Bitcoin wallet for our clients - best options?

[columbo]

We would like to offer bitcoin wallets to our clients.
What is the best and most secure way to do this? Preferably we would not want to store the private keys of the address due to security issues but as I understand, there is no way to do this. So probably, the best way would be to secure the wallets as much as possible.
We are familiar with bitcoin-cli, blockchain.info API, PHP, Perl, databases, blockchain, 2FA, and various other APIs.

We want to achieve the following:
- client can access his / her wallet from the web or mobile apps
- client can only see and spend the funds that are on his account
- the most secure way to store the funds (basically noone should be able to access client's funds except the client, not even me as website owner or any of my developers... )

Right now, our own wallet is on a standalone server running under bitcoin core, where all outgoing ports are closed except SSH for certain IPs.

Your comments and suggestions are quite welcome. Thanks.

[dangful]

Well, what would be your wallet differs from top wallets available on the market? Any innovative advancements that suites in general, I mean that covers all features rather than switching wallets with multiple accounts...

[columbo]

Well, what would be your wallet differs from top wallets available on the market? Any innovative advancements that suites in general, I mean that covers all features rather than switching wallets with multiple accounts...

I do not quite understand your comment. It is not about differentiating, it is about best practices and security that should be used on a multi account environment. Thank you.

[mobnepal]

We want to achieve the following:
- client can access his / her wallet from the web or mobile apps
- client can only see and spend the funds that are on his account
- the most secure way to store the funds (basically noone should be able to access client's funds except the client, not even me as website owner or any of my developers... )

- Make one cross browser compatible web version and add browser side encryption feature than you can use bitaddress.org script to create bitcoin address and encrypted private key (using password entered by your client), than store that encrypted private key in your server.
- Give those encrypted private key some identifier or simply tie it up with users email so your script can identify which encrypted private key it should look at when users try to sign in.
- Now you can show balances from that address in user's dashboard and for added security you can add 2FA.
- If you want to run a profitable bitcoin wallet than set some fix fees (recommended network fee + your profit) after you will get really good number of users using your wallet on daily basis.

[crypthomonkey]

We want to achieve the following:
- client can access his / her wallet from the web or mobile apps
- client can only see and spend the funds that are on his account
- the most secure way to store the funds (basically noone should be able to access client's funds except the client, not even me as website owner or any of my developers... )

- Make one cross browser compatible web version and add browser side encryption feature than you can use bitaddress.org script to create bitcoin address and encrypted private key (using password entered by your client), than store that encrypted private key in your server.
- Give those encrypted private key some identifier or simply tie it up with users email so your script can identify which encrypted private key it should look at when users try to sign in.
- Now you can show balances from that address in user's dashboard and for added security you can add 2FA.
- If you want to run a profitable bitcoin wallet than set some fix fees (recommended network fee + your profit) after you will get really good number of users using your wallet on daily basis.

I think it's also worth adding "cold" and "hot" access

[shield132]

If you eant so much security, I wouldn't use 3rd parties like blockchain api and etc, it would be better to start everything yourself with the help of open sources.
I think blockchain.info is good example for you, as they claim they don't have access on your account but you can recover bitcoin from your lost wallet with 12 recovery words. If you want app for android and ios, you mustn't be so strickt, access must be easy like entering pin (4 number) and then access on funds.
Add some security choose option, everyone don't likes that extra security. But on very high security, add password, number verification, 2fa and second password, there will be no way to hack account.

[columbo]

We want to achieve the following:
- client can access his / her wallet from the web or mobile apps
- client can only see and spend the funds that are on his account
- the most secure way to store the funds (basically noone should be able to access client's funds except the client, not even me as website owner or any of my developers... )

- Make one cross browser compatible web version and add browser side encryption feature than you can use bitaddress.org script to create bitcoin address and encrypted private key (using password entered by your client), than store that encrypted private key in your server.
- Give those encrypted private key some identifier or simply tie it up with users email so your script can identify which encrypted private key it should look at when users try to sign in.
- Now you can show balances from that address in user's dashboard and for added security you can add 2FA.
- If you want to run a profitable bitcoin wallet than set some fix fees (recommended network fee + your profit) after you will get really good number of users using your wallet on daily basis.

Thank you. So, this way we only store the encrypted private key which can be only decrypted with the password of the user, right?
To show user balance I use the bitcoin-cli getreceivedbyaddress command, right?
What do I do if a user wants to use his address / wallet to send bitcoin to another address? Decrypt with user password the encrypted private key stored on our database and and use the importprivkey command with bitcoin-cli? Is this correct?

Thanks again.

[columbo]

If you eant so much security, I wouldn't use 3rd parties like blockchain api and etc, it would be better to start everything yourself with the help of open sources.
I think blockchain.info is good example for you, as they claim they don't have access on your account but you can recover bitcoin from your lost wallet with 12 recovery words. If you want app for android and ios, you mustn't be so strickt, access must be easy like entering pin (4 number) and then access on funds.
Add some security choose option, everyone don't likes that extra security. But on very high security, add password, number verification, 2fa and second password, there will be no way to hack account.

You are right. I prefer to use the bitcoin core. I just want to make sure that the private keys are not stored on our servers and our clients / users can access / spend their funds anytime they login using password (or password + 2FA). Currently reviewing the bitcoin-cli to securely view client funds (watch only address?) and allow ONLY the client to spend his funds while he is logged in. Still unsure about the multi user environment as multiple clients can be logged in at the same time.

Let's suppose:
- Bob has 0.5 BTC
- Alice has 0.3 BTC
- John has 1 BTC

They are all logged in at the same time.

1. How can I make sure using bitcoin-cli that Bob won't be able to spend Alice's and John's funds?
2. How can I make sure none of my employees can spend my clients' funds?

[icekream]

Can you try coinomi?

[columbo]

Can you try coinomi?

What to do with coinomi?

[blackssmith]

I Suggest Coins.ph wallet you can also download to play store for mobile IOS or Android are compatible also you can modify your security Pin code and they have a active Costumer service Good Luck and Have a Nice day