Security Practices
I. Unboxing
Keystone Wallet uses tamper-proof stickers in its packaging. Check that the stickers are not tampered with when you receive the device to inspect for supply chain attacks.
II. Web Authentication
If the tamper-proof stickers have been specially treated, such as through use of a hot air gun or forgery, it may be difficult to identify. Upon initialization of the device, you will be asked to perform Web Authentication. If the vault has been tampered with, authentication will fail.
III. Backup Recovery Phrase
Keystone Wallet is a hierarchical deterministic (HD) wallet that complied with BIP32/39/44. The recovery phase enables final ownership of all crypto assets and is always controlled by the user. If Keystone Wallet is lost or broken, assets can be recovered with the recovery phrase on any device or software that supports the BIP39 protocol.
Initialization of the Keystone Wallet is the only time the recovery phrase will be displayed. We recommend users physically record their recovery phrase with a metal storage device such as the Keystone Tablet, which has waterproof, fireproof, anti-corrosion, and pressure-resistant properties.
Tips: Please make sure you have physically recorded your recovery phrase as opposed to having saved it as a photo or other format on any device which may connect to the internet. We advise against using air-gapped mobile phones, laptops, and USB sticks.
Recovery Phrase, PIN code, Passphrase
IV. Set a Strong Password
After you generate or import a recovery phrase, the password can be called by the private keys for signature, which means your assets can be stolen if your password is leaked. Please set a strong password. Simple passwords including names or birthdays, for example, can be more easily brute-forced to gain access to your recovery phrase.
How easy is it to brute force a password?
V. Fingerprint Sensor (Pro only)
The fingerprint function is suitable for use in public places to prevent the password from being captured by onlookers or surveillance cameras.
VI. Passphrase
Please read the Passphrase support page or visit our blog for information on Passphrases and how to create them. We recommend users set a passphrase as well as enable sentinel wallet alerts if they are concerned about physical and social engineering attacks. Keystone Wallet also possesses several hardware-level defenses against physical attacks, such as the Secure Element and self-destruct mechanism.
Last updated