A multi-sig crypto wallet offers protection against some of the more common errors that a person is most likely to make, like accidentally clicking on a phishing email.
Crypto wallets are software and/or hardware used to securely store your cryptocurrency.
More accurately, what they store are passwords called Private Keys. These keys allow you to access and use your crypto assets.
The security of your passwords, backups and even the wallets themselves are absolutely essential if you want to be able to sleep peacefully each night.
Crypto owners are known to make mistakes.
A lot of it is brand new so this is understandable. But if this Newb is you, and you have one and only one password to a crypto wallet on you phone with everything in it, it could lead to security risks and vulnerability.
A few common examples might be losing that one password, or dropping your phone in a lake. That’s why multi-signature wallets can be useful. Since more than one password or signature is needed to authorize a transaction, the crypto inside is much more secure.
This isn’t a new concept. Multi-key safes, safety deposit boxes, and so on have been a concept for most of recorded history. The first lock was invented over 6000 years ago, and no doubt the dual key lock wasn’t invented too long thereafter.
You can see dual keys in use every day. Starting a car with a push button is a dual key process. You need to press the button and have a wireless key fob. Without one of them, you can’t start the car.
Comedy is also a dual key process. More than one person has to agree the joke is funny, and if they don’t agree there is no laughing. For example, some people don’t think this is funny: ‘When is a car not a car? When it turns into a driveway.”
Private Keys + Technology… Not Secure Enough?
Theft is one of the biggest, and most publicized issues with Cryptocurrency. Many private crypto wallets have been robbed, and someone else has walked away with their cryptocurrency. These attacks could be caused when someone finds the password, seed phrase, or just outright robs you as you walk to your car after work.
Today, despite all the efforts to make wallets more secure, there is still no such thing as a 100% perfectly safe crypto wallet.
Besides the possibility of someone finding your master password on a yellow sticky note on your fridge door there are a few ways would-be thieves can get access to your secrets.
It’s possible for malware and spyware to take advantage of weak API’s in your operating system, video cameras, or microphones and discover your password. A malicious actor might also try to scan your computer for a stored, unencrypted password. A file called “passwords.txt” sitting on Google Drive or Dropbox is asking for trouble.
These scenarios are pretty rare and probably not something to lose sleep over if you’ve taken a few basic precautions. That said, no one wants to be the person who allows it to happen to them.
Also, as Biggie pointed out back in the day “Mo money = Mo problems”.
Nobody is losing any sleep over that $4 worth of Bitcoin they left on an old exchange they don’t even use anymore. But if you’re looking after a sizeable amount of crypto, on behalf of other people, you really don’t want to take any chances.
This is why multi signature wallets can be useful. A multi-signature wallet is an extra level of protection on the blockchain, allowing you to have another level of security that guards against most attacks.
Note: If you want really in-depth information on Crypto wallet security, you should understand that it’s a complicated topic and one that’s constantly updating as technologies evolve. It is likely to be the topic of another post and quite a bit of research, but in the meantime this stackexchange topic is a great source of info.
Multiple Keys (or Signatures) and How they Work
As with many things, human involvement is the issue.
It is called “key person risk”, a single point of failure (SPOF), or poor planning. Basically it’s the fact that we all make mistakes, and none of us are perfect.
FUBAR, SNFU, or damp squib are three ways to say that someone has messed something up pretty badly.
But, many security systems cannot take this into account, including most crypto wallets. That often causes problems, and if one of those problems is access to your cryptocurrency, you are in trouble. SNFU kind of trouble. In a single signature system, where only one person has complete access, this can cause you to lose everything.
The most common and easiest type of multisig is two factor authentication (2FA), a version of a dual key system. This system, simply put, is the requirement for two passwords, or keys, to be used together. For example, to access your Google account you may have to authenticate it by using a temporary password sent as a text message. Another example is using a USB key (like a cold wallet) with a PIN that needs to be entered in addition to the password for the crypto wallet itself. (And presumably the computer itself has a password too).
Two of the most popular 2FA authenticators used in crypto are Google Authenticator or Authy. Both of them create temporary passwords and allow you to use multiple devices.
Microsoft mentions that 99.9% of automated attacks are prevented by 2FA. Google agrees by saying that multi factor authentication prevents up to 96% of bulk phishing attacks, and two thirds of targeted attacks. That means your 2FA enabled wallet will prevent the 80% of security breaches that happen because of bad passwords.
Unfortunately, finding statistics for individual private crypto wallets is challenging. There just isn’t anyone who has gathered reliable information. But you can be pretty sure that many people have lost crypto because they weren’t careful enough. Even more have managed to keep things safe.
How Does a Multi-signature Wallet Actually Work?
A dual or triple or quintuple key system needs all the keys to log in before it can act. Making it work technologically is a little more complex. It depends on the Blockchain, the wallets used to access it, and even the devices themselves.
Technically, through the P2SH multisignature standard that blockchain supports, you can have a maximum of 15 signatures in a multisignature wallet. There is a maximum length of input that the blockchain will accept, and 16 keys surpasses that limit. That is if the signatures are compressed, and shorter (33 bytes). If uncompressed, (65 bytes) a maximum of 7 keys can be used.
Electrum allows for 15 of 15 signatures and Armory allows 7 of 7 signatures for Bitcoin transactions. But they are outliers as most programs limit the numbers of signatures you can have to 3.
A maximum number of three is a standard that most of the industry has chosen to implement.
