Welcome to our Bitfi news page. Here you'll find some of our featured Bitfi Knox Wallet content pieces as well as all our latest Bitfi Crypto Wallet posts.
Bitfi Knox Wallet: Open Source Unhackable Monero Hardware Wallet
An international payments technology firm is developing a system that will enable businesses and consumers to take part in the cryptocurrency economy. The company, known as Bitfi, announced the introduction of the Bitfi Knox Wallet, which is not only unhackable, but also an open source hardware wallet with a dashboard which has a wireless setup.
The wallet also supports other cryptocurrencies like Monero, being a fully decentralized private crypto which beforehand did not have a hardware wallet solution. After setting up the wallet, the devise will have access to up-to-the-minute software information. This will be instrumental in eliminating corrupt software which may be used by phishing criminals.
Safe And Enduring Investment
The Bitfi Knox Wallet is a very safe enduring investment with access to latest technology. Unlike other wallets, the Bitfi Knox Wallet permits holders to store unlimited amount of money, without the fear of theft or loss. This is because the wallet makes use of a proprietary and open-source algorithm with an irreplaceable secret phase.
In many ways, the private key is only allowed to be existent for a short time, just long enough for a transaction’s approval to be made. It is also not supposed to be stored anywhere. Additionally, it is not possible for anyone to predict, though it is simple for the owner to remember.
Another key security feature of Bitfi Knox wallet is that it is not easy to interfere with. Even if the owner was to lose it, it is not possible to recover the private keys. This makes it a safe wallet for anyone to purchase within the team of official distribution dealers. Additionally, its algorithm is fully open source, meaning that users can gain access to their private keys without necessarily relying on third parties.
It is also worth noting that the wallet permits users to view and regulate all their cryptocurrencies and assets in a single place via the wallet’s dashboard. Users are also able to view all their balances at once, thereby enabling them to change from one currency to another. This is irrespective of whether the assets are private or for commercial use.
Is John McAfee's Unhackable BitFi Crypto Wallet Better Than Trezor & Ledger?
For as long as cryptocurrencies have started being traded on exchanges versus the early days where the only way to get coins was to mine, storing your bitcoin and crypto assets has been a top priority for any token hodlers. And if you have been in the industry for any length of considerable time, there are two to maybe three household-known hardware wallets to consider – Trezor and Ledger Wallet, and possibly KeepKey – but now BitFi looks to challenge the likes of the industry’s kingpins when it comes to secure, offline digital currency storage.
Let’s take an inside look at the unhackable, John McAfee backed-hardware wallet to see if it can rival Trezor and Ledger and possibly overcome them in marketshare.
BitFi Wallet Gets Strong Reviews at Launch
John McAfee’s new BitFi wallet has received strong reviews at launch. “If you own cryptocurrency you need a BitFi wallet,” writes Rob Loggia at LoggiaOnFire.com.
Loggia, a member of the McAfee Crypto team and strong supporter of John McAfee, claims the wallet combines security and simplicity to deliver a superior crypto wallet experience.
Loggia claims you can’t even call BitFi a wallet. It’s so convenient that it’s more accurate to call it a “convenience device”:
“In fact, to call Bitfi a wallet is not 100% accurate, though it is necessary due to the way people think,” explains Loggia. “Bitfi is actually a convenience device, allowing ordinary people whose time is valuable to take advantage of the most secure scheme we have for storing cryptocurrency: a brain wallet.”
BitFi’s wallet system offers the full security of a brain wallet while adding the conveniences of a live wallet. It’s an authentication device that uses a powerful processor to translate something your brain can store – like a sentence – into the private key used to verify address ownership. Since the key is never stored, written down, or seen, it cannot be stolen.
The magic sentence exists only in your brain. With one sentence, you can protect an unlimited number of cryptocurrency wallets across any supported cryptocurrency.
Your only job with the BitFi wallet is to make sure you never forgot your sentence. Obviously, you should also not write your sentence down or tell anyone your sentence.
