Home
Round-Ups
Card
Business
Security
Learn Bitcoin
About
Bitcoin price
Categories
Home
Securing your Bitcoins

7 Tips to Improve Your Bitcoin Wallet Security

Disponible en podcast
Share article:

Thanks to the previous articles in the series Securing your bitcoins, you now know how to keep your Bitcoin keys yourself.

In this article, we'll look at how you can further improve the security of your wallet by adopting some best practices, or by adding even more layers of security. Discover 7 ways to improve the protection of your bitcoins.

Use a hardware wallet;

The hardware wallet, also called “cold wallet”, allows you to keep the private keys of your Bitcoin wallet on a dedicated medium and not connected to the Internet.

Thanks to this type of device, you can enormously reduce the attack surface of your wallet. If you are securing large amounts of bitcoin, it is advisable to opt for this solution.

Soon, you will be able to discover a complete tutorial for setting up and using a Bitcoin hardware wallet on the Bitstack blog.

➤ Learn more about Bitcoin hardware wallets.

Set up a passphrase;

A BIP39 passphrase is an additional password added to a wallet at the level of derivation of its seed. It is an arbitrary password, chosen by the user, which derives a new cryptographic key tree.

So, if you already have a Bitcoin wallet with a 12 or 24 word recovery phrase, and you add a passphrase to it, you will have a new wallet that is different from the first one. So, if you set up a passphrase on your wallet, you must have its recovery phrase and passphrase in order to be able to recover access to the bitcoins in case of problems. The recovery phrase alone is no longer enough.

The passphrase is very useful in a bitcoin security strategy. Indeed, it can be used to respond to very different problems.

First of all, it's useful if you just want to improve the security of your wallet. Unlike other heavier devices, such as multisig (multi-signature wallet), setting up a passphrase does not require any additional investment. If your recovery phrase were to leak, it would no longer be enough to regain access to the funds.

Since it acts on the derivation of the seed from the HD wallet, passphrase can also be used to avoid “$5 wrench attacks”, i.e. physical attacks. If you are threatened to get your sentence or wallet, you can give the empty wallet derived from the sentence only. As long as the thief doesn't have access to the passphrase, he won't be able to access your bitcoins.

Moreover, passphrase can be useful in order to avoid the need for confidence in the random nature of the generation of the recovery sentence. Since it can be chosen arbitrarily, the user can perfectly control its generation.

As with any security device, passphrase is not a magic solution. It reduces the risk of theft, but it increases the risk of loss in return.

Use a multi-signature wallet (multisig);

A multi-signature wallet, colloquially called a “multisig”, is a security device that requires a defined quantity of keys to unlock each UTXO. This type of wallet makes it possible to improve the security of funds and to reduce certain risks of loss.

➤ Discover what a “UTXO” is.

For example, the most common multisig security standard is the 2/3 threshold wallet. Concretely, to spend the bitcoins in the wallet, it is necessary to have at least two keys out of the three existing ones. These keys depend on different recovery phrases, and are often hosted on different media.

This type of device can be consistent for organizations. It can also be considered to secure large amounts of bitcoin. However, I do not think that multisig is the best security solution for individuals with a reasonable amount of bitcoins.

The use of a multisig requires solid knowledge of the mechanisms involved. It generally requires a larger investment and the maintenance of additional backups. Indeed, for this type of wallet, it is absolutely essential to maintain an extended public key (xpub) backup of each factor, in addition to the various recovery phrases.

If you want to remove the single point of failure represented by your recovery phrase on a single-signature wallet, then I advise you to make several copies of it instead. To limit the risk of these additional copies being stolen, you can optionally add a BIP39 passphrase. Managing your portfolio will be much easier.

You can also think about setting up other solutions such as SeedXor, or even an established system for sharing Shamir secrets (Shamir's Secret Sharing).

Put a seal on your recovery phrase;

The recovery phrase is the most sensitive piece of information in your security strategy. Indeed, it allows you to give direct and unrestricted access to all of your private keys, and therefore, by extension, to all of your bitcoins.

