 Mike asks, I store my crypto on a ledger. Listening to Trace Meyer this week has me concerned that this is not safe enough. Trace says you need Bitcoin Core for network validation, armory for managing the private keys, and a glacier protocol for standard operating procedures, and a purism laptop for hardware. What is the gold standard for storing crypto for non-technical people? Is a hardware wallet good enough? If my crypto has been on my hardware wallet for a year now, is it more or less likely to be hacked over time? Here is the thing. Different audiences, different groups of people, are going to have different risk models. They are also going to have different tolerance for technical complexity. The important thing to realize here is that technical complexity is part of the risk model. Meaning that if what you are trying to do with security is more technically complex than your level of skill, you will introduce a very serious risk that you will lose your crypto, not because it is stolen, but because your ambition for technical excellence exceeded your skill level for technical execution, and you, frankly, messed it up. This applies to every level of technical expertise. There is always a higher level of security you can achieve by adding a bit more complexity. Security is not an on-off thing. It is secure, or it is not secure. There is no gold standard for security that applies for everyone. There is a sweet spot where the risks that you face from external factors, from the adversarial model that you have identified, where you understand who might be after your crypto, and under what circumstances they might access it. The risk model you have for resilient long-term storage and, also, you should be thinking about, inheritance and how your loved ones will deal with this if something happens to you. The risk model you have for simple loss, which includes a fire, a flood, an environmental disaster, a problem with your home, or the other areas where you store keys, termites that eat through your paper backups, or whatever else the risk model might be. Then you balance that against your technical skill, and you find which of these risks you can eliminate, in a way that both you and the people you will designate as helping your loved ones recover your crypto, if something happens to you, can execute that technical plan flawlessly. That is the sweet spot. Traces' sweet spot is Bitcoin Core for network validation, Armory for managing private keys, Glacier protocol for standard operating procedures, Purism laptop for hardware. Other people have a higher sweet spot. Maybe, for example, for Coinbase's cold storage, they use a Faraday cage. They have rooms that are lined with an electromagnetic shield, so it won't leak RF. Other people use nothing. There is a range here. Traces is identifying his sweet spot based on his technical level of expertise, and the people around him that he has able to assist him and others if the need comes. He is also balancing this against his lifestyle, where he lives, and what access he has to secure locations to store his keys, etc. None of this is going to be the same for you. You have to figure out what is right for you. For 99% of users, this is not right. The reason it is not right is because 99% of users of crypto do not have the technical expertise to execute on a plan of this complexity. As a result, what they will do is they will overextend and underachieve on technical execution. They stand a much bigger risk of losing crypto because of key loss than having crypto stolen because of an external adversary. Your own lack of technical expertise and your overambition in execution will cause you to lose your crypto, not some nefarious hacker. Having said that, what can you do that is practical? If you have your crypto on a hardware wallet, that is a fairly high level of security, the important question then comes, where is that hardware wallet back top, where are those backups stored, how are those backups stored, and do you have additional layers of security? For example, if you have a hardware wallet with a pin, then the hardware device itself is somewhat secure, but it is still vulnerable to physical attacks, meaning you have to secure the physical location where you have that hardware wallet. A wall safe, floor safe, or even a hidden compartment where you can hide your hardware wallet, is often enough security if people don't know that you have crypto. If people know that you have crypto and they know where you live, then you have a slightly higher degree of risk, and you need to account for that. Now about the backups. Writing 24 English words on a piece of paper with your own handwriting is probably the most resilient way you can backup your hardware wallet. You have to protect that seed. Most people are very worried that someone is going to break in, identify what the 24 words are, and steal their money. That's not the biggest risk. The biggest risk is you lose it, you forget where you put it, you didn't do the backup in the first place, it got moisture, that's going to be a real problem, paper gets wet and it gets destroyed, the ink bleeds, whatever, or you had a fire, termites, or some other natural disaster that destroyed your only backup. You can protect against many of these risks. Step one, create another layer of protection. Make a passphrase on top of the seed so that you have this additional layer of security. You still need to backup your passphrase because if you pass or are involved in an accident, and you're the only one who knows the passphrase, then that is a point of failure, your crypto is lost. It would be very difficult to brute force. A simple four to six-word, random English word passphrase is sufficient if you physically protect your seed from disclosure. I would also add important measures. Make two or more copies of your seed and store them in geographically distant locations. The seed on its own without the passphrase is not sufficient to break it. Take that paper seed and laminate it so that it is protected from moisture, which is the number one risk. Then put it in a tamper-evident sealed envelope. You can buy these by the hundreds from retailers. They're often used for cash donations in religious institutions and things like that. This will allow you to ensure with easy inspection, whether anyone has peaked at your seed and give you peace of mind that no one has accessed that particular copy of the seed. Create more than two copies of it. Put it in a standard fireproof safe that can resist a fire. Put two copies in two different locations, which are unlikely to burn down at the same time. With these measures in place, you have protected yourselves from the biggest risks, which are accidental damage, environmental damage, and loss due to insufficient backups. You have to also back up those four to six word passphrases. Write those down on paper, laminate those, put them in a tamper-evident envelope, store two or more copies in two or more different locations from where their seeds are. Finally, write a letter so that people know that these things exist and coordinate with your family. They know that these things exist, but they can't easily access them and take away your crypto. For most people, the simple stone-age technology of paper, pencil, with a little modern addition of laminated sheets so you don't get moisture damage, and a simple cheap plastic envelope that makes it obvious if someone has peaked at your seed, is sufficient. You do not need to go to the extremes and the technical complexity of glacier protocol. When people give advice like this, when they say that if you don't achieve this level that I feel confident at, you are not secure, what they are doing is not encouraging people to achieve better security. They are either pushing people to try to overextend their technical skill and making them at risk of losing their crypto due to a variety of technical problems, or they are pushing people to go to custodial exchanges. The vast majority of people having read things like the glacier protocol will go, I don't even know, and they will either try to do it without understanding it fully, be very uncomfortable with their knowledge, and probably lose their crypto because they messed it up, or they are just going to give up on the first page and move their crypto into custodial storage, and let someone else take care of the security. We have an intermediate level that people can use. Hardware wallets with paper backups, properly secured with a passphrase, are very effective. They are easy to do for most people, and if you follow the instructions and don't try to improvise, don't try to do things like cutting up your seed into groups of words and sprinkling them in different locations. Don't try to use overly complex passphrases or take the words, put them in a file, encrypt that file with PGP, store it on drop, and none of that. Old-fashioned, low-tech paper, pencil, protection from water, fire, multiple redundant copies, second-factor passphrase, that is achievable by most people. Mike, your crypto is fine on the hardware wallet, it won't get hacked. It's not more likely to be hacked now than it was any time in the past. 99% of the attacks you see against hardware wallets, you read about in academic papers, or you see at academic security conferences, require physical access to the device. Even then, they don't work if you've updated your firmware correctly. More importantly, the biggest rescue face mic is losing your crypto because you didn't properly backup your hardware wallet, or because you tried to follow a set of instructions that started with obtaining the unobtainment Linux distribution and installing an AirGap Faraday cage-protected supercomputer in an underground bunker. You went hands-up and put your money on Coinbase.