Because of the brain wallet-style system, BitFi is useless if someone steals it. Someone could find or steal your BitFi wallet, but it would be impossible to access the funds inside.
If you do lose your BitFi, you can still recover your funds. You can order another BitFi or use BitFi’x provided formula to manually calculate your private keys using your sentence.
Loggia explains the Bitfi unboxing experience and the payment process. One of the neat things about BitFi is that you don’t have to provide your name or other personal information. You can stay anonymous if you choose to do so.
Overall, Loggia described the payment process as “painless and unintrusive”:
“I was able to pay using Bitcoin, and did not even need to give them my name – just a shipping address.”
You can still order BitFi using any major credit card or debit card. However, to use a traditional payment card, you’ll need to enter your name along with your contact information.
After buying the wallet, Loggia claims post sale communication “was also excellent, with regular updates sent letting me know what to expect.”
BitFi shipped the next day and arrived 3 days later without incident.
The BitFi box includes the BitFi wallet itself, a case, a USB charger, a quick start guide, and a warranty card.
How Does the Device Work?
The BitFi device itself is described as “sturdy and well constructed.” It comes with a full color touch screen, making it easy to enter data into the device without using a computer and compromising security. It looks more like a tablet than a traditional crypto wallet.
The wallet ships with a charge. After getting the device, you just need to enter your Wi-Fi information via the touchscreen. Then, the device will connect to the internet and you can start loading.
“Within 10 minutes of unboxing my Bitfi I was already loading cryptocurrency.”
Loggia was impressed with the range of coins supported by BitFi. All major cryptos are supported by the wallet. However, there are still a number of cryptocurrencies that aren’t supported. BitFi plans to continue expanding support over time.
The author took particular issue with the lack of DogeCoin support. It’s one of the few major cryptocurrencies that isn’t supported by BitFi.
In short, Bitfi is a brand new release into the crypto space so it has a long way to catch up to the lion’s share of the market that Ledger and Trezor hold today. But given the simplicity, interface and overall excitement regarding the recent release of Bitfi – on top of the unhackable caveat – there looks to be a new player in town to consider when you go shopping for your next bitcoin hardware wallet storage solution.
Overall, the BitFi wallet received the seal of approval from Rob Loggia in one of BitFi’s first major reviews online.
It’s important to note that Loggia is closely connected to John McAfee. He’s the Technical Advisor for the McAfee Crypto Team, for example, and he was part of the Core Team of John McAfee’s 2016 presidential election bid. Nevertheless, Loggia claims he is providing his honest opinion of the BitFi wallet, and that he purchased the wallet with his own funds.
You can view Loggia’s full review of John McAfee’s favorite, BitFi wallet here.
Hacked BitFi Wallet Headlines: True Or False, Were Crypto Funds Really Stolen?
While the company has gained a unique reputation for creating what it alleges to be the world's first unhackable digital wallet, BitFi has come under both a digital and PR-based attack after the efforts of the Pen Test Partners, the penetration testing company, proved successful in gaining root access to its devices.
The success may have taken a great number of BitFi's users by surprise. In a conversation with BitFi's vice president of operations, Bill Powell, was surprised to find out that we, CryptoVest, were the only press outlet that made an effort to contact the wallet maker.
While the public has been more than outspoken on the subject of this successful breach, it was only fair to get the company's side of the story, including extracting a number of clarifications regarding the company's existing storage model the device uses, including giving some insight into the overall functionality of the software in preventing the possible siphoning of private keys from a computer's memory.
Pen Test Partners System Stress Test, A Walk Through?
Bill Powell: One of the things that company has right now is a number of bounties. The first being for a quarter of a million dollars, what this money demonstrates is a situation in which someone attempts to, or successfully steals your device, and how it's there to answer the question: 'Can we get your money or not?'
The participation of Pen Test has been crucial, and BitFi is the only company that is offering this sort of bounty for answering this question, and that's because our competitors know that if they send a wallet with various coins in it to a highly experienced hacker, they'll manage to extract that number of coins within 15 minutes.
