Bitcoin is big business. Despite its use in high-profile criminal endeavours like the infamous Silk Road, popularity of the cryptocurrency – developed by pseudonymous engineer Satoshi Nakamoto and driven by armies of ‘miners’ devoting computing resources to verifying transactions – is on the rise. Entire markets, from payment processing to the sale of mining hardware, have been born on its back, and it’s now entirely common to see mainstream companies accepting Bitcoin as a payment method.
It’s hard to ignore the negative headlines, though – the stories of online Bitcoin exchanges losing millions of pounds in funds to malicious attacks, untrustworthy staff, or simple incompetence.
For businesses accepting Bitcoin directly, rather than through a payment processor which automatically exchanges the cryptocurrency for fiat currency, it’s an undeniable risk, which only increases for those holding larger quantities of Bitcoin in an effort to benefit from its rapidly increasing value.
Enter the Ledger HW.1.
Hard security
The Ledger HW.1 is one of a new breed of Bitcoin-specific security devices dubbed ‘hardware wallets’. Where traditionally a Bitcoin wallet takes the form of a file on a computer protected with a passphrase, the Ledger HW.1 stores the private key associated with the wallet on a tiny USB dongle similar to those used for FIDO U2F two-factor authentication.
The HW.1’s security comes from more than physical abstraction, however: the dongle also contains a security co-processor which handles the job of actually signing transactions, meaning that the wallet’s private key is never exposed to the host operating system.
This, its creators claim, means that – in theory at least – you could carry out Bitcoin transactions on a computer liberally infested with malware, including keyloggers and screen-grabbers, and still be entirely protected from any harm.
The HW.1 costs €18 (around £16, $20) for a single dongle, or you can purchase bundles and get them cheaper with bulk discounts.
Simple setup
The HW.1 packaging includes the dongle itself, which you punch out of a credit card-sized block of plastic and fold in half with a click, and a printed plastic security card which acts as a second authentication factor. If you get sick of looking up letters and numbers on the card for each transaction, this can be replaced with a smartphone app. However, sadly, in testing we found the app, which should pop up a notification when authorisation is required, was too unreliable for daily use.
The desktop software itself is provided as a Chrome app running within Google’s browser and supporting any operating system on which Chrome can be installed. The on-boarding process is quick and easy, asking the user to pick a four-digit PIN and to write down a series of ‘recovery words’ on a bundled informational sheet.
These words allow the wallet to be regenerated onto a replacement HW.1 should you lose or damage your original, and represent the device’s weakest link. When you’ve recorded the words, the card should be sealed away in a safe and treated with the same care you would furnish upon a stack of banknotes to the value of your Bitcoin hoard.
Once set up, the software works like a standard online Bitcoin wallet – you can receive Bitcoins to a constantly-cycling address, send Bitcoins, and view the details of any transactions you have made. All of these features only operate with the HW.1 inserted into a USB port, and sending Bitcoins requires the security card or smartphone app as a secondary level of authentication.
Enterprise users can use multiple HW.1’s to enable ‘multisig’ authentication on a wallet for improved multi-user security, requiring several keys to authorise each payment, while a final trick up the HW.1’s sleeve is the ability to act as a two-factor authentication (2FA) dongle via the admittedly uncommon blockchain-powered BitID system.
We liked
The tiny size of the Ledger HW.1 means it’s something you can keep on your person at all times, and the embedded security co-processor means that there should be no risk in popping the device into a public computer, say at a business centre or airport kiosk, in order to check on your balance or create a new transaction, providing you can install the Ledger Chrome app.
The software is attractive and user-friendly, and worked perfectly on all three operating systems – Windows, macOS, and Ubuntu Linux – on which we tested it. The ability to also display the value of your Bitcoins in fiat currency is particularly welcome, and helps prevent any nasty decimal-point mistakes that could otherwise see you transferring an order of magnitude too many fractions of a Bitcoin with no way of getting them back again.
We disliked
Although the Ledger HW.1 is cross-platform, its use of the Chrome browser to achieve this is a concern. Those who prefer alternative browsers – or are restricted by corporate policy – will need to keep a copy of Chrome installed specifically for the HW.1, and if a public terminal doesn’t have Chrome your HW.1 will remain on your keyring, useless and inert.
A bigger issue is the fact that the software installs as a Chrome app, a subset of Chrome add-ons which Google is actively in the process of retiring. Although Ledger claims to be working on updated software which will be released before Google deactivates the Ledger Chrome app, details of this software – in particular whether it will retain the full cross-platform support of its predecessor – are not yet available.
Final verdict
It’s true that there are more robust hardware Bitcoin wallets available, such as the impressive Trezor. Ledger itself in fact produces higher-end models in the form of the more robust Nano and screen-equipped Nano S. The HW.1, though, has a pair of advantages that are hard to overlook: its size and portability means you’re less likely to leave it at home or in an office drawer compared to bulkier equivalents, and the price is suitable even for those simply dabbling in Bitcoin.
The buggy mobile app aside, Ledger has done a great job on the software for the HW.1. If it can translate that into a package that works outside the soon-to-be-retired Chrome apps ecosystem, then the HW.1 could end up being the go-to security device for Bitcoin users. For the moment, though, there’s an air of uncertainty: anyone purchasing an HW.1 should do so in the knowledge that it’s possible, though unlikely, that Ledger will fail to deliver on its promise of upgraded software. And if that’s the case, you’ll be left with a useless lump of plastic on your keychain when Chrome apps support is fully retired in early 2018.
- You might want to peruse our guide on how to mine Bitcoins
