Whether you’ve already bought Bitcoin, or you’re considering buying Bitcoin, it’s important to recognize that the process of buying, trading, and storing Bitcoin and other digital assets is complicated and full of security pitfalls for the uninitiated.[Please note: we aren’t providing investment advice in any way and are not suggesting that you should or shouldn’t invest in Bitcoin or other digital assets. As always when it comes to investing, DYOR: Do Your Own Research!]
Without further ado: here are the 15 terms you need to know to stay safe while buying, trading, or storing bitcoin and other digital assets:
- Private Keys
- Public Keys
- Wallet Address
- Bitcoin Wallet
- Cold Wallet (or, Cold Storage)
- Hardware Wallet
- Paper Wallet
- Hot Wallet
- Desktop Wallet
- Online Wallet (or, Web Wallet)
- Mobile Wallet
- Password Manager
- 2FA (or, Two-Factor Authentication)
What are Private Keys?
Private keys are the gateway to accessing (or spending) the funds associated with the public keys stored in a Bitcoin wallet.
Each private key is tied to a public key.
Important to note:
- If you have control of your private keys, you have control of the funds associated with your public keys. If you don’t have control of your private keys, you don’t have control of the funds associated with your public keys.
Ensuring that your private keys are safe and only available to you is of paramount importance.
You should always backup your private keys in a secure location. The more secure backups you have, in different secure locations, the better chances you have of never losing control of your private keys.
If someone else gains control of your private keys, they can withdraw your funds and your funds will be gone forever without any chance of recovery.
Worried someone will guess your private keys? Don’t be. The chances are higher that you wake up tomorrow with a second head than they are that someone guesses your private keys.
What are Public Keys?
Public keys are used to assign funds to someone — that someone needs the associated private keys to gain access to the funds.
Each public key is mathematically associated with a wallet address. Therefore, you use your wallet address when depositing funds into your wallet, or when someone else is trying to send you funds.
As an example of how public and private keys interact, imagine that your Bitcoin wallet is a mailbox:
- The public keys allow people (or you) to deposit mail into the mail slot. You can share your public keys (or, wallet addresses) with anyone, and the only thing they can do with it is deposit funds into your wallet.
- The private keys are what you use to unlock the entire mailbox with all the mail inside. Unless someone else has the private keys, the only thing they can do is deposit funds. If you control your private keys, you control all the funds that are associated with your public keys.
What is a Wallet Address?
A wallet address is the address you use to deposit funds into your wallet. It is also the address you give to someone else who is trying to send you funds.
A wallet address doesn’t give you access to the funds associated with your wallet.
As mentioned, each wallet address is a proxy for a public key. You can generate multiple wallet addresses, each associated with a single public and private key stored in your Bitcoin wallet—your Bitcoin wallet can hold multiple public key and private key sets.
Wallet addresses are case sensitive, and any inaccuracy in a wallet address can mean that you send your Bitcoin to an address that isn’t yours and is therefore lost forever.
Here’s an example Bitcoin wallet address: 13PWxJrvAQETTAKp3bHbHS2Gcu89bqiuJY
Always double-check that the wallet addresses you’re providing are accurate.
Important to note:
- A wallet address associated with one digital asset (e.g. Bitcoin) will not accept deposits for a different digital asset (e.g. Ethereum). If someone wants to send you Bitcoin, make sure you are providing a Bitcoin wallet address. If you want to send someone Bitcoin, make sure they are providing you with a Bitcoin wallet address. If you send Bitcoin to an Ethereum wallet address, your Bitcoin will be lost forever.
What is a Bitcoin Wallet?
A Bitcoin wallet is a collection of private keys that allow the owner to gain access to funds associated with the public keys (or, wallet addresses).
Your private keys are what allow you to gain access to, and spend, the funds associated with your public key. Your public key is how you or others can identify you and deposit funds into your account. [Remember the mailbox analogy above.]
You are responsible for keeping your private keys safe.