Along with this first bounty, we have a second one which was established to simulate one of the more common hacking methods used in the cryptocurrency world, otherwise known as a 'Man in the middle' attack.
Whoever manages to instigate this sort of attack would be rewarded with a bounty of $10,000. We are really interested to see whether this kind of attack is possible throughout wallets, including what other kinds of attacks these [hackers] can come out with that would penetrate our system.
It's in this bounty that we simulate someone intercepting a device that was otherwise supposed to be shipped to you. They would then proceed to modify it and send it to you, you would then start using it without being aware of it being adapted to submit sensitive information to the attacker, all from what it is you were typing. This means that secret phrases and salt, including other personal information, would be tracked by the attacking party. So, you put in your credentials and, without your knowledge, the wallet sends information to the attackers.
Since these two bounties were first introduced to the wider community, nobody has ever come forward to claim them. But these guys [Pen Test Partners] are simply posting random images with no further evidence to substantiate the claims that they breach BitFi's systems. Meaning they have no proof, no method, no evidence, nothing whatsoever.
In all fairness, we reacted. We literally sent them messages saying, “If you have done this, please send the device to us so that we can check and pay your bounty.” And they just said, “Oh, we’re not interested in a bounty. We’re not interested. Give that money to charity. We don’t want it. We just want to do this.”
Out of all those types of people that stress test devices and systems, who do you know that says that? Who exactly would do that? We went on to say, "Ok. If you're not interested in the money, send the device to us in order to help thousands of people who use the wallet." Surely if you don't care about the money, you must care about people whose safety may be at risk from a compromisable system. They demonstrated something that represents an attack, so surely you'd want to send it to us so we can address this weakness in the system to see the way that the attack would work?
We push updates to devices, so that when we discover a weakness, we can fix it rather quickly by pushing it out to our users.
It is a mind-boggling situation we've found ourselves in. Suppose that the media picked up on this series of tweets from random people without ever presenting any meaningful evidence or proof, but took it as evidence enough and published a series of articles all across the world saying that our devices have been compromised and hacked!
We didn't put up a quarter of a million dollars to serve as a bounty as some kind of joke, it's a very serious thing. If someone actually manages to get through our system, and we don't pay them the bounty, no one will ever trust us.
You can’t just not pay the bounty. You’d completely ruin your reputation forever. You have to pay the bounty. It’s very serious.
The way our system and devices work is completely different from others, that's because other products store a users private keys and keep them outside of the computer. But if they're stolen, the seed and private keys are there and a hacker could easily get to them.
Our device, on the other hand, doesn't store a users private keys, instead, our device generates new ones on the spot. This is so it doesn't store sensitive data unnecessarily. For wallet technology, that is a big innovative step in the right direction. A lot of people don’t really understand what we define as a really unique and sophisticated solution.
You put in your own memorable phrases, and our algorithm calculates all the private keys you'll need for whatever transaction you're conducting - whether that's Ethereum, Bitcoin or whatever you require, after doing that, the private key's gone.
Unlike other systems, it persists in the memory for only a short period of time, a period that we try and keep down to a few seconds, and if your device is seized or stolen, then an attacker is not going to be able to do anything with it, as it has nothing in its stored memory.
We think that if the guy was able to retrieve the private key from the device or something like that, it would have to have been done on a rooted device. But if you root a device, you have to restart it, and when you restart it, it wipes the RAM clean.
What this means is that there's nothing in the memory anymore. And that's why, personally, I think that he's not releasing any data, because he knows that it's a rooted type of device and it's not a real-world attack taking place.
It’s not something that can happen to an actual customer because if you steal a customer’s device… If you root it first, then it will wipe the memory clean. How else will you manage to get the private key even if you were to steal the device like 30 seconds after the original user conducted a transaction with it?
