Anonymous asks, “What is the easiest
way to generate a paper wallet securely?”
There is no easy way to
generate a paper wallet securely.
You should probably be using a hardware wallet,
not a paper wallet. If you can’t afford a hardware wallet,
then you don’t have enough money to secure.
You can buy a hardware wallet for [between
$30 and $200]; if you have less than $30…
and you want to secure it,
a paper wallet is not a good solution.
A properly secured smartphone with a Secure Element,
and [mobile] wallet backed up with a mnemonic phrase,
with a PIN and an encrypted file system, is far more
secure than whatever scheme you could come up with.
“Could you elaborate on possible or feasible tier levels
for storing bitcoin, how to technically manage them?”
“Hardware wallets, encrypted backups, and BIP-38 etc.”
I would suggest that, for storing bitcoin,
you do not try to build your own scheme.
That is the first rule. Do not roll your own crypto! You
will fail. People tend to over-estimate the risk of theft…
versus the risk of loss due to technical
failure, process failure, or backup failure.
Most people are much more likely to lose
bitcoin because they lose access to their keys.
They encrypted them or concealed them in such
a way that they couldn’t [recover] them years later.
People are much more likely to lose [their bitcoin]
that way, than to lose because it was stolen.
That being said, you should have
your [bitcoin] in stored in tiers.
Don’t [put] all of your money in
an easily accessible hot wallet.
That is just as stupid as walking around with
all of your savings as cash in your back pocket.
I usually suggest that people have two or three tiers.
The first tier is a hot wallet.
Most likely, it will be a smartphone wallet.
Your smartphone should be properly secured. You
should turn on encryption and a large complex PIN.
You should not allow your phone to be unlocked
only by fingerprint. Require another factor like a PIN..
that you have memorized, but do not use
a simple PIN that you have used elsewhere.
You should use two-factor authentication [on
any smartphone wallet with an account system].
[Ideally], use wallets that store the keys locally,
and then make a backup of the mnemonic seed.
When you backup seeds, you should store those
in the locations that you can physically secure.
For many people, that means opening a
safe deposit box at a private vault or a bank.
Or it means installing a safe in your house. If you
can’t do that, your seed [will] just be [laying] around.
You need to get a fireproof safe [at least], so you can
protect it from fire, flood, and environmental damage.
You should probably also consider using a fairly
simple passphrase in addition to your BIP-39 seed;
follow the standards as much as possible, like BIP-39
used for mnemonic seeds between 12 to 24 words.
It is a good standard that balances security
and reliability. You should use it as it is.
You should create a seed on a hardware device
or on your smartphone, depending on whether…
you are doing a cold storage tier
or a more warm wallet tier.
Then record that seed on paper with pencil or pen,
and then apply some cold laminate to seal it…
between two sheets of plastic with glue; this is better
than hot laminate, which degrades the paper and ink,
but that is good too.
[You want to] laminate it so it can’t [be
damaged by] water, or put it in a sealed bag.
I like to use tamper-evident bags
that you can buy from Amazon.
They are opaque. Once you seal them, they can’t be
opened without it being obvious the bag was opened.
That protects it from water damage too. Then store
that [bag or laminated paper] in a fireproof safe.
[Also, create] multiple copies, not just one. Store them
in two different locations at a distance from each other.
Use a passphrase in addition to your seed if you
can’t find a secure location for your seed [copies].
The passphrase should be simple.
[Maybe] give that passphrase to one other person who
doesn’t have the seed; if something happens to you,
they can recover [your bitcoin] by following
[your] estate planning [instructions].
If you use a hardware wallet,
you still need to backup the seed.
Then you could keep the hardware wallet with
a good PIN, [stored] in your home for example.
You could even take it with you
when you travel. I don’t, but you could.
Use [a hardware wallet] as your cold storage [tier].
For the ultimate in cold cold storage, you
could generate the seeds on a hardware wallet,
preferably with a multi-sig [setup], [send a test]
transaction, then wipe all the hardware devices.
That way, your keys only exist as a set of seeds backed
up [on paper and stored] in multiple secure locations.