Buy passport or coldcard

[Mike232425]

Hello to all
I want to know your opinion. Which should I choose between Coldcard and Foundation Passport?
I don't care about the price of the wallet, it's about being safe and secure.
Thanks for your help dear friends

[BitMaxz]

Someone already has a review about Coldcard here on the forum the only problem with Coldcard it's not open-source.
Passports wallet has open-source code it works just like Coldcard with advanced features and extra security, the design is way better than Coldcard and it looks like a phone.

So I think for me, a Passport hardware wallet is way better in terms of security and design.

You can check the comparison from this link below

- https://bitcointalk.org/index.php?topic=5288971.0

[Zaguru12]

Both are good hardware wallet because the security of your hardware wallet depends on the back up of the recovery seed. I will say you should choose the foundation passport ahead of the Coldcard because the latter code is source verifiable  while the former is an open source.

The difference now lies on how developers pay attention to the source code, the source verifiable code are not advisable because it doesn’t get more attention of tech savvy guys since they can’t copy it into another project and Should there be twerk in it, it wouldn’t be notice early like open source. Aside that it is both a good wallet.

Now after making a choose of your wallet make sure to get a very good offline backup of the recovery seed as that also is an important part of keeping the wallet secure and safe.

[Meuserna]

Both are good hardware wallet because the security of your hardware wallet depends on the back up of the recovery seed. I will say you should choose the foundation passport ahead of the Coldcard because the latter code is source verifiable  while the former is an open source.

+1

And adding to what you said: the Passport appears to be a much easier device to use.  Over the past few years, I've seen a bunch of newcomers buy a ColdCard but not end up using it.  Ease of use matters a lot, in my opinion.

[Stalker22]

Which should I choose between Coldcard and Foundation Passport?

You really cant go wrong with either one if security is your top worry when it comes to hardware wallets.  Given their stellar security reps, they are both solid and  comes down to what youre looking for feature-wise.  If ease of use is big for you - Passport probably fits the bill nicely.  It has camera, QR code compatibility, a larger screen, intuitive interface - makes sense for a lot of folks.  Coldcard definitely feels more barebones.  So I would say Passport if you want smoother sailing, Coldcard if youre after ultra-spartan. 

[headingnorth]

I have a Coldcard Mk4 that I bought last year but had I known about the Passport I would have got that instead.

The Passport has the advanced features of the Coldcard but looks to be much easier to use. Also great that it is a bitcoin only wallet.
The Passport also looks a lot nicer while the Coldcard looks like a toy.

I finally figured out how to use the Coldcard but it was not easy and took way too much time. I can see how a lot of people would just give up.
If you don't have a great deal of time to fiddle around with the device while pulling your hair out learning to use it then stay away from the Coldcard.

The good thing about the Coldcard was the Black Friday price I paid for it making it almost half the price of the Passport.

[satscraper]

I'm an active user of Passport 2 since May 2023.

Before buying it I also  pestered myself  with such  question but after    careful analysis of all stuff relevant to both wallets have decided on Passport 2 because of bunch of factors in its favor. Among those factors are outstanding quality of design (including schematic and used materials), robust security model (including the source of entropy used to generate SEED), user-friendliness, to name only a few.

[dkbit98]

I don't care about the price of the wallet, it's about being safe and secure.

Really?
So you are asking someone else to make a decision for you 

Passport code is based on Coldcard code so there are similarities between them, but Passport improved in every way, and it remained open source, unlike Coldcard.
Funny thing about coldcard devices is that NVK dont offer any warranty on them, so you are screwed if something happens with your device. 

[Pmalek]

Also great that it is a bitcoin only wallet.

Both Passport and the Coldcard are bitcoin-only wallets and offline signers.

The Passport also looks a lot nicer while the Coldcard looks like a toy.

To me, they both have an appeal. The Passport looks like an old Nokia phone, the Coldcard looks like a big calculator.

I finally figured out how to use the Coldcard but it was not easy and took way too much time. I can see how a lot of people would just give up.
If you don't have a great deal of time to fiddle around with the device while pulling your hair out learning to use it then stay away from the Coldcard.

