Which is best Bitcoin wallet? Other than hardware

[Lucius]

coinfunda, since you ask for long term holding this should mean that you have or want to buy some bitcoin and forget on it for few years. I am not sure why the hardware wallet is not option, but I guess it is because of price. Although the prices have dropped fairly in comparison to a year ago or two, for some users even $50 is still too expensive. But if you invest a few hundred dollars in BTC, investment of $50 in security should not be a problem.

If you still want some solution for free, any desktop wallet will serve the purpose, you only need to pay attention what you downloading and from where. Most wallets are safe, but problems is in users who not use them in the correct way.

[ZenGo]

An option you could consider is ZenGo

Zengo is the first wallet based on threshold cryptography. ZenGo eliminated the need for a private key while still remaining non-custodial.

Mashable just covered the wallet.

[bob123]

An option you could consider is ZenGo

Zengo is the first wallet based on threshold cryptography. ZenGo eliminated the need for a private key while still remaining non-custodial.

What the hell is this approach...
That's even worse than a web wallet.

With no single point of failure

So many points of failure..

Backing up your wallet is just as simple. An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account. Only with your 3D biometric face map can you access the encrypted share.

I really can't believe what i am reading here..

So.. both of the 2 necessary secrets are on your server.
The decryption key is also stored online.

And oh.. i forgot.. the bio-metric features of a mobile phone are sooo secure.
You guys realize that most of them can be circumvented by holding a printed image in front of the camera ?


I would NOT recommend to use that wallet. The whole concept is flawed.

[ZenGo]

An option you could consider is ZenGo

Zengo is the first wallet based on threshold cryptography. ZenGo eliminated the need for a private key while still remaining non-custodial.

What the hell is this approach...
That's even worse than a web wallet.

With no single point of failure

So many points of failure..

Backing up your wallet is just as simple. An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account. Only with your 3D biometric face map can you access the encrypted share.

I really can't believe what i am reading here..

So.. both of the 2 necessary secrets are on your server.
The decryption key is also stored online.

And oh.. i forgot.. the bio-metric features of a mobile phone are sooo secure.
You guys realize that most of them can be circumvented by holding a printed image in front of the camera ?


I would NOT recommend to use that wallet. The whole concept is flawed.

The necessary secrets are split between the user’s device and ZenGo’s servers. It’s not correct that both are stored on the server. If either the server or the device is hacked or lost, the funds remain secure. I'll say this again, even if someone hacked ZenGo’s server, the user would stay protected. There is no single point of failure.

The biometrics are based on ZoOm technology. It’s extremely secure. A printed picture is completely ineffective as it fails to pass the liveness. Even 3D masks are ineffective.

[bob123]

The necessary secrets are split between the user’s device and ZenGo’s servers.

How can you claim that the user does not have to store/protect a 'private key' (which basically just is sensitive information) if in your concept the user has to store and protect a 'mathematical secret' (which serves as sensitive information).

That's basically the same. Each wallet has to store sensitive information.

Your concept just creates more security flaws than it solves.

It’s not correct that both are stored on the server.

Well.. your website says the following:

An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account.

So.. one of you is lying.

If either the server or the device is hacked or lost, the funds remain secure.

No. That's not true.

If the device is hacked or lost, the attacker can simply start a transaction.
All he needs to do that is 1) the shared secret and 2) biometric data.

Both can be found on the mobile. The data of the fingerprint is stored on the mobile.
The same applies to the shared secret.

I'll say this again, even if someone hacked ZenGo’s server, the user would stay protected.

Which makes it as secure as a web wallet (in this specific case only).

Your concept only creates downsides. A standard mobile wallet is - by far - more secure. By design.

[ZenGo]

How can you claim that the user does not have to store/protect a 'private key' (which basically just is sensitive information) if in your concept the user has to store and protect a 'mathematical secret' (which serves as sensitive information).

That's basically the same. Each wallet has to store sensitive information.

Your concept just creates more security flaws than it solves.

You are right. Well nearly. Some sensitive information is definitely saved on the client side. But it’s not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)

Well.. your website says the following:

An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account.

So.. one of you is lying.

It’s encrypted by the client and stored encrypted on the server. The server cannot access it.

No. That's not true.

If the device is hacked or lost, the attacker can simply start a transaction.
All he needs to do that is 1) the shared secret and 2) biometric data.

Both can be found on the mobile. The data of the fingerprint is stored on the mobile.
The same applies to the shared secret.

