One of the best ways to protect your Daedalus paper wallet certificate :
Originally posted in another thread.
- When saving the pdf file for printing and verifying do NOT save or view on Daedalus computer, instead save to a removable flash drive, which is promptly ejected from the computer. Take that flash drive to an air-gapped (not connected to any network ever) computer, enabling viewing and verifying of the paper certificate offline. I use Raspberry-pi computers for air-gapped work, they never go online and are low cost.
- Write the additional 9 words down on a piece of paper.
- If on windows, when typing in the 27 words to verify your certificate use a virtual keyboard like Oxynger KeyShield.
The trick when only using a virtual keyboard is doubling the last letters, then delete one, Daedalus will then expose the appropriate word choice, which is clicked, advancing to next recovery word.
Like so, click on the revealed word:
After every word, change the virtual keyboard layout (overkill but I do this):
Some of the security features it offers:
I’m targeting the most likely attack vectors, grabbing the pdf certificate and logging keystrokes .
By not viewing or saving the paper certificate on an internet machine, the pdf is safe, by the way, scrub that flash drive so no one can recover your certificate . As Daedalus requires us to input the 27-word paper wallet recovery phrase, using a virtual keyboard thwarts key, mouse and screen capture loggers.