It makes for a rather remarkable situation. And it seems like what happened was that these people got hit by the prospect that we made this claim of being 'unhackable'. It got to this whole thing of, “What’s really the definition of ‘unhackable’?”
To these people, it seems like a hack is anything where you modify the underlying functions of the device, while we are saying that a hack is where you manage to successfully steal a users' funds. That is our broad definition of what a hack is.
In making this statement of being unhackable, we never intended to upset anyone. We thought we were true to our own language by using 'unhackable'. We believed, and still believe that it's correct because there's just nothing to hack because the device doesn't store data.
So, if the device doesn't store data, there's nothing on it for a potential attacker to hack. So how can you hack something when there's nothing on it?
This is the direction that we were coming from. We weren't trying to actively upset all of these would be hackers who regard the statement as a challenge, where we were actively challenging them to create this uproar in the community where they're behaving like: “Oh my God, they’re saying ‘unhackable’. Nothing is unhackable!”
Another thing that we can tell you is this: In the run up to our launch, we sent the device to John McAfee, and after he had a sufficient amount of time playing with it and looking at it, he got back in touch with us and said: 'Yeah, this is the first time in my life that I agree that something is unhackable."
He's gained a truly profound reputation by stating that every piece of hardware / software is unhackable. And he's obviously a cybersecurity guy who kind of invented the whole 'anti-virus' category of systems.
When we saw that, it gave us additional confidence because this is an unhackable wallet because it doesn’t store anything. It doesn’t store your data.
CV: Where I've been in the cybersecurity community for a number of years. I haven't managed to have a look at the device, unfortunately, I don't have much time to look at eMMCs, ICs, or other stuff in that sort of area as I previously would have. But what I do know is that there is an eMMC chip on the device that is responsible for storing information on a more permanent basis. That makes it a flash memory, not RAM.
So, If I were to assume something, I would make the assumption that the operating system behind the device is stored on the eMMC. Would that be correct?
BP: Of course, of course.
CV: If that's the case, it must have some kind of storage. But it doesn't actively store any private keys, is that what you're telling me?
BP: Exactly, yeah. I mean, obviously, it has to have the memory to have an operating system that you could run on the device.
CV [interrupting]: So, from what I’ve seen, these hackers, from all the pictures that I've seen from them, because I've managed to see a good number of pictures of the device and even have an entire archive. I have tried to get in contact with them, by the way.
I have also tried to contact the company, Pen Test Partners, they did get in touch with me, saying that they're unwilling to speak to the media at this time. And I said, “OK, fine. You guys reached out to me, and we’ll talk to you when you want.” And that’s about it.
But anyway, getting back to the point. I do remember them allegedly saying there was a key that remained in RAM for seven to fourteen hours. I did manage to find that claim a little bit more than dubious, but it's very possible.
BP: So here's how their story changed... First they said it took minutes, then they said it took seven hours, they then went on to say it took fourteen hours. How exactly are we to credibly believe anything they say after that? They present little to no evidence. They present literally nothing.
CV [interrupting]: Those were just tweets too. There was no corresponding picture. There wasn't anything attached to it. This is why, when I managed to cover it, I mentioned that they discovered it allegedly. I'm just presenting what they said exactly.
I do understand your accusations on the media coverage of this, and I do feel partly to blame for that as well. I covered it with a certain perspective in mind. But I didn’t think it would be fair without contacting you as well.
BP: The honest truth is that, if the key does persist in the memory for fourteen hours, firstly: that is infinitely better than having it in the device permanently. The second aspect is that, obviously, we can push updates for users. So, for example, an update can clear the RAM with a memory dump to make sure that the data doesn't stay longer than one second.
What we need is people to recognize that we just launched two months ago. Meanwhile, other companies have had way more issues in the spaces of a year or two that we have had since the beginning of our company.
And the thing is that we have no evidence whatsoever that the keys stay in RAM for several hours or anything like that.
