If you’re a Bitcoin user, you’re probably familiar with the challenges of securing your satoshis. You obviously do not want to leave it with a third-party custodian, where you risk losing your funds and only have permissioned access to that Bitcoin.
Ideally, you want to take control of those funds by using a wallet that communicates directly with the blockchain, and the simplest way to do that is to spin up a hot wallet, also known as a software wallet.
These wallets are available for many desktop and mobile devices, all with pros and cons.
Depending on how you plan to use your Bitcoin, you have a selection of wallets available. If, for example, you want to use the Lightning network, you’ll need a hot wallet that supports Lightning, and the same goes for the Liquid Network.
Regardless of the type of hot wallet you use, one thing they all have in common is that the keys are hosted directly on the device. That means the device you’re using remains a single point of failure. They’re still vulnerable to hacking and other forms of cyberattacks and in-person attacks since anyone who gains access to that device, be it in person or remotely, can sign a Bitcoin transaction and move the funds from your wallet.
If you are using a hot wallet, you should be sure to limit the number of funds you hold on any single signature device and, at the very least, have 2FA set up and passcodes on your phone and wallet.
Alternatively, if your mobile wallet is your primary wallet and you have no other option for securing your funds in cold storage, you can add an additional layer of protection by having an NFC device that holds your private key for you.
Products like the TapSigner offer hot wallet users the ability to keep their wallet and key separate in a sort of middle-ground security setup that is not a hot wallet but not precisely a cold wallet.
What is TapSigner?
TapSigner is a Bitcoin NFC card that works with your smartphone or tablet (NFC-compatible device) to provide an added layer of security for your Bitcoin. The TapSigner is a physical card that stores your private keys, which are necessary to access your Bitcoin wallet and authorise transactions.
If you’re using a hot wallet in combination with your TapSigner, you would need to physically hold the card close to your device to validate the key and perform a Bitcoin transaction.
By keeping the private key separate from the device, you add additional friction for yourself every time you perform a transaction. Still, you do add a layer of security to your hot funds should your device be stolen or compromised.
TapSigners are used for on-chain transactions only; if you’re looking for an NFC device that works with the Lightning Network, you’re better off using the Bolt Card or Bitcoin Ring.
Why is TapSigner more secure?
Hot wallets self-host private keys which remain “hot” online in a phone or computer. The user needs to download an app into their phone, create the wallet, jot down the recovery words — and voilà; it’s ready to be used. Given their convenience of always having access to your funds, you give up the security of having offline keys.
The tradeoff is, of course, security: – being connected to the internet makes this setup more vulnerable to hacking, theft and other attacks. If a user with a hot wallet were to have their phone stolen, or connected to an insecure internet connection, or have malware on their phone, those private keys could be accessed and, along with it, your Bitcoin.
By keeping a TapSigner with your private key instead, you separate two parts of the signing process, your device and your private key, to give you extra protection. Now if your wallet and phone get stolen, this doesn’t help you since the attacker has access to both, and you better have other security measures in place, like remote wiping of the device.
How does TapSigner work?
TapSigner uses near-field communication (NFC) technology to communicate with your Smartphone or tablet with compatible software to create private wallet keys.
Once you’ve set up a wallet on your Smartphone, you will pass on a secret key that is held by your TapSigner. The card combines the entropy provided by the wallet software and the secret entropy that it picks itself to generate the keys in the Tapsigner.
Once the TapSigner is configured, you will need it every time you want to perform an outgoing transaction.
When you need to authorise a Bitcoin transaction, you will compile the transaction as you would with any other hot wallet, but before you can transfer the funds, you will need to input your TapSigners code and then tap the card against your device, which prompts the TapSigner compatible wallet to authorise the transaction.
Currently, wallets that have TapSigner support are:
- Nunchuck Wallet
- Hexa Wallet
What are the benefits of a TapSigner?
TapSigner provides several key benefits that make it more secure than traditional Bitcoin wallets:
- Offline Storage: TapSigner stores your private keys offline, which means they’re not connected to the internet and are less vulnerable to hacking and cyberattacks.
- Physical Security: Because TapSigner is a physical card, you can keep it in a secure location, such as a safe or lockbox. This adds an extra layer of security to your digital assets.
- Multi-Signature Support: TapSigner supports multi-signature transactions, which require multiple parties to authorise a transaction. This makes it more difficult for hackers to steal your Bitcoin.
- Open-Source Software: TapSigner’s software is open-source, which means it’s transparent and auditable. This reduces the risk of hidden vulnerabilities or backdoors compromising your security as there are more eyes on the project and contributors willing to patch issues.
Storing and restoring my TapSigner wallet.
Private keys generated by the card abide by BIP 32 instead of BIP 39, so you won’t have the 12 or 24-word backup but a long text file instead. For users interested in backing up their TapSigner-generated private keys, you will need to protect the encrypted backup of the private key file.
When the user requests a backup of the private keys, Tapsigner encrypts the keys with the 16-byte key printed on the back of the card.
Therefore, to recover the wallet, the user will need the encrypted private key file and the decryption key printed on the back of the Tapsigner. If the card is lost, the user can leverage these two pieces of data to recover funds. Ensure you have a copy of your TapSigners backup phrase somewhere, or its bye bye Bitcoin.
Protecting your sats one tap at a time.
TapSigner offers enhanced security for users, even if it’s a pain in the arse to use at times. It may be a bit of a bother every time you need to pull out the card to perform a transaction, but if anything does happen to your Smartphone or tablet, you’ll be pretty stoked to have added this additional layer of protection.
If you prefer to hold your funds in a hot wallet on your Smartphone, or you have a business wallet that requires you to make regular payments, a Tapsigner is a great addition to your operational security.
Do your own research.
If you want to learn more about the TapSigner, use this article as a jumping-off point and don’t trust what we say as the final say. Take the time to research other sources, and you can start by checking out the resources below.
- tapsigner.com
- Tapsigner From Coinkite – NFC Bitcoin Cold Storage
- Tapsigner [NFC] Bitcoin Wallet Tutorial
Do you take self-custody of your stack?
If you’re new to Bitcoin and have not ventured down the self-custody rabbit hole, what is stopping you? If you’re already self-sovereign, how has the experience been since you took hold of your funds? Let us know in the comments down below. We’re always keen to hear from bitcoiners from around the world.