This sentence plays a backup role. It allows you to regain access to your funds if you lose the support that hosts your Bitcoin wallet. It should be kept exclusively on a physical medium, i.e. on paper or metal.

Obviously, if you want to improve the resilience of your sentence backup, you should use a stainless steel backing. This helps to mitigate the risks associated with possible disasters that may occur at the storage site (fire, flood, collapse...).

If you still want to perfect your strategy, you can also add a sealing system to your sentence. The idea is to imagine a system to make sure that no one has been able to see the copy of your passphrase, without breaking the confidentiality seal. This way, you can put in place periodic verification procedures to ensure that no one has had access to it. You can also check its integrity following an exceptional event.

For example, it can be useful if you store your recovery phrase at home and regularly invite people you don't fully trust. After they leave, you can check at a glance whether your sentence is compromised or not, simply by checking the integrity of your seal.

In addition, it can be useful in case of burglary. If your home is the victim of an intrusion, all you have to do is check the seal to be sure that the thief did not take a picture of your sentence in order to steal your bitcoins.

Keep in mind that just because your sentence wasn't stolen doesn't mean no one had access to it. On the other hand, if you use a seal on your sentence, you can be confident that it is not compromised as long as you have it and its seal has not been broken.

To implement this type of strategy, you can either use specific equipment or do your own homemade sealing. Among the existing solutions on the market, I particularly appreciate those of Hodlinox. They invented a stainless steel plate system to hide the recovery phrase. Everything is held in place by a padlock that cannot be opened without breaking it. Each lock has a unique number, in order to be able to verify that the thief did not break and replaced the correct lock with an identical one. In addition, their plates are very affordable and yet, they are among the most resistant on the market. Indeed, they received the best grade in the” Metal Bitcoin Seed Storage Reviews by Jameson Lopp.

Obviously, if you only secure a small amount of bitcoins, it is probably not relevant to create such an extensive security system. However, if you are on a limited budget, you can also tinker with a system yourself. For example, it is possible to use opaque, tamper-proof plastic envelopes.

➤ Learn everything about the recovery phrase for an HD Bitcoin wallet.

Establishing and following periodic procedures;

In order to reduce the risks of theft and loss, it is very relevant to establish checklists to be carried out at regular intervals. This goes hand in hand, in particular, with the sealing advice in the previous part.

For example, you could define a few short actions to take each week to ensure that your Bitcoin security system is not compromised. These actions can be classified into different categories:

Hardware wallet;

  • Verify that you are still in possession of the hardware wallet,
  • Check that it is in working condition,
  • Check that you haven't forgotten your PIN code.

Backups;

  • Verify that you have the recovery phrase and, if applicable, the passphrase,
  • Verify that the sealing equipment has not been compromised,
  • Verify that you are in possession of the inheritance plan and that it has not been compromised.

updates;

  • Update the various software.

Then, for example, you can define other actions to be carried out every 6 months or every year:

  • Open the seal of the recovery sentence and check that it is still legible and in good condition;
  • Refresh the inheritance plan...
These checklists are examples. They must obviously be adapted to your personal situation and your expectations.

Of course, if you need to reback up your recovery phrase, passphrase, or inheritance plan, care should be taken to destroy the old backups.

Remain discreet about your security strategy;

It is important not to talk to just anyone, and to avoid publicly disseminating your own security strategy on the Internet. Be discreet about the software and hardware you use to secure your bitcoins. Also, be discreet about the location and storage medium of your recovery phrase.

Likewise, it's always best to keep information that you own bitcoin private. As with any other valuable asset, bitcoin can be the envy of malicious people.

This advice is common sense. If you had a gold bar in your cellar, you wouldn't be spreading this information anywhere. For bitcoin, it's exactly the same.

➤ Discover beginner mistakes when it comes to bitcoin self-custody.

Explore additional options on wallets;

There are plenty of additional options to use on your Bitcoin wallet in order to optimize its security. All of these options are developed at the application level, by hardware wallet companies, or wallet software developers. They represent small additional assets for modulating your own security strategy.