Most of the industry has chosen three because multi signature wallets can be difficult to maintain and update, given the constant change in the cryptocurrency space. Coinbase even discontinued their multisignature wallets because they were too time intensive.
Multisignature wallets are a great way to implement two (or three) factor authentication on our own. Thus, if someone hacks into your wallet and steals your password, they still can’t move any crypto.
How to Create a Multi Signature Wallet with Shared Access
There are no standardized instructions on how to create a shared access multi signature wallet. For example, Electrum allows compressed keys while Armory does not, leading to different implementations.
Most exchanges implement their own programming solutions, rather than relying on standardized implementations. Below is an overview of the most common steps to share wallet access with others.
Here’s what setting this up on Electrum looks like:
- Ensure all users have an account on the exchange you will be using, and that they have proper security of their own private key. Your and their Private Keys will not be shared with anyone else during this process.
- Share all Public Keys across every signer’s account. Each program may have a different method of delivering them.
- Then, record all the Public Keys in cold storage. If you need to recover the account this data will be absolutely necessary.
- Now you have all the data you will need to enter into the program to create a multisignature wallet.
- Then choose now many signers will be needed to authorize a transaction. 66%, 50%, 75%, etc.
- Open the wallet app.
- Enter the required data (and Public Keys + Seed phrases) for every cosigner.
- Then communicate the receiving address to the rest of the signers.
- Each signer may now receive an invitation to enter their private keys.
- Now, you have a multisignature wallet that requires multiple sign-ins to authorize transactions.
Holding Multiple Keys Yourself (2FA)
Many exchanges do not offer 2 Factor Authentication. Often they can’t because they don’t have any information about you, like Exodus wallet or Bitfinex. If so, you are going to want to set up the 2FA yourself.
This is why Exodus has partnered with Trezor. Adding a hardware wallet makes it possible for someone to implement 2FA with their Exodus wallet.
Bitfinex suggests that you use smidgen – an IOTA multisignature wallet to set up multisignature access. It seems that every exchange, app, or cold storage solution uses multisignature in a slightly different way.
Security Precautions (that are never talked about)
Most of this article is about adding layers of security to make access to your crypto more difficult, because there are proven ways to hack you and your devices. (somewhere around 1% of the global GDP was involved in ransomware attacks last year.)
What is often forgotten is the physical safety of your key, or recovery phrase. You don’t want it to easily be lost (or found). A safety deposit box is a pretty good choice here and another fine example of 2FA.
Then of course there’s the outside possibility of fire or water damage, in which case a piece of paper is not going to hold up too well. Consider stamping your recovery phrase on a metal wallet (like Ellipal or Key Stack). Knowing your recovery is taken care of adds a lot of security. Even if you lose your hardware wallet – you can simply get a brand new one and recover it completely. As you hopefully recall, there is no crypto stored on them and it really all comes down to that seed phrase.
But keep in mind that the crypto that you hold on your phone day to day is always going to be susceptible to a “$5 wrench attack”. It’s very unsophisticated, but if someone threatens you with a wrench, you have a choice: a) give them the password to your phone, or b) make a run for it.
How to mitigate the 5$ “wrench attack”.
- Use multiple private wallets stored in multiple locations.
Eg. wallet(s) on your phone holding only small amounts, a wallet on your laptop that you can use for trading, cold wallets in a safe at home and/or in a security deposit box.
- More than one person has to login to trade crypto (multisig wallets)
- Set up a dummy wallet with a couple of hundred bucks in it that you can afford to lose in this scenario.
- Get fit so you can run faster. Just do it.
Are there any Downsides to Multi-signature Crypto Wallets?
The biggest issue with security overall – is the balance between convenience with safety.
Extra layers of security can be very inconvenient. Imagine needing three keys to open your front door. (And different people each having one of them).
If you want something to be secure, you’ll also have to make it more difficult for you, and everyone else to access.
Note: It’s also important to keep things up to date. Make sure that you update any wallet or exchange software regularly for optimal security and always download your updates from the verified official sources.
The Best Wallets that Support Multi-signature.
On the other hand, Multi-signature wallets allow you more control and privacy. No-one else has your information, and you directly possess the keys, reducing the trust you have to place in others.
- Armory allows 7 of 7 multi signature wallets.
Available for Windows, Mac, Ubuntu, Linux, and Raspberry pi. However some have said its interface is not very forgiving.
It only supports one Crypto – Bitcoin.
Even with those as potential downsides, if security is your main concern go with Armory.
- Bitgo Supports 2 of 3 multi-signature, so it can do 2 factor authentication for you. It stores one of the keys on its server, so Bitgo can validate the transaction itself.
It supports over 200 coins.
It’s available on all OSs, and has a good interface.
Customer support is pretty responsive.
- Electrum does allow you to create a multi-signature wallet, but it is also limited to Bitcoin only.
You can make 15 of 15 multi signature wallets, which is the biggest number we’ve seen. It has native cold storage support.
It runs on Apple, Python, Android and Windows.
Electrum is a good, secure wallet that allows a user to take control of their security.
Note: Most Bitcoin and Bitcoin forks support native multi-sig, like Litecoin. However, many Altcoins like Ethereum don’t have native multi-sig support, so finding multi-sig Ethereum wallets might be more challenging. Cardano is in the same boat, without native multi-sig support, yet.
- Multi-signature is, by far, the most secure way to store your crypto
- 2FA is the easiest way to create a multi-sig wallet
- Using multi-sig with more than two signatures will be inconvenient but much more secure.
- Shared access multi signature wallets are more like a safe and worth consideration for securing larger amounts or shared funds.