This hardware wallet glossary is a compact, practical reference for US-based crypto holders who want clear definitions, examples, and hands-on tips. I’ve used multiple hardware wallets since 2018 and update these notes based on testing and common user questions. What you’ll find here: plain-language definitions, trade-offs, and links to step-by-step guides (so you can go deeper).
A hardware wallet is a small, non-custodial device that stores private keys offline and signs transactions locally. Think of it like a secure USB key specifically for crypto (but with dedicated crypto logic). It’s designed so your private keys never leave the device.
See setup steps and daily usage: first-time-setup and daily-usage-transactions.
Seed phrase definition: a human-readable list of words that encodes the private keys for a wallet according to a standard (commonly BIP-39). What is seed phrase in practice? It’s the master backup. If you lose the hardware wallet, the seed phrase lets you restore funds on a compatible wallet.
And yes, I still recommend using a metal backup if you plan to hold long-term.
For formats and error cases see seed-phrase-management and restore-recovery.
Private keys are the numbers that prove ownership of funds on a blockchain. Non-custodial means you hold those keys (self-custody). Hardware wallets keep keys on-device so signing is isolated from your phone or computer.
Secure element explained: a secure element is a tamper-resistant chip on the device that stores private keys and executes cryptographic operations inside a protected environment. What is secure element compared with a normal microcontroller? The secure element resists physical attacks, side-channel analysis, and forced readout.
Secure element chips are one piece of a layered security architecture. For more on device internals see security-architecture.
Air-gapped means the device signs transactions without any direct wired or wireless connection to the internet. Examples: QR-code-based signing or USB only with a dedicated, offline computer. This reduces attack surface but adds friction.
Firmware is the internal code running the hardware wallet. Always verify firmware authenticity before installing. Unauthorized firmware can expose private keys. See step-by-step updates: how-to-update-firmware-steps and verification notes at firmware-updates-verification.
Multi-signature (multisig) is an arrangement where multiple devices or keys must sign a transaction before funds move (e.g., 2-of-3). It reduces a single point of failure and is commonly used for business wallets, family vaults, or higher-value personal vaults.
For setup details and compatibility, see multisig-setup and multisig-setup-compatibility.
Short, practical checklist:
Step-by-step: create seed phrase -> write to secure medium -> verify by restoring on a test device -> store geographically separate copies. See full backup guide: seed-phrase-management.
But don’t confuse redundancy with security; more copies means more exposure risk.
Supply-chain tampering is real. A device could be intercepted and altered before it reaches you. Two practical defenses:
In my testing I’ve found that verifying signatures after a firmware update catches most obvious tampering attempts.
Short answer: Bluetooth adds convenience for mobile use but increases the attack surface; USB is straightforward and common; NFC is niche and typically low-bandwidth.
| Connection | Pros | Cons | Typical use case |
|---|---|---|---|
| USB | Reliable, fast, works with desktops | Needs cable or adapter | Daily desktop transactions |
| Bluetooth | Wireless, mobile-friendly | More attack surface if paired incorrectly | Mobile wallets, on-the-go signing |
| NFC | Simple tap, low power | Limited app support | Contactless signing on supported phones |
See deeper security notes at connectivity-bluetooth-usb.
Is Bluetooth safe? The FAQ below covers that.
Why use multisig? It mitigates single-device loss, theft, or vendor failure. Example setups:
Drawbacks: more complex recovery, compatibility considerations, and sometimes higher fees (on certain blockchains). Practical walkthroughs: multisig-setup and comparison-multisig-setup-guide.
Why update? Firmware often fixes bugs, patches vulnerabilities, and adds coin support. Why verify? A signed firmware provides cryptographic assurance the code is authentic.
How to verify (step-by-step):
Common mistakes I still see:
Cold-storage strategies vary by threat model. Single-sig is simple and adequate for many. Multisig adds resilience for larger balances. Spread backups across locations and have an inheritance plan (see inheritance-planning and geo-distribution-storage).
Connectivity comparison (already above) and backup strategies:
| Backup method | Durability | Ease of use | Compatibility |
|---|---|---|---|
| Paper (written) | Low | High | High (BIP-39) |
| Metal plate | Very high | Medium | High (BIP-39) |
| SLIP-39 shares | High (redundant) | Medium | Limited (SLIP-39 wallets) |
For feature-by-feature wallet comparisons see comparison-table and compare-other-hardware.
Q: Can I recover my crypto if the device breaks?
A: Yes, if you have the seed phrase. A recovery on a compatible wallet restores access. For step-by-step recovery see recover-if-broken.
Q: What happens if the company goes bankrupt?
A: Your funds are not stored by the company if you control your private keys. Hardware manufacturers provide the tool to sign; the keys are yours. Plan for vendor risk by using open standards and documented recovery options. See company-bankrupt.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth introduces additional risks compared with USB. Practical mitigations include pairing only with trusted devices, keeping the wallet firmware up to date, and using optional passphrase protection. For detailed guidance see connectivity-bluetooth-usb.
Q: What is the difference between BIP-39 and SLIP-39?
A: BIP-39 is the common 12/24-word seed standard. SLIP-39 (Shamir backup) splits a recovery into multiple shares with a threshold. SLIP-39 gives flexibility but is less widely compatible.
Q: What if I forget my passphrase (25th word)?
A: If you forget the passphrase, funds are effectively lost unless you have another copy or can recall it. Treat the passphrase like a separate secret. See passphrase-25th-word.
Glossaries are most useful when paired with hands-on practice. Start with a controlled setup: unbox, initialize, write the seed phrase by hand, and perform a test restore. If you want guided steps, check the setup walkthroughs and firmware guides:
If you have a specific term you want clarified, ask — I’ll expand this glossary with hands-on examples and screen-by-screen notes.
But remember: plain words written clearly and one tested restore are worth hours of theory.