Oddbean new post about login | logout I continue to maintain that the vast majority of popular hardware wallets are borderline incompetent.
so many users could have been better served by an offline android
Such thing doesn't exist.
We are far from free entrepreneurship these days. Rather to the contrary, all companies turned into enforcement arms of the governments. The incentives are clear for HWW manufacturers like Ledger. Despite different claims they are not aligned with their customers well being nor privacy. That's also why the future is going to be based on decentralised protocols and verifiable open source hardware. It's the next evolutionary step to get rid of everything that is part of the fiat scam.
What do you use or recommend?
An old android phone (preferably one still getting security updates, but either way keep it offline), maybe the cheapest laptop you can buy in person at Walmart.
Keeping a phone with a propriatary GSM module offline? Who are you and what did you do to Matt?!
Faraday bag. Physics fixes this.
Until you have to take it out. Though if you have a faraday room you can enter during signing you have a point.
If you don't have a faraday room, I'm sorry, you're ngmi
😂 good one!
And what wallet software do you run on the phone?
Can one mittigate this incompency with a passphrase?
No.
Why?
Either the passphrase is convinient and memorisable but easily bruteforceable or it has enough entropy but then it's just like a 2 of 2 multisig which is much more dangerous for loss of funds than a 2 of 3 multisig. You can make the case that using a passphrase + having decoy funds in the non-passphrased wallet would help against unsophisticated attackers.
I can entrust these mickey mouse devices with multisig only