Klaatu_Barada_Nikto!“@Ash
5Mon
@Testo-Investor Can you give me the link to the post so I can read through the alternatives to the safe deposit box? The Getquin search is driving me crazy right now or I'm too stupid to find the post. 😂
profile image
Testo-Investor@Testo-Investor
5Mon
@Ash moin my best I have unfortunately not written a post about this but the alternative to a bank closing day is of course a very nice, heavy solid safe, which ideally weighs around two 300 kilos and is anchored to the floor.

Costs around €1.5-2k including transportation and installation
1
profile image
“Klaatu_Barada_Nikto!“@Ash
5Mon
@Testo-Investor All right, that of course explains why I didn't find anything. 😂🔍About the safe: If I'm attacked @home and my wife and child's lives are threatened, it will only help me to a limited extent - in other words, the first thing I would do is unlock the thing and hand over everything to minimize the danger to my family. Or are you missing something?
The best protection is not to say anything about assets anyway, so as not to arouse covetousness in the first place and to prevent one person from telling the next person something and the latter then feeling compelled to drop by. 😂🤞🏼
1
View one more answer
profile image
henri_matisse@henri_matisse
4Mon
You can take a look at Vultisig. This is a project by former Thorchain founder JPTHOR and aims to do just that.
profile image
Stefan21@stefan_21
4Mon
@henri_matisse I just googled it briefly. When I read multichain and DeFi, it's already over for me :D
I'm definitely not going to trust any service provider with something like this.
Or how is that supposed to work?
profile image
T D.@T-Dax
1Mon
Please excuse the stupid question, I'm sure you've already answered it many times...which hardwallet do you recommend for beginners? As secure and uncomplicated as possible.
profile image
Stefan21@stefan_21
1Mon
@T-Dax is not a stupid question :D
I mainly use the BitBox02 Bitcoin Only Edition and am very satisfied. In my opinion, it's the best hardware wallet on the market :)

If it's too expensive for you and you want something cheaper, I would recommend the Jade from Blockstream. I also use it alongside the BitBox. It has a camera and a display and a small battery and can even be operated completely "air gapped". So you don't even have to connect it anywhere via USB cable. The big drawback is the lack of a secure chip, which prevents the seed phrase from being read on hardware wallets. The Jade solves this by the fact that you have to set a pin and can only access the seed phrase with the pin. If you enter the pin incorrectly 3 times, the data is automatically deleted.
profile image
T D.@T-Dax
1Mon
@stefan_21 Great, thank you. 150€ hardwallet for 1100 fiat is probably a bit overambitious. Do I have to sacrifice a lot of security with Jade or is that acceptable?
profile image
Stefan21@stefan_21
1Mon
@T-Dax I think Jade's pin solution is very good. So you don't have to worry about security :) the program code is completely open source - as a hardware wallet should be - and you have a display that shows you the transactions before signing, which is also very important.

When you send Bitcoin, you always have to double-check that the address the wallet shows you is the one you want to send your Bitcoin to.
If, for example, your smartphone has been hacked and you create a transaction and want to send the Bitcoin to an exchange, it could theoretically be that a virus secretly changes the receiving address.

However, you can always see the "absolute truth" on the display of the hardware wallet, which is why it is important to check it again before you release a transaction :) So just as a side note before the first hardware wallet.
Hope that was understandable😂
1
profile image
T D.@T-Dax
1Mon
@stefan_21 is super helpful. Thank you. How I then get my SATS from Binance to the hardwallet can certainly be easily understood on YouTube, right?
1
profile image
Stefan21@stefan_21
1Mon
@T-Dax the wallet generates a seed consisting of either 12 or 24 words. You must then write this down on paper and keep it safe. You can use it to restore your wallet. Your private key is derived from the words.

You can then download the Blockstream Green app, for example, and connect the Jade to it. Ultimately, you simply scan a QR code that the wallet displays. This contains the so-called XPub - a public key from which all your Bitcoin addresses are derived.

From this point on, you can press "Send" or "Receive" in the app. If you choose "Receive", one of your Bitcoin addresses will be displayed. You can simply enter this in Binance and use it to send the Bitcoin from Binance to you.

If you want to send Bitcoin, the app creates the transaction - but the hardware wallet then has to sign it. To do this, you can either connect the wallet to your cell phone via USB C or use this "air gapped" technology. A QR code is displayed in the app, which you have to scan with the Jade (contains the transaction data) and then the wallet signs the transaction and presents another QR code on the display, which you then have to scan with the app (this contains the signature generated from your private key). And once this is done, you can send the transaction.

It may all sound a little complicated - but it's actually not at all. There are certainly youtube videos and if in doubt you can also ask me :)
1
profile image
T D.@T-Dax
1Mon
@stefan_21 great. I'll order tomorrow and get to work on it in the next few days. I was contacted by scammers again today because my Binance account seems to have shown irregularities. I don't want to have to worry about that anymore. I would write to you again if I have any questions. Thank you very much, it helped me a lot!
profile image
Stefan21@stefan_21
1Mon
@T-Dax You're welcome :) Just get in touch if you have any questions. It's a reassuring feeling to have your Bitcoin safely in your own custody.
You can take a look here - I think if you order via the link from Blocktrainer, you can save another 10% or so :)
https://www.blocktrainer.de/kaufen-und-anbieter/hardware-wallets/blockstream-jade
1
Deleted User
5Mon
Comment was deleted
profile image
Stefan21@stefan_21
5Mon
@hero333 Single sig and two different passphrases - one with a smaller amount and one with a larger amount.
Deleted User
5Mon
Comment was deleted
profile image
Stefan21@stefan_21
5Mon
@hero333 I understand what you mean :D
There are 2²⁵⁶ different combinations for a private key.
This number is greater than the number of atoms in our universe. And it's extremely unlikely that you'll ever find one that has Bitcoin on it by trial and error. I'm not aware of any case where this has ever happened.
I think they will try the private keys directly and not the words. So the passphrase does not protect against this as far as I know - but a multisig wallet does :)
View one more answer
Join the conversation
Sign upLogin