CV: In that case, I would imaging the hypothetical 'garbage collection' would come far sooner than that. I do recall, and have seen some evidence that your device is running thanks to an Android back end. And Android's 'garbage collection' [a process that consolidates pieces of memory that are no longer needed] is relatively more frequent than others, and happens quite often.
BP: Well, it's a heavily modified Android back end. And it's highly unlikely that [the keys] stayed in there for a matter of hours. In any case, we're continuing on development. Case and point, we pushed out an update on Thursday the 9th of August in the evening during the Def Con conference because all of these hackers were continually interrupting and coming out to the media. So it's actually a pretty simple process which flushed the RAM and committed to a memory dump before it even gets to garbage collection.
There are a lot of things that we're doing to support our system. I can take a picture of something very easily and claim to the authorizing body of Twitter that I'm the King. But it isn't the truth. And then the media picks up that story and says, “We have evidence that Bill is the King!”
CV: It does prove to be a continued problem, and you have to understand that the media tends to be English / Journalism degrees. They don't ordinarily tend to be people who have an extensive line of credentials from the world of blockchain and cybersecurity.
BP: I understand, but any journalist would at least contact the company. “They’re saying this. What are you saying?”
They just ran with this post stream and, just kind of took those random images and how did we know that all these people weren’t paid by a competitor to do this? Why are they coming after us so aggressively on Twitter?
And if you trace it back to the one guy that's been posting this all [Cybergibbons]. He's incredibly active, posting something every two seconds, almost 24 hours a day, it's as though he doesn't sleep or take any kind of breaks whatsoever. If somebody had a real job in cybersecurity, they wouldn’t have so much time to spend on Twitter. Don’t you think?
CV: He did go on to say that he is the voice for the rest of the team of engineers that are working on [hacking the Bitfi device]. So he would certainly be like the guy who announces whatever they've actually managed to accomplish. it's not completely unheard of.
BP: OK, so it’s a huge team apparently working on it. And after all this work, not a single person has come forward to claim either of the two bounties. I mean, does that make sense to you?
CV: They did go on to say that they wanted the funds to go to charity or something. I've seen things like that happen before, you've repeated it to me. But the fact that they didn't want to send the device into you does leave a number of doubts.
BP: We will definitely send the money to charity if they want, but just send the device so we can see that it does this. We honestly don't think that anyone will come forward in order to claim this quarter of a million bounty, but at the very least for the $10,000, sure, why not for that?
I'd certainly appreciate that. What they're doing to the device are all kinds of different party tricks but not real-world attacks.
CV [interrupting]: Of course, but it's rooting the firmware, however. And I've seen yet another teenager that's managed to root the firmware and run DOOM on his device.
If they were in fact able to do that, I think that one of the bigger dangers, in this particular event, would be, for instance, if they can't remove the cryptocurrency inside the wallets at that point in time - because you simply can't do that by rooting the firmware. But you can introduce arbitrary code and give it to someone else.
And they’ll store their cryptocurrency…
BP [interrupting]: While they have not been successful at demonstrating this yet. The fact of the matter is this: the way that our device works is that you can upload anything . to the firmware - any other code - it will no longer sync up and function with our dashboard, because, so when you first receive it, you have to sync it so that it interacts with the dashboard where you view all your balances and money online and then you approve transactions on your device.
The dashboard is key for communicating with the device. So, if someone were to modify the digital signature on the device, it won't be able to sync with our dashboard. It will cease to function with the broader apparatus, end of story.
What will happen is that if somebody receives a device with modified firmware, the digital signature will not match and it will not connect with our dashboard.
No-one thus far has been able to demonstrate that they can do this sort of thing yet, however. Obtaining root access has not accomplished anything as far as any meaningful real world attack on our system. Think about this: They got root access but we have ensured - because of the way our devices sync up to the dashboard - that it basically works through the same style of encryption as Bitcoin. It's almost like Bitcoin is your private key.
The device has to have a specific digital signature to sync. If it doesn’t have it, it won’t connect.