A new user should definitely read and watch all the official tutorials before they start using a Coldcard. There are also many reviews and how-to-use videos on YouTube for everything you need.

Funny thing about coldcard devices is that NVK dont offer any warranty on them, so you are screwed if something happens with your device. 

That's really messed up. I didn't know that. That's the first popular HW brand I hear that offers no warranty for their physical devices.

[dkbit98]

That's really messed up. I didn't know that. That's the first popular HW brand I hear that offers no warranty for their physical devices.

Yeah, and if you complain to NVK about anything he will just block you everywhere 
As far as I know only Coldcard and Blockstream Jade are not offering any warranty at all for their hardware wallets, that is a big minus for both of them.
It's not like other hardware wallets are offering very long warranty, but having one or two year warranty means peace of mind.
Than also consider how long they have firmware update support, Coldcard is not doing good with that also with many discontinued devices.

[RickDeckard]

Funny thing about coldcard devices is that NVK dont offer any warranty on them, so you are screwed if something happens with your device. 

Similar to a very recent reply of mine in another thread regarding a similar subject[1], even if NVK doesn't offer warranty on their devices, I saw that they have some resellers that have their operations in EU countries (Portugal, Germany,Netherlands)[2] and since they are in the EU, they are obliged to provide warranty for any product for 2 years[3]. I suppose this may be different in the US, but even so I can't say that I like the fact that a company openly denies warranty to their product...
[1]https://bitcointalk.org/index.php?topic=5454770.msg63870617#msg63870617
[2]https://coinkite.com/resellers
[3]https://www.eccnet.eu/consumer-rights/what-are-my-consumer-rights/shopping-rights/guarantees-and-warranties

[Pmalek]

As far as I know only Coldcard and Blockstream Jade are not offering any warranty at all for their hardware wallets, that is a big minus for both of them.

I couldn't find any warranty information on Jade's website either. I did find this Jade review from January 2024, and there is a section that discusses the warranty.

The reviewer said they spoke to the Blockstream team who told them that if the Jade has any issues within the first year that can't be solved remotely or with a software update, you'll get a replacement device or a refund. They cover the return shipping within the US. For orders from outside the States, the buyer covers the shipping fees.

[Cricktor]

I recommend Foundation Passport over a Coldcard. I don't have this device myself, I use a BitBox02, but would get one if I had to buy a hardware wallet.

Even if a Passport were inferior to a Coldcard, it isn't, I'd rather choose it because Foundation Devices as company does a great job with their products. The firmware is open-source, the hardware is open-source, you get the plans and schematics all published. That's true open-source spirit and something that customers should support. Show your appreciation to such a policy.

And no, I'm not paid to sing their song...

[Lucius]

My first choice would be Passport because it is one of the HW that inspires the most confidence at the moment because of everything they do and the way they do it. However, there are people who will never consider buying such a device for the reason that it only supports Bitcoin, and on top of that, it costs a minimum of $200 for those in the US, and a minimum of EUR 250 for those of us in Europe.

For many, the price comes first, then the appearance, and only at the end the technical details.

[Pmalek]

However, there are people who will never consider buying such a device for the reason that it only supports Bitcoin, and on top of that, it costs a minimum of $200 for those in the US, and a minimum of EUR 250 for those of us in Europe.

For many, the price comes first, then the appearance, and only at the end the technical details.

The price is a big factor when you buy anything. Especially when you are just starting out, investing around $100 or €250 is very different. One should never cheap out on security, but there are always good alternatives. I am not a fan of buying from resellers and particularly not from non-official shops. If I were to order the Passport from the US, I would be looking at an expensive shipping fee + import tax and custom duties when it arrives in the EU. On top of that, I will probably have to go and pick it up at a post office somewhere because they will want the fees paid before I get my hands on it. It all depends on what they use for shipping.

