An easy guide to safeguarding your wallet keys
Welcome to Schooled by Breach! Our latest weekly newsletter where Breach writer, Adetomiwa talks to people with experience about pressing crypto questions, learns a lesson, and shares the findings with you. Crypto can be easy, so let’s figure it out together. Out every Friday!
Oluchi Enebeli shares how different crypto wallet keys work and how not to lose them. She shares the various types of wallets and how keys work for them — wallets that require you to remember your keys because you have 100% autonomy (non-custodial wallets), and wallets that keep your keys for you so you don’t have to remember but also have some control over how your account works (custodial wallets). If you choose to use the non-custodial, she empasises taking note of your private keys when you get them. “Many people lose their crypto wallet private keys because they’re not paying much attention at the start”. Three ways to store your keys are: on paper, in a hard drive or on the cloud.
Here’s the most recent example of how uncooperative my memory can be:
The other day, I was browsing through Zikoko’s So You Don’t Have To series when a film title caught my attention: “I Watched The Nollywood Movie, Domitilla, So You Don’t Have To”. As I skimmed through the article, the film seemed increasingly familiar. Like a story I heard or a dream I had.
I decided that the best thing to do would be to watch this film myself. So I went on a YouTube hunt for Domitila. 50 minutes into the movie, I realised why I felt drawn to it — I had seen it before! It was, in fact, one of my favourite movies as a kid but I had completely forgotten everything (side-eye to my guardians for allowing a child to watch this).
My forgetfulness makes online account passwords stressful and crypto private keys and passwords seem impossible, so I had to turn to the experts for tips.
Why is there so much fuss about crypto wallet passwords and what can I do to make sure I don’t forget mine?
For help, I reached out to Oluchi Enebeli, the founder of Web3 ladies and Technical Product Manager at Nubian Finance. Oluchi’s first piece of advice is to pay attention. “Ensure that you take note of your keys when you get them”.
Oluchi highlights that for a wallet to inherit that title, it requires private keys. Private keys are an auto-generated set of numbers and words or a collection of unrelated words used to give you access to your wallet.
Simply put: It’s similar to a password as it gives you access to your wallet.
Oluchi says there are three kinds of wallets: hot, cold and paper storage wallets. She says hot wallets are wallets that are used and accessed on the internet. Cold wallets are wallets not connected to the internet and require an online application to use them. While ‘paper wallet’ is a term used to describe the practice of writing down your wallet keys on a piece of paper.
Within hot wallets, Oluchi says, there are two types: custodial and non-custodial. “Custodial wallets manage your private keys for you. It’s either they encrypt it or set up some security on the backend to ensure that attackers cannot get to it.” Examples include Bundle, Binance and Free Wallet.
She explains that since your keys are saved for you, “you don’t have to remember more than your password”. She also notes that these types of wallets ask for personal details — name, email address, etc, so if you were to forget your password, they are usually equipped to retrieve your account for you. I can tell you from experience (😭) that some of them, like Binance, have a straightforward process for recovering your account in case you forget your password.
However, with non-custodial wallets, you’re in control of everything — ”When you’re signing up to these applications, they’ll usually tell you to copy your private key because if you lose it, that’s it. They’re not saving it for you on the cloud and they’re not keeping it anywhere. It is your responsibility to keep and remember your private keys”.
She explains that they encrypt the private key onto your device, but should you lose that device, you will be required to enter the keys that were shared with you at sign up, and here, she says, is where many people get stuck. “Many people don’t pay attention to the private keys at the start, so if they’re asked to repeat them, they can’t — and they lose everything in that wallet”.
But wallets are now designed to make it easier to remember, “many non-custodial wallets — like Trust Wallet and Metamask — now ask users to repeat the keys before they can complete their onboarding”.
She notes that passwords on these applications are changeable though, as long as you have your private keys. “The password is just to lock your wallet so that somebody else can’t just open your wallet [on your device] and see everything that you have there. It’s usually possible to reset the password by reinstalling the app and entering your private keys”.
To keep your keys safe, Oluchi suggests that once you copy your keys, save them on hardware, like the paper storage method. She, however, advised mindfulness when storing keys because if the paper or other hardware method goes missing, “that’s it”. She says some people also save their keys on the cloud but only use this method if you’re certain the cloud storage you are using is secure.
To be extra safe, she proposes using as many of these methods as you can and emphasises not saving your keys on your laptop, WhatsApp, Telegram or any other online places that are easily accessible to other people.
I wanted to know why everyone doesn’t just use the easy method.
Oluchi says some people are keen on the non-custodial wallets because they uphold crypto’s goals of “anonymity, decentralisation, and complete ownership of assets”. She explains that non-custodial wallets don’t ask for any private information, so you have absolute privacy. In addition, you also have complete control over your wallets — unlike with custodial wallets. “You decide you don’t want to use a non-custodial wallet anymore, and you can transfer to another and everything, including your transaction history, moves with you”.
My conversation with Oluchi taught me that I don’t need to have the best memory to have any wallet I want. I just need to be conscious of where I am saving my private keys. And if I’m not picky about autonomy or other things, I can simply use a custodial wallet and hit “forgot password” whenever I need to.