CV: Ok, so in this instance, you're talking about something like an MD5 hash or something that has to happen so that the server can externally validate that the device is using the authentic software that BitFi provides to its users?
CV: Alright. That’s what makes sense to me.
BP: Well, this is why none of the alleged hackers have been able to successfully do this sort of thing, all they have done thus far is a number of party tricks. You gained access, you upload something else to it, and it’s no longer a Bitfi wallet. What is a Bitfi wallet built on? It’s built on a small tablet.
They've taken to calling it a phone, but it's not a phone, it's a very small tablet and, at the same time that they were developing this, the smallest tablet on the market was roughly five and a half inches, or five inches. We sought to go smaller with it, so we had to make use of all the parts, but we obviously can’t make a call on the device. It doesn’t even have an earpiece or speakers!
So, it’s a small tablet… The moment that you modify the firmware, it becomes something else. Other wallets are storage devices. All they do is store your private keys.
So, our wallet operates as a computing device, an actual small computer, which calculates private keys. So in our case, of course you can play DOOM on anything with a modest CPU and screen. Any computer with a screen can be modified. You could take any electronic device and turn it into something else. But if you do that, it'll no longer be what it was originally, same goes for our BitFi wallets. So you can play something like DOOM on it, but what does that have to do with it? It's no longer a BitFi wallet in functionality. No one else can use it as a BitFi wallet from there.
It’s just completely absurd. What they’re showing is just basically party tricks but no actual evidence of an actual real-world attack that they could present or send to us. Sure, we'll gladly send money to a charity if they can demonstrate credible evidence like a real researcher showing their method which coincides with their overarching hypothesis.
Given that, it’s very clear that the media just kind of went completely ballistic on this.
CV: [Regarding the reason why Bitfi got so much media attention] I think, with this unhackable claim, it's something that warrants a lot of skepticism from all sides. And I think, what's going to happen after making such an outlandish claim is that people are easily going to jump at any opportunity they can see in order to disprove it. And regardless of if they prove unable to completely disprove it, everybody gets all excited when someone manages to conduct a very small modification or something.
BP: Yeah, well, we really didn’t expect that kind of reaction.
CV: Yeah, that was quite predictable. I did see it coming when you first announced the wallet. It's just what happens with new products, I suppose.
BP: It’s too bad. Negativity is not good [...] and that’s potentially something holding us back. It’s not a good thing.
CV: There's one thing I would like to ask: Do you still believe that it's ok to purchase a pre-owned wallet?
BP: During this time, we have decided to announce and tell people not to buy a pre-owned wallet until we learn more and investigate it further. We did post a warning on our website clearly stating that you shouldn't do such a thing until we explore this further.
Since then, we have seen all sorts of people making claims, so we want to see the data because people are making claims. We don't want to put the end users in any kind of unnecessary risks, so during this time, we are warning and reminding users not to do that until we are able to collect more data and learn more about this.
We may again say that it’s OK once we get more data.
CV: Ok, I did see that you had placed that on your website earlier and it just didn't appear on there anymore.
BP: Yeah, and now on the homepage, there’s a warning there that specifically advises users not to do that.
In The Aftermath
It is worth pointing out that about a day after this interview was conducted with Mr. Powell, representing the Pen Test Partners, Andrew Tierney got in touch. This being the company that penetration tested the wallet posted a subsequent announcement from its team through Twitter. Through this medium, the company made it very clear that it will be refusing to engage with Bitfi any longer.
The team went on to state that “We are more than happy to demonstrate the attacks to a journalist.”
From there, when we had previously got into contact with Pen Test Partners back during August the 8th, we managed to receive a prompt but explicit reply from Joe Bursell, the company's marketing manager, who stated that “At the moment we feel it is too early to comment directly with the press.”
Up to this point in time, we continue to extend an offer to arrange an interview of some capacity with Pen Test Partners with the same degree of respect, flexibility and understanding as would be expected from a journalistic source of well-repute. Our ultimate goal in this whole situation is the pursuit of truth, especially in a situation as complicated and unusual as this.