For example, some applications have a “stealth mode” option. It allows you to hide your Bitcoin wallet on your phone within a fake application such as a calculator, a note taking or a fake VPN.

Some hardware wallets allow you to transmit transactions between your management software and your device without connecting a wire. This ensures real isolation of the device that keeps your private keys. QR codes, or micro SD cards, are then used to transmit information. This option is called “Air Gap” in English.

Coinkite's Coldcard hardware wallets offer you even more additional options such as the ability to roll dice to generate your sentence, the separation of your seed with SeedXor, or even special options for multisigs.

I could also talk to you about the Shamir's Secret Sharing (SSS) option on Trezor devices, or about the compatibility of Ledger devices with Miniscript.

If you want to improve the security of your wallet, I advise you to stay curious, and to take an interest in all these additional options specific to each software and hardware.

Conclusion: KISS! (Keep It Simple Stupid)

There are many points on which the Bitcoin user can act to optimize the security of their wallet. The list in this article is of course not exhaustive, and complements our other articles on self-custody.

To conclude, I think it is essential to keep this adage in mind: Keep It Simple Stupid (KISS). In French, it could be translated as “keep it simple idiot.” This principle applies perfectly to the security of bitcoins. It is very important to define a strategy that is as simple as possible, based on your expectations in terms of security.

The strategy for securing a wallet is just a question of compromise between security and simplicity. Generally, if you increase the security of your wallet, you also increase its complexity, and therefore you risk losing your bitcoins yourself. On the other hand, if you simplify your strategy too much, you increase the risk of funds being stolen.

As a user, you should then be able to place this cursor according to your own situation. The elements to consider are subjective, numerous, and complex. This includes your environment, your sensitivity to risks, your budget, the total value of your bitcoins, their proportion within your assets, your technical knowledge or even your personal expectations.

Finally, I think it is essential to improve your personal knowledge of how Bitcoin works. The more you know about the workings of Bitcoin and its environment, the more you will be able to optimize your security strategy. In particular, it is important to understand the mechanisms involved in the construction of the HD wallet. This can save you a lot of problems later on.

Podcast available

Table of contents

...
Share article
Loïc Morel
Spécialiste Bitcoin
Bitcoin
Blockchain
Cryptographic keys
Confidentiality
Cryptography
Digital signature
Securing
Published on8/3/2023et mis à jour le18/9/2025
Bitstack provides its clients with articles and/or educational content on its website and application. All information is provided for informational purposes only, even if it is based on reputable and reliable sources. The articles or educational content are intended solely as general information for the reader. If you choose to invest in digital assets (Bitcoin), you must be aware of and understand the designated service and accept the associated risks.

You may also like these articles

Securing your Bitcoins
Comment configurer et utiliser la Ledger Nano S Plus ?
Securing your Bitcoins
Bitcoin recovery phrase: 12 vs. 24 words
The #1 Bitcoin savings app.
Product
Roundups
Card
What is Bitcoin
Security
Pricing
Bitstack
About
Learn Bitcoin
Business
Media & Press
News
Careers
Help
FAQ
Community
Contact us
Language
© 2025 Bitstack
Terms and conditions
Privacy
Legal agreements
Bitstack SAS, a company registered with the Aix-en-Provence Trade and Companies Register under number 899 125 090 and operating under the trade name Bitstack, is licenced as an agent of Xpollens — an electronic money institution authorized by the ACPR (CIB 16528 – RCS Nanterre no. 501586341, 110 Avenue de France, 75013 Paris) — with the Autorité de Contrôle Prudentiel et de Résolution (ACPR) under number 747088, and is also licensed as a Crypto-Assets Service Provider (CASP) with the French Financial Markets Authority (AMF) under number A2025-003 for the following activities: exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets on behalf of clients, providing custody and administration of crypto-assets on behalf of clients, and providing transfer services for crypto-assets on behalf of clients, with its registered office located at 100 impasse des Houillères, 13590 Meyreuil, France.

Investing in digital assets carries a risk of partial or total loss of the invested capital.
Past performance is not indicative of future results.
DOWNLOAD BITSTACK