For starters, with our solution the attacker must spend the money through our services which gives us another point of intervention.
Secondly, getting past Apple authentication is not easy, as shown with the FBI-Apple case https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute (and most attackers are not FBI grade)

Which makes it as secure as a web wallet (in this specific case only).

Your concept only creates downsides. A standard mobile wallet is - by far - more secure. By design.

Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece. This is the same as claiming multiSig is irrelevant because when you steal one key, then it’s not multisig and you need just one extra key.

Btw if you want to try for yourself we have a fun security challenge with 1BTC for you if you manage to get in. And we make it very easy for you to get in. https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/

We invite you to try it. Also check out our github, all the cryptography is open source...

[bob123]

You are right. Well nearly. Some sensitive information is definitely saved on the client side. But it’s not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.

If an attacker gains full access to the mobile, he can spend the funds (just like with private keys stored on a mobile wallet).

Biometric data (e.g. fingerprint) is stored on the mobile. Together with the shared secret, that's all one needs to initiate a transaction using your server.

So.. in the end it again comes down to only the security of the mobile.

It’s encrypted by the client and stored encrypted on the server. The server cannot access it.

But it IS stored online. And that's a huge problem already.

This is the same as claiming multiSig is irrelevant because when you steal one key, then it’s not multisig and you need just one extra key.

With multisig (and someone i know holding the second key out of a 2-of-2 multisig) an attacker can not simply steal my mobile with one of the keys and initiate a transaction by claiming he is the real person.
Your server (i.e. with fingerprint) does exactly this.. I steal a mobile, initiate a transaction using the shared secret and the fingerprint data on the mobile.. and your server happily signs it.

[ZenGo]

You are right. Well nearly. Some sensitive information is definitely saved on the client side. But it’s not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.

If an attacker gains full access to the mobile, he can spend the funds (just like with private keys stored on a mobile wallet).

Biometric data (e.g. fingerprint) is stored on the mobile. Together with the shared secret, that's all one needs to initiate a transaction using your server.

So.. in the end it again comes down to only the security of the mobile.

So you are assuming here that the attacker will by bypass the user device biometric and find a way around the device biometrics and that the owner during that time will not notice his device is not available. Is that reasonable?

What you described is also valid with a hardware wallet stolen from you. The attacker will also need the pin and, just like on a mobile device, will be locked out after a few trials.

Finally, we are introducing soon additional protection to cover exactly that case. I want to draw your attention to the fact that unlike hardware wallet there is no back up that can be stolen by an attacker and result in the loss of funds. It's better to look at the security set up from all angles.

It’s encrypted by the client and stored encrypted on the server. The server cannot access it.

But it IS stored online. And that's a huge problem already.

Why is that a problem exactly? the file is unusable and unreadable. What exactly could we or anyone do with it?

This is the same as claiming multiSig is irrelevant because when you steal one key, then it’s not multisig and you need just one extra key.

With multisig (and someone i know holding the second key out of a 2-of-2 multisig) an attacker can not simply steal my mobile with one of the keys and initiate a transaction by claiming he is the real person.
Your server (i.e. with fingerprint) does exactly this.. I steal a mobile, initiate a transaction using the shared secret and the fingerprint data on the mobile.. and your server happily signs it.

Yes indeed. Multisig can help you the way you describe. That said, anyone with access to one of the multisig keys can impersonate who you think he/she is and you will validate the attacker transaction. On ZenGo only the owner can access his funds.

You are assuming here you will be able to "steal the secret" from the phone. How will you be able to do that exactly?
By the way if you are so confident in your ability to hack ZenGo, we provide you all account access and even the picture to an account that holds 1BTC. 
https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/
To be compared with a hardware wallet where the Backup/Mnemonic would be provided. Are you ready to share yours?

[CryptoInsights]

There is no "best" bitcoin wallet. It's pretty much down to personal preference.

Exactly! Also, it all depends on one's requirements. If a person is looking for a wallet just to store temporarily with the main motive being trading then an online wallet would be the best choice as trading by using cold storage wallet can be a bit troublesome.
If safety is the main priority then I'd recommend you to go for cold storage, preferably the hardware one. They're the safest wallet out of all the others.

[Pmalek]

Shill your Taki waki network or whatever it is called somewhere else, not in the Bitcoin boards. Nobody cares about that here.
All the above accounts who posted in the space of a few minutes were created on the same date, a few minutes apart and the few posts they have are mostly Taki waki network shills.