John McAfee's Unhackable BitFi Wallet Adds Support for All ERC20 Tokens
The McAfee Seal of Approval - BitFi offers Support for ERC20 Tokens
Let's be perfectly honest, there's not much-getting people excited for investing in cryptocurrencies at the moment, bear markets will do that to investor appetites. As we'd spoken about previously, a bear market is exactly the time when eyes should be on the future upward direction of Ethereum instead of wallowing in where it is now.
Ethereum users, or ERC20 holders specifically have some good news coming their way, and that's that BitFi, the high security hardware wallet which also claims to be unhackable, will begin providing complete coverage to all classified ERC20 Tokens according to its Twitter feed.
While some of the feedback they received included questions about the usability of the platform through a mobile app alone, others received it with a genuine level of positivity.
One Twitter follower queried:
I see that it's on the dashboard but I keep getting an error or a invalid entry when I try to add a coin. @Bitfi6 is the erc20 option active now or just showing on the dashboard?
— CB (@cvb351) August 17, 2018
Another follower was also giving some credit to the hardware wallet:
Oh and the customer support for this product was absolutely fantastic. John I couldn’t be more impressed with how the support team was available to trouble shoot my device. 💪🏻💪🏻💪🏻
— Jason A. Williams 🦍 (@JWilliamsFstmed) August 16, 2018
One of those outlining this development with a certain level of positivity was none other than the crypto sensation himself, John McAfee:
Bitfi Crypto Wallet Releases Guide On Setting Up Unique Secret Phrase
BitFi crypto wallet had come under intense scrutiny when the “unhackable” wallet was allegedly hacked earlier this month. It took painstaking interviews and Livestream by promoter John McAfee and CEO Daniel Khesin to improve the public perception of the wallet.
In their live stream with Adam Guerbuez, the CEO repeatedly mentioned about BitFi’s security phrase being the most important part of the security of the device. Now, the wallet has released guidelines on its website to set a proper security phrase.
So, How Do You Do It?
The primary and critical step in setting up your Bitfi hardware is that you should give this section the most attention. The phrase that you set for your wallet is what controls all your money and assets and if you do this properly the phrase will offer impenetrable protection (better than any other form of cold storage) and simultaneously give you the option to commit this phrase to memory so that there are no long-term security weaknesses.
The security of a properly set secret phrase as required by the Bitfi hardware wallet is approximately one billion times greater than the encryption offered by SSL encryption, which is the most commonly used technology for websites to securely transmit data from browser to server.
The wallet recommends using the Diceware method to attain absolute security. It is a simple method but makes truly impenetrable secret phrases. Add to this the additional anchor phrase that is required by your wallet and this adds millions of additional years to access your wallet. The only drawback to using this method is that the phrase set using Diceware is not as easy to memorize as a phrase that you can create yourself using unique words and you may have to write it down somewhere which is a security threat, especially in some environments.
Remember: the most powerful passphrase ever created will completely fail if someone finds a document with that phrase written on it. Therefore in some circumstances, it may be better to settle for a phrase that can be guessed by a sophisticated attacker in only 10 million years but without writing down anything. If you do it this way, there is no trace of your secret phrase anywhere.
Points To Be Noted
- When you are setting your phrase, you will be required to enter a minimum of 34 characters which includes a minimum of 3 special characters (such as $, #, ^, %, etc.) or a phrase with at least 45 characters if you wish to not use special characters.
- If you will not use the Diceware method, you need to take some time and invest some effort into creating your secret phrase. This single phrase will control all your money and assets and will give you access into all blockchains that are supported by the Bitfi hardware wallet and ones that will be added to the wallet in the future.
- Do not use any common phrases, song lyrics, movie dialogues and so on.
Once you have properly set your anchor phrase and the secret phrase, you can start using your wallet. The company recommends that the user is acquainted with using the wallet and are comfortable that you have properly secured or memorized your secret phrase by starting with small balances.