Important things to note:
- Many wallets use a “seed” to generate private keys. A seed is a passphrase, typically a string of random words, that acts as a gateway to your private keys. In cases where a seed is used, it is in fact the seed that needs to be protected at all costs.
- Seeds exist for your own protection. Should you lose your hardware wallet or otherwise lose access to your private keys, you can use your seed to regenerate your private keys and thus regain access to your funds.
- Seeds should not be stored anywhere connected to the internet (e.g. computer)—it is best to write down your seed and store it in an extremely secure physical location (or multiple secure locations) where only you can access it.
- Why? Because your seed can be used to regenerate your private keys and steal all of your funds.
There are two ways to store Bitcoin using a Bitcoin wallet:
- You can use cold storage, or a cold wallet—which means your Bitcoin wallet isn’t connected to the internet. This is the safest way to store Bitcoin long-term.
- Or you can use a hot wallet—which means your Bitcoin wallet is connected to the internet. This is a less safe way to store your Bitcoin long-term but is more convenient if you are constantly accessing your Bitcoin in the short-term (for trading).
What is Cold Storage, or a Cold Wallet?
Cold storage (also called a cold wallet) is when you keep your Bitcoins or other digital assets stored offline.
Cold storage is the safest way to store Bitcoin and other digital assets for long periods of time.
Examples of cold storage are hardware wallets and paper wallets.
What is a Hardware Wallet?
A hardware wallet is a device, like a USB stick, that allows you to store digital assets offline.
Hardware wallets are known to be the safest way to store your coins.
They securely store your private and public keys, and are completely controlled by you – additionally, because they are stored in a physical device, they are impossible to breach virtually. Any hacker would need access to the physical device to even attempt to break into your funds.
Even when your hardware wallet is plugged in to your computer, all the activity is happening on the actual device—that means that even if your computer is hacked, the criminal would need your physical device and your passphrase to gain access to your funds and control your private keys.
The most popular and well-regarded hardware wallet is the Ledger Nano S.
Another example of cold storage is a paper wallet.
What is a Paper Wallet?
A paper wallet is a piece of paper that holds your private and public keys (offline) and usually includes a QR code. While paper wallets are safe because they aren’t connected to the internet, there is inherent risk in having something so valuable stored on a piece of paper.
If the paper gets wet, is lost or stolen, etc. you lose access to your funds forever.
If you’re not planning to store your digital assets long-term and prefer instant access to them for trading or withdrawing, you can use a hot wallet.
What is a Hot Wallet?
A hot wallet is when you keep your Bitcoins or other digital assets stored in a wallet that is connected to the internet.
Because hot wallets are connected to the internet, they are far more vulnerable to an attack. Hot wallets are suggested for short-term holding and/or trading. It is never recommended to store a large amount of funds in a hot wallet (including exchanges).
Examples of hot wallets are desktop wallets, online or web wallets, and mobile wallets.
What is a Desktop Wallet?
A desktop wallet is a wallet you install directly onto your computer.
The private keys are stored on your hard drive, and therefore it’s critical to back up your wallet file and use strong passwords. Should anything happen to the wallet file on your desktop, be it corrupted, or otherwise compromised (via malicious software, etc.), you can use your backups to restore it to safety. Without strong passwords and backups, your funds can be lost forever.
What is an Online Wallet (also called a Web Wallet)?
Online wallets allow you to send, receive, and store Bitcoin and other digital assets directly through your web browser. While convenient, some online wallets aren’t considered to be the most secure way to store your funds.
For example, all exchanges have online wallets built-in. However convenient, those exchanges usually control your private keys and therefore ultimately control your digital assets. This isn’t the recommended way to store digital assets long-term.
On the other hand, there are online wallets like MyEtherWallet (MEW) [MEW is an Ethereum-based wallet and doesn’t support Bitcoin] that allow you to control your private keys. While this is a better alternative, it is considered safest to connect your online wallet to a hardware wallet for long-term storage.
