I'm speaking strictly about the paper wallets that print out the raw private key, and not about wallets that ask users to backup their mnemonic seed.
This type of wallets has a lot of flaws:
You need to use printer to create it, which can be malicious. Especially f it's owned by a third party like a store.
They create just one address, which means you'll be tempted to reuse it to receive multiple transactions.
Wallet Software is dangerous, free trojan horses.
Hardware Wallet is a joke, how do you really know its doing what you think? How can you trust the company.
Why have so many addresses you have ONE for your serious, like the big-miners, you see they have one address with 150k btc's
You have a few addresses for junk stuff
You run your own bitcoin full-node, your own electrum-server if you wish to make lots of addresses, you use coin-join, if you wish to do your own mixing
...
Everything is offline. Get a couple of dice, say roll the 32 times and write down the numbers, then enter the numbers on an offline laptop, that is virgin, no web-browser, sort of like the hive-model, virgin clean no chance of malware. You run "KU" for python bitcoin/pycoin, ku will take the generated random number and generate your WIF, you write that WIF down. Your done. You engrave that WIF on some metal, and put it away. If you want more special private-keys, do this again.
Now you have a private-key, on the same offline virgin, when you ran KU to get your WIF, you also got all the address formats, right now the one you with to use, comp, uncomp, bc up to you Your done.
Your PRIV-KEY has never seen the internet, your PRIV-KEY is hard saved permanently. You tell nobody, ever. Your security is 100%. NOTHING no random generator on earth can better the dice rolls, as all computers do pseudo-random generation.
Given that you have your own private full-node, and electrum server, you run the wallet software, so it only connects to your server internally, use TOR if you wish. Nobody on earth can connect your IP, to that address, I'm saying you have imported your secret priv-key into this private wallet node. This just be for coin-joining or mixing internally to save coins; You can always create throwaway addresses, bringing in new funds, but you can mix them back to your secret address.
Of course once you have gone to the trouble of making a 'super-priv-key' you never share it with COINBASE, or sweep using a wallet, you never use mobile-wallets, unless you fund toy-accounts for pocket money
...
All wallet software online is a scam. All wallets on mobile's is a scam. The only safe wallet is on your own private wallet-server, that nobody can see what your doing. If you can't afford to lose it, don't use it with public domain software.
Most hardware wallets are a scam. Either they give you rub-off key, which they sweep your funds later, or the hw-wallet has a serial number where they can later activate malware, why would anyone think that companys making wallets are safe? It only takes 1-2 dishonest employees in cahoots with a Nigerian OP, to destroy a company. Hell anybody that gets into any wallet hw or sw is not to be trusted free or not.
At least with your own node you can monitor 'call 2 home', and prevent malware
...
In summary making a super-secure private key is easy, just roll a few dice a few times. Keeping that private-key off of the computer, and off of the internet is the secret. Running your own wallet-server is most important of all to make sure NOBODY associates your high-value address with your geo-ip
What in the hell is a paper-wallet Paper is where you do your scratch work rather than on a computer, storage of your magic number is up to you, hell grind it into the bottom of your desk with a drill
'wallets' are 100% bullshit hw or sw, running your own BTC full-node, you can do your own transaction 100% anonymous
All exchanges are either ran by the GOV, or criminal in nature.
Private key wallets are usually at risk of being hacked, but hardware wallets are completely risk-free, so many large investors have turned their attention from software wallets to hardware wallets.
10's of 1,000's of people have been robbed by buying cheap trezor clones online from ebay
Over $2Billion USD lost every year from BTC theft, but its a dirty little secret
hw-wallets are USB devices, the easiest thing in the world for NSA to hack is USB devices, these days lots of malware out there to scan, super easy to get into a device read-only dump the memory, and decrypt it later
but most hw-wallets use the ebay scam, where a scratch off key is included in the package, and of course as soon as you use the wallet with that key, your funds are swept by a 3rd party
but even making your own key isn't safe, because all wallets hw or sw are trojan horses
original btc design didn't even have 'wallets', it came later by criminals and exchanges and governments
Its not that the paper is wrong, but the idea of printing the private key on it is very dangerous. Thankfully they were replaced with seed words which are better.
In short, its the modern, safer version of it. Private keys should never be handled directly.
Seed words require a dictionary to map those words to a 12 bit digit, typically 12 or 24 seed words, what a pain in the ass. Not all sw even uses the same software mapping. This crap was invented by the same dildo that brought you 'brain-wallets', another scam that caused people to lose millions
Just roll two dice 3 dozen times writing down each pair of digts, and your done. U have your numeric private-key. Convert to WIF format offline secure, and tattoo that on bottom of foot. Done.
WIF is typcially about 28 characters, easy to write down.
I think memorizing 12 or 24 words in an order is as dangerous as 'brain wallets', people are constantly forgetting the order, or one word, read the net, not a day goes by somebody messes up and loses all their btc forever
Just convert the numeric key to a WIF, and write on system using a permanent marking system, welding rod if you wish, or plasma-ionic rifle, bury it with your gold, so know its in a safe place.
Why pick on paper, there are scrolls laying around with old ink 10's of 1,000's of years; going to last longer than you, especially if stored in dry place. Like a PVC gun tube, where you keep your gold buried.
Most of the time when people first start BTC they don't know what they're doing, they go online and get an 'address' and never backup that priv-key, then years go by they think their rich, and then when they go to spend their btc ( cuz they hodl ), they find out they don't have the key, or the password to the wallet; So many gimmicks and pitfalls in BTC to lose your money
Private key wallets are usually at risk of being hacked, but hardware wallets are completely risk-free, so many large investors have turned their attention from software wallets to hardware wallets.
There are more 'fake' "Trezor Wallets" coming out of China, that there are 'fake' Apple Store, and iPhones; and that's a lot. In China, the people who work at the Apple stores don't even know they're not working for Apple, and its the same for the Trezor Universe.
U might trust Trezor as much as the baby-jeebuz, but its irrelevant, unless you bought your 'Trezor' in person from the CEO at the Company, and even then he probably doesn't know if its a real device. Often these things are fabricated by the 100's of 1,000's in China on contract, and the rejects that fail 'test' are thrown in a bin and sold for cheap, then end up in Nigeria where they're resold on ebay
Lot's of ways to scam the hw-wallet, the big one is the fake scratch-off key, the second is to have pre-determinstic random numbers, say you generate 1M random keys from a seed, then you send out the Trezor clones, now you have a database, and you scan all the addresses, on the mining-pool of BTC, when you see an address from your pre-deterministic database of priv-key/address-map on bloom-filter in real time, you 'sweep', or even better you flag and have a human watch&wait until big money appears on that address.
A mnemonic seed wallet has many advantages - you only need pen and paper to make it, it creates a full wallet with as many addresses as you need, as well as change addresses, and you can even memorize the seed to additionally store it in your head.
Why indeed? Because most people can't remember where they left their car keys ten minutes ago.
Write it down, or lose it.
On Ethereum they tell you they intend to reduce eth live holdings, to increase price, on btc they can count on people being stupid to reduce active addresses.
Like you already said, if you use an online wallet, and use their private-key generated, then you have already lost your money.
[moderator's note: consecutive posts merged]