How-to

How to choose a hardware wallet — think fit, not "best"

There is no single best hardware wallet. There is only the one that fits how you'll actually use it. This page walks you through how to think about the choice.

A hardware wallet is a small dedicated device whose only job is to hold your Bitcoin keys offline and sign transactions without exposing those keys to your phone or computer. People shop for one the way they shop for a phone — hunting for the "best." That's the wrong question. Every mainstream device is capable; they just fit different people and different jobs. Below is how to reason about the fit, and then a link to the side-by-side table so you can compare specifics.

The one idea that changes everything: the device is not your wallet

Here's the reframe that makes the rest of this easy. The device is not your wallet. Your seed phrase — the list of 12 or 24 words the device shows you when you first set it up — is your wallet. Those words are your money. The device is just a convenient, secure way to store and use them.

Why this matters:

  • A lost, stolen, or broken device is not a disaster. As long as your seed phrase is safely backed up, you buy a new device, type the words in, and you're back exactly where you were. Any device can restore a seed backed up on another, as long as both follow the standard word list (called BIP-39).
  • Losing the seed backup is the real disaster. No new device can recover money whose words are gone. This is the one thing that must not fail.

So if you find yourself agonizing over which device is toughest against theft, but you haven't thought hard about where those words live — you've got the priorities backwards. Pick a device you'll use comfortably, then pour your care into the seed backup.

The criteria that actually matter (in plain terms)

Instead of chasing a winner, score your shortlist against these. Weight them by how you'll actually use the device.

  • Air-gap capability — an "air-gap" means the device never physically connects to an internet-connected computer; it passes transactions back and forth by QR code or a memory card instead of a cable. Stricter, a little more fiddly. For most people, a device that plugs in by USB but keeps the keys locked inside is plenty. Strict air-gap earns its extra friction mainly for large, rarely-touched holdings.
  • Open-source firmware — "firmware" is the device's built-in software; "open-source" means anyone can read and check that code for flaws. That's safer than trusting a company's word that their secret code is sound. Prefer open-source where you can. It's a real advantage, not an absolute must.
  • A secure element — a specialized chip built to resist someone who physically has your device and tries to pry the keys out. Nice to have; it matters most if a determined in-person attacker is part of your worry.
  • Multisig qualitymultisig ("multiple signatures") is a setup where spending needs approval from several devices, not just one, so no single device is a single point of failure. If you plan to use it, some devices handle it smoothly and quickly and others are slow or clumsy. If you're single-device, you can largely ignore this for now.
  • Vendor track record — every maker has had a bug or incident. What matters is how they responded: did they patch fast, tell people honestly, and learn? Steady, transparent history beats a flashy spec sheet.
  • A UX you'll actually use — the most important and most overlooked. A device you find painful is a device you'll avoid, and an avoided wallet is an untested wallet. A full keyboard suits someone who types long passphrases; a simple phone-first device suits someone who wants no fuss. Match it to you.

A quick test for whether you're choosing on fit or on hype: can you say, in one sentence, why your pick suits your situation better than two alternatives? If not, you're buying a brand, not a fit.

Buy it right, and set it up yourself

How you buy and set up the device matters as much as which one you pick.

  • Buy direct from the maker (or an authorized seller), not from a random marketplace listing. This avoids tampered units and avoids creating a public record that ties "owns a hardware wallet" to your name and address.
  • Check the tamper-evident packaging when it arrives. It's a 30-second look that catches whole categories of trouble.
  • Generate your own seed on the device. Never use a wallet that came pre-loaded with words someone else could have seen. A trustworthy device makes fresh words in front of you — that's the whole point.
  • Test before you trust. Send a small amount, then wipe the device and restore it from your written words. If the money reappears, your backup works. Do this before you move anything meaningful.

If you already own a Ledger, it still works — just read its specific caveats before you lean on it, especially around its seed-backup service. The comparison table flags what to check.

If you're going to use multisig, buy different brands

This one rule is worth stating on its own, because it's the cheapest big upgrade in all of self-custody.

If you set up multisig — say, three devices where any two can approve a spend — use three different brands, not three of the same. The whole point of multisig is that no single failure can touch your money. But three identical devices share a single point of failure: one flaw affecting that brand affects all three at once, and your protection evaporates. Three different makers means a problem with any one brand can compromise at most one key. Every serious practitioner recommends this. It costs you nothing but a little shopping variety.

The comparison table makes mixing easy — it shows which devices play well together and which coordinating software supports them.

See the head-to-head

Now that you know how to weigh the choice, go compare the specifics. The wallet comparison table lays the mainstream Bitcoin devices side by side — price, connection type, air-gap, open-source status, multisig strength, and who each one suits — so you can match the criteria above to real options.

Prices and features shift over time, so confirm current details on the maker's own site before you buy.

The one thing to remember

The device is replaceable. Your seed phrase is not. A lost or broken hardware wallet just means buying a new one and typing your words back in. Losing the words means losing the money — forever. Choose a device you'll actually use, then put your real care into backing up the seed.

The short checklist
  • Write down your seed phrase and back it up safely before moving any real money — the words are the wallet, not the device.
  • Pick for fit: score your shortlist on air-gap, open-source firmware, multisig quality, vendor track record, and a UX you'll genuinely use.
  • Buy direct from the maker, check the tamper-evident seal, and generate a fresh seed on the device yourself.
  • Test before you trust: send a small amount, wipe, and restore from your backup to confirm the words work.
  • For multisig, use devices from different brands so no single maker's flaw can compromise more than one key.
  • Compare real options in the /wallets table, and confirm current price and features on the maker's site before buying.

Last verified: July 15, 2026