Getting Started with Bitcoin, Part 2: Selecting a WalletSubmitted by JixMainstream on Fri, 03/29/2013 - 15:41
In Part 1: What is a Wallet?, I briefly explained the "Block Chain", Bitcoin's complete transaction log, and I'd like to start this article by explaining a little bit more about the Block Chain and why it's important to Bitcoin.
First, take a moment to think about your bank. Aside from keeping your money in a safe, the bank maintains a system of record to track what you receive and what you spend. The bank tracks this for each of its clients, and though we cannot see the record, we trust that the bank is diligently and honestly tracking these transactions... But... what if you DON'T trust the banks?
One of the primary goals of Bitcoin is to create a system that doesn't require the trust of a central authority. To accomplish this, we need BOTH a system of record (the Block Chain), AND a way to ensure it remains visible to everyone. To satisfy the second requirement, Bitcoin's creator needed to get creative. If we were to keep the Block Chain only in the hands of a select few, we could never guarantee that they would keep it honest and transparent. In fact, the wider the distribution, the less trust is required. And if EVERY user possesses a copy, the trust required shrinks to zero. This is why, by default, the original Bitcoin client REQUIRED the user to possess his/her own copy of the Block Chain. (In a future section, I will describe why we can trust the Block Chain, how users maintain agreement on the Block Chain, and why its architecture helps keep Bitcoin honest.)
This original type of client is a "full client". It uses a locally-stored Block Chain and Private Key. (Remember, your private key determines your public address, AND authorizes you to spend the bitcoins located there. I'll be covering proper private key security later in this article.) Requiring every client to possess the Block Chain is awesome from a security standpoint, but it comes with some serious drawbacks. Weighing in at several Gigabytes (and growing), the Block Chain is really only practical to store on a computer with ample capacity. So what do you do if your computer is an old piece of junk that doesn't have the space to spare? Or better yet, how on earth would you pay for your groceries with Bitcoin if your key is on your computer? Clearly, you can't lug your PC into the store. That's where the next kind of client comes in, a "lite client".
The concept goes like this: "If I can't fit the Block Chain on my phone, I could store it on a server and have my client look for it there!" This is a fantastic alternative for people who don't have the space and time to deal with the Block Chain. It does, however, introduce a small element of trust required in the site whose server is hosting the Block Chain. You must trust that they will keep their servers open and connected to the Bitcoin Network. This trust isn't make-or-break for your bitcoins since your private key is STILL stored locally, and you could always just take it to a different client if things went awry.
So, while lite clients allow you to take your private key (and, thus, your purchasing power) with you, they are still only active on a single device, and if that device is lost, stolen, or dropped into the toilet, you could lose your bitcoins! Taking proper care for your private key can be a big responsibility, and let's face it, sometimes we need second chances. That is where this third type of client comes into play: the "mobile wallet".
This service is much like web-mail (gmail, yahoo, etc). You create a wallet with a third party, and they handle the Block Chain AND have access to your private key. The advantage is that you can log in to your account from any computer or any device in the world. HOWEVER, It requires a much higher level of trust: 1) That this third party will not lose or steal your private key, and 2) That this third party will sufficiently protect your account from external threat (hackers). While these wallets make Bitcoin extremely easy to use, they do not absolve you of responsibility. You STILL have to take care of your private key.
A common theme with each of these clients is properly protecting your private keys. I'm going to shout because this is important: FOR NEW BITCOINERS, LEARNING TO PROTECT YOUR PRIVATE KEY(S) IS JUST AS VITAL AS A PROSPECTIVE GUN OWNER ATTENDING A GUN-SAFETY CLASS! So heads up, pencils down, class. I'm about to give you a little Private Key 101:
1) Your private key is a 256-bit number. There are about 100-thousand-billion-billion-billion-billion-billion-billion-billion-billion, 256-bit numbers. This makes your private key impractical to guess.
2) Your private key can be shortened to a 58-character string, which is practical for storage. This string can be written on a sheet of paper or otherwise etched onto a medium of your choice for safe-keeping. Do this for EVERY SINGLE ONE OF YOUR PRIVATE KEYS. Never use a client (especially one for a mobile wallet) which does not give you access to your private key.
3) If your private key is located on a computer or device which can be hacked, lost, or stolen, only use a client that allows you to encrypt (password-protect) your key. Your Private Key is only as secure as your password. Here are some tips for a strong password. You can check your password strength by using these password strength checkers  .
4) If you believe your private key has been stolen or if you've misplaced a device on which you store or access a private key, you may still have time to save your bitcoins (ESPECIALLY if your private key is encrypted). If you believe you've been compromised, immediately send your bitcoins from that private key to a new wallet, and abandon the old one.
So now you know just about everything there is to know about clients and, most importantly, how they handle your private keys, but how do you pick the right one(s)? Well, if we are going to be replacing the function of our bank, we need to think like a bank. Most of us have a savings account for long term use, a checking account for short-term liquidity, and a wallet with cash for immediate use. The same scheme can work for Bitcoin. (The following are guidelines for an "Average Joe's Best Practices". There are certainly more secure ways to use Bitcoin, and there are _definitely_ less secure ways, but what I've listed below is what I believe to be adequately safe for most purposes.)
1) The first thing one should do is create your "savings" wallet. Write down the private address and keep it in a secure location - preferably a safe - but keep the public address handy. Don't forget to REMOVE that private key from your computer (preferably using a "shred" utility to overwrite the data, if your computer has one). Whenever you want to put some bitcoins into "savings", send them to this address. When a private key is not on an active device, it is considered to be in "cold storage". The only way to access those bitcoins is open your safe, find your private key, and import that key into a client. Since moving bitcoins from "savings" to "checking" is a bit of a pain (as it should be) only send coins you won't be using for a long time into cold storage.
2) Your "Checking" account should reside on your computer. This will be your most hands-on account. From here, you may either send your bitcoins to savings, or send them to "cash" (mobile wallet). Since you WANT your private key to be limited to a single active device, you should use either a full client or a lite client, but make sure it offers encryption options for your private key. Also make sure you have a virus scanner (COMODO and SuperAntiSpyware are good free options). Again, if you ever suspect your computer has been compromised, immediately send your bitcoins to a new wallet.
3) Your "Cash" is what you plan on spending in the immediate future. Since we want the broadest usability, I would recommend a web client. Just like with USD or any other currency, never carry more cash than you can afford to lose. There is always the chance you could lose your wallet or get mugged, and similarly, your mobile device could get lost or stolen. If you've kept track of your private keys (always, always, always write down your private keys) you will hopefully be able to recover your bitcoins, especially if you act quickly.
By this point, you should have a fairly solid idea of what types of clients are available. Now comes the tricky part (and perhaps your very first step to becoming a Bitcoin user), selecting your Bitcoin client(s).
The page I am about to link contains a wide selection of clients based on your device. "Software Clients" are designed specifically for your PC, and "Mobile Clients" are designed specifically for your smart phone. The "Web Wallets" will work on both devices. Note that some of the Mobile and Web clients are grayed-out because, as I discussed earlier, they are trust-based wallet services. These web wallets will be revealed by clicking "OK, I understand" when hovering over them.
Got that? Alright, then head on over to bitcoin.org/en/choose-your-wallet and pick out a wallet or two!
(Not wishing to bias this article with my personal preferences, I will save them for the comments section, where my suggestions will be equal to the other knowledgeable Bitcoin users on this forum!)
In the next part, I will cover where bitcoins come from and how to actually GET SOME! (On to Part 3!)
As always, if you have any questions or comments, please feel free to ask/share!