Dependent Light Wallets Gives users access to their private keys and does the cryptographic work on the client side, so nothing sensitive is being done on a server somewhere; but they are still dependent because once all the work is done on the client side, there is still a series of centralized servers used to broadcast transactions to the blockchain node being run by that wallet. This can make users more vulnerable if that company's node goes down, or that cryptocurrency’s network is congested. Examples are Electrum, Mycelium, MyEtherWallet, Jaxx.
Independent Light Wallets Private keys, cryptography, AND connection to the network, is handled on the client-side; no intermediary server. Use Simple Payment Verification (SPV), which makes these wallets more lightweight by only downloading the headers of the blockchain, which is much less than the full transaction, and entire transactions history, thus making a lot less network traffic to facilitate. Examples include Multibit, Armory, and Breadwallet.
-------- HOT STORAGE WALLETS Security- low Convenience- high Description- good for more short-run investors, because it stores funds online, thus it's quicker to access your funds. Includes online/cloud, mobile, and desktop wallet types. Examples are Bread, Mycelium, Exodus, Copay (by Bitpay), Jaxx and Armory.
Online/Cloud Wallets Security- low Convenience- high Description- hot wallets that run on the cloud and are accessible from any computing device, in any location. While they are more convenient to access, online wallets store your private keys online and are controlled by a third party which makes them more vulnerable to hacking attacks and theft. Storing your funds on an exchange does not give you access to your own private keys. Your are at the mercy of that exchange's security.
Mobile Wallets Security- low, depending on the wallet and level of security on your device Convenience- high Description- usually hot storage, that runs on an app on the user’s phone and is useful because they can be used anywhere including retail stores. Mobile wallets are usually much smaller and simpler than desktop wallets because of the limited space available on a mobile.
Desktop Wallets Security- medium, unless your desktop is compromised Convenience- medium Description- downloaded and installed on a PC or laptop. They are only accessible from the single computer in which they are downloaded. Desktop wallets offer high levels of security, unless your computer is hacked or gets a virus.
-------- COLD STORAGE WALLETS Security- medium-high Convenience- usually low Description- offline storage. You are the custodian of your wallet; not leaving it up to an exchange to secure your funds. Usually safer than hot storage wallets, because there are fewer access points for hackers when your funds are not online. Good for more long-term investors, because it stores your funds offline, thus it can take a little longer to access your funds. Examples are Ledger, Trezor, KeepKey, Mycelium, Armory, USB drive, paper.
Hardware Wallets Security- medium-high Convenience- medium Description- form of cold storage. Keys and funds are stored offline. Cryptographic work; signing of transactions, is often done on the device itself, then the computer is only used to broadcast to, and interact with, the blockchain network. Some hardware wallets can interact with independent light clients (Electrum). Private keys are disconnected from your computer. Differ from software wallets in that they store a user’s private keys on a hardware device like a USB. Although hardware wallets make transactions online, they are stored offline which delivers increased security. Hardware wallets can be compatible with several web interfaces and can support different currencies.
Paper Wallets Security- high Convenience- low Description- offline, cold storage. You can send money to the address, without the address having to be online. Use a (preferably air gapped) tool to generate a public and private key pair (like with any wallet), but instead of being stored in a database, you print the public and private keys onto a piece of paper; often done in QR representation. In the future, you can scan the code, or enter the keys into a computer, and recover the funds in the paper wallet. Easy to use and provide a very high level of security. Transferring Bitcoin or any other currency to your paper wallet is accomplished by the transfer of funds from your software wallet to the public address shown on your paper wallet. Alternatively, if you want to withdraw or spend currency, all you need to do is transfer funds from your paper wallet to your software wallet. This process, often referred to as “sweeping”,’ can either be done manually by entering (importing) your private key or by scanning the private key QR code on the paper wallet, into the other wallet you now want to use. Example wallet generators are walletgenerator.net and bitaddress.org.
Cryptography Behind The Wallets-
Personal Security Info.
Why It’s Important:
You are storing value in places that are not as regulated and insured as traditional banks or investment houses.
How To Protect Yourself:
Strong passwords. Make them obscure to avoid dictionary, word list, and rainbow table attacks; or social engineering phishing, shoulder surfer hacks. Use passwords on your device, in case it is compromised. Protect any login info that may be stored on your device. Consider using fingerprint.
Use good, old fashioned pen and paper to store your login info, wallet ids, and other sensitive info. Due to vulnerability of paper, you may also want to store a backup.
Use 2 Factor Authentication “2FA”. When a separate passcode is sent to another trusted device to confirm it's actually you who is attempting to access your account. 2FA can also use an app on your phone to generate numbers that change every 20ish seconds. Use these numbers as further authentication that it's actually you trying to access your accounts. Make sure to backup your 2FA account (usually with QR code), in case you lose your phone. Examples are Google Authenticator and Authy.
Create a passphrase or PIN number with your cell carrier, to verify it’s you making any account changes. Otherwise, a hacker can call your carrier, pretending to be you, and have a new SIM card issued to them, upon which they steal all your account info. You can also avoid this SIM card hack by not handling your online banking and trading, from your phone. This can also be avoided by not handing out your phone number to people you don’t trust.
Don’t give out your personal info, publicly; name, d.o.b, location, trading habits etc. This info can be used to process hacks on your login info for exchanges and investment products you use. If you are involved in social media, keep your identity and trading practices as secret as possible. Talking about your investment amounts can make you a bigger target for hackers.
Be educated; minimize user error. How to effectively trade and transfer crypto is often misunderstood. Research "how to" use whatever platform you are on. Only process small amounts of funds to verify that the system is working, before you process large amounts.
Update your programs. Keeping your wallet, antivirus, and relevant software updated is important to ensure that you are running the latest and greatest options for protection.
Strong virus and malware protection. This makes sure there are no malicious programs running on your machine, that may be used to compromise your info and/or fund. Examples of protection include Avast, AVG, Bitdefender, Malwarebytes, and SpyBot.
Protect yourself from keystroke loggers. This can be done by using on screen keyboards, or keyboard encryption tools, like KeyScrambler.
Create a crypto-only email account, this way your username login credential isn’t easily known. Use a service that prioritizes security and privacy.
Verify URL accuracy and accuracy of any downloaded wallets. Hackers can redirect you to another (similar-looking) web page, or have you download a scam wallet, to steal your login credentials and compromise your funds. Bookmark accurate URLs, and use these bookmarks to access web pages. Don't click on links to login from an email (could be phishing attempt). Sometimes best to type the site into a Google search, and make sure that the search results that populate first, are the accurate sites.
Legacy planning. If you were dead or MIA, you wouldn't want your funds to be inaccessible to loved ones. Go over recovery instructions with those who need to recover funds, in case of your death or incapacity.