What is a Mobile Wallet?
Mobile wallets are app-based wallets that allow you to send, receive, and store Bitcoin and other digital assets.
Mobile wallets aren’t considered the best place to store digital assets because they are tied to your mobile device, which is in constant danger of being lost, stolen, or hacked.
Like online wallets, mobile wallets exist both as extensions of an exchange (where they control your private keys) and as separate entities, like the Bread App, where you control your own keys. Again, this isn’t considered the best way to store your digital assets long-term — long-term storage should always be via hardware wallet.
What is Phishing?
Phishing is used by cyber-criminals to extract information (like a username/password combo) out of a target by spoofing an email or website. This can happen when a hacker spoofs an exchange, like Coinbase, by using a similar URL (example: coinbase.co) and then steals a user’s username and password when the user tries to login. The hacker can then use that information to gain access to the user’s account.
Another example of phishing could be an urgent email from an exchange saying that your account needs to be updated, leading to a spoofed landing page that extracts your account information. Always be wary of suspicious or urgent emails or links when you’re dealing with digital assets.
Any legitimate exchange will never ask for your password via email or any other insecure method (including the exchange’s customer support). The only place you should be inputting your password is when you are prompted to login to your account on the official website.
A good rule of thumb is to always check the ‘from’ address in a suspicious email, and to check the URL of a suspicious website (does it have ‘https’ to indicate it is secure?).
What is a Password Manager?
The basic features of a password manager include generating strong passwords for each account, and storing them securely across your devices.
When you create accounts to buy, trade, or store Bitcoin and other digital assets, you need to use unique, complex passwords for each account.
If you want to secure your sensitive accounts, using a password manager is non-negotiable.
Since human brains are incapable of remembering several 12+ character strings of letters, numbers, and symbols, it’s best to leave that task to a product built to remember passwords for you.
What is 2FA (Two-Factor Authentication)?
2FA, also known as two-factor authentication or multi-factor authentication, is a way to add an additional layer of security to your account. When you use 2FA, you are requiring a second factor of authentication on top of your password to access your account. Usually 2FA is achieved through a dedicated app on your phone, through a text message, or through an email.
We highly recommend that you use a dedicated app for 2FA, not SMS or text-based authentication. Why? A dedicated app requires a physical device (your phone) while SMS can be accessed remotely by sophisticated hackers, and is notoriously less-secure.
Any legitimate exchange will have an option to turn on 2FA. When you use 2FA, you will be prompted for not only your password, but a short code (typically consisting of six numbers) that you can access through your 2FA app. Most exchanges allow for 2FA on any login, purchase, or trade — so only you can move money or digital assets in and out of your account.
You should always use 2FA on any sensitive account, when buying Bitcoin or otherwise (ex. email, banking, social media).
What is an Exchange?
The word exchange has been mentioned quite a bit here — but what exactly is it?
An exchange is a place where you can buy and sell Bitcoin and other digital assets. An example of an exchange is Coinbase. Each exchange that you use should have it’s own unique, complex password with the added security of 2FA.
Hackers will spoof websites of popular exchanges and/or send spoofed emails pretending to be an exchange that you may use, in order to extract your password or other valuable information.
Bookmark your favorite exchanges to ensure you’re always visiting the correct site.
As a rule of thumb, it’s always better to store your digital assets in a wallet versus keeping them on an exchange. Exchanges are prone to cyber attacks and control your private keys, and therefore it is recommended to keep digital assets on an exchange only if you are planning to trade often—if you’re holding your digital assets long-term, use a wallet, or risk losing all of your funds in a breach or having your fund withdrawals/deposits suspended during times of high-volatility.
We hope you enjoyed this guide on terms to help you stay safe while buying, selling, and storing Bitcoin and other digital assets.
If you’re interested in the safety of your digital assets, we highly recommend using a password manager to secure your accounts with complex, unique passwords.