[Lucius]

~snip~
I am not a fan of buying from resellers and particularly not from non-official shops. If I were to order the Passport from the US, I would be looking at an expensive shipping fee + import tax and custom duties when it arrives in the EU. On top of that, I will probably have to go and pick it up at a post office somewhere because they will want the fees paid before I get my hands on it. It all depends on what they use for shipping.

I personally have nothing against official resellers, so although it is always better to buy directly from the manufacturer, in this particular case it is much easier and faster to buy from an official reseller. Those resellers have already paid the customs duty and all the costs, and that's another plus because it's better if they did it in a foreign country than for your customs to do it - the less people know that you're buying such a device, the better, right?

As for receiving the package, in my case, everything is delivered to the doorstep, and all costs are paid to the delivery person (cash/card), although previously it was necessary to receive appropriate notification from the customs administration and then take a picture and send all the information so that they could issue a delivery authorization with an invoice for tax payment.

Considering everything, the best option is to have a physical store that sells HW and where you can simply pay with cash.

[Pmalek]

As for receiving the package, in my case, everything is delivered to the doorstep, and all costs are paid to the delivery person (cash/card), although previously it was necessary to receive appropriate notification from the customs administration and then take a picture and send all the information so that they could issue a delivery authorization with an invoice for tax payment.

It depends how the company sends the package and if you have an option to choose between regular post and some type of express delivery. The cheapest post deliveries might not be delivered to your home in cases where you are required to pay import tax and customs duties. You might just receive a letter with instructions where to pick up your shipment and how much you owe.

Considering everything, the best option is to have a physical store that sells HW and where you can simply pay with cash.

That protects you from the possibility of suffering from data leaks, as seen with Ledger and Trezor. But it introduces slightly greater risks that someone manipulated the devices physically.

[Cricktor]

But it introduces slightly greater risks that someone manipulated the devices physically.

A decent hardware wallet should allow the user to verify that it's firmware is genuine and the device hasn't been tampered with. Only properly signed firmware should be allowed to be loaded or the device should clearly indicate if you load debug firmware or own builds.
Yes, I know, tampered devices could pretend to be genuine, but there are solutions for that as far as I remember vaguely.

Case design should make tampering not easy, though this is likely hard to achieve.

I'm not totally up-to-date with Coldcard (not interested in this device as I don't want to support how NVK runs his business) and Foundation Passport and what their security model implements to mitigate risks of tampering. Clearly any fancy packaging seals are no suitable line of defense against tampering as they are easy to replicate for dedicated fakers.

[Pmalek]

A decent hardware wallet should allow the user to verify that it's firmware is genuine and the device hasn't been tampered with. Only properly signed firmware should be allowed to be loaded or the device should clearly indicate if you load debug firmware or own builds.
Yes, I know, tampered devices could pretend to be genuine, but there are solutions for that as far as I remember vaguely.

Technology is advancing. What was good and considered safe enough today, could be easily tricked tomorrow. We know that when a company decides to improve its security, it's usually after something really bad happened. I would rather not be on the end of that as a party who suffered from such an attack or vulnerability. So, the less people have physical access to my bitcoin toys, the better it is. At least for me personally.

[Cricktor]

snip

I hope this is not too much of an off-topic digression. Possible supply-chain attacks and device hardware and software integrity have to be addressed with enough attention. The more Bitcoin's value rises, the more attractive are attacks. I totally agree with you: the less people are involved, the less opportunities to play foul'n'nasty. Anyway, a manufacturer can't or won't control every step up to their customers. They should minimize uncontrolled steps as much as possible or provide foolproof verification of device integrity. Of course, you have to trust this really works as intended. The better, if it were verifiable and trust minimized.

I bought my hardware wallet directly from the manufacturer and they took care themselves of shipping, that's what they say. The sender's address looked pretty innocent to me, packaging and address labels didn't really reveal any hints of the shipped product. That's how it should be and in this case partly also why I felt confident with my choice (BitBox02 from Shift Crypto). But the delivery service likely wouldn't catagorize them as single individuals due to shipping volume, though the sender's address very much looked like this. Anyway, here I have to hope no dedicated intermediates are in play at the parcel delivery service. I accepted this risk.