KeepKey Review 2021
- 1 First impression of the KeepKey hardware wallet
- 2 The Set Up
- 3 Handling
- 4 Compatibility
- 5 Documentation & Support
- 6 Security
KeepKey is a hardware wallet from the Swiss crypto exchange ShapeShift. It stands out among the hardware wallet because, in addition to security, it also attaches great importance to the design. But whether they can also score in the other areas, you can find out here in the detailed test report.
First impression of the KeepKey hardware wallet
Buying KeepKey Online
KeepKey can so far be ordered almost exclusively online.
Currently, the hardware wallet is available in its own shop for a pice of 50,00 € (click here to check the current price). Payment is convenient via PayPal, cryptocurrencies or credit card. However, there are further fees for shipping. Since the shipment is made from America, customs duties may still apply.
Of course, the hardware wallet also be obtained through one of the world’s official resellers. They too offer KeepKey in their own shop.
Hardware Wallets should preferably be ordered directly from the manufacturer or official resellers.
Dubious shops or private sellers on platforms like ebay or amazon could manipulate the devices for their own purposes or trick the buyer. This way the thieves can steal all coins from your hardware wallet at a later date. Unfortunately there have been such cases in the past
Scope of delivery
The hardware wallet is packaged in a small box that is completely welded in foil. A seal closes the lid so that a previous opening of the packaging is noticeable. Of course, such a seal does not give 100% certainty, but is already a good approach.
The black cardboard box can be opened like a treasure chest. The lid is closed by a magnet. The hardware hardware wallet KeepKey will come to light. On the inside of the lid, the URL www.keepkey.com/get-started is printed where you can start setting it up. In the second level of the box is the accessory.
The hardware wallet KeepKey
KeepKey weighs 55 grams and has a rather unusual format with 35x90x10mm, which is suitable for viewing long cryptocurrencies addresses. The entire wallet is firmly wrapped in foil at the beginning.
Underneath the front plastic is the 256×64 3.12″ OLED display. At the top is a button and at the bottom is the micro-USB port. The back is made of aluminum (anodised aluminum casing) and bears the KeepKey logo on the left.
In addition to the hardware wallet, there is a one-meter long woven nylon USB-A on Micro-B cable. Of course, a note for the later backup must not be missing. This one is a thick colored cardboard at KeepKey. Likewise, a small booklet with legal notices is also attached.
Conclusion: First impression
KeepKey has also put a lot of emphasis on design and workmanship. The packaging already makes a high-quality impression thanks to the thick cardboard box with magnetic closure and silver printing. Also with the accessories one did not save finally times and a long woven USB cable enclosed. With the large screen and the aluminium case, the hardware wallet itself is currently the design winner among all models.
The Set Up
Never use a hardware wallet that is already set up. You must choose your own PIN code or password and perform the backup yourself. This is not given by anyone!
As indicated in the lid of the box, you start with the setup on the website www.keepkey.com/get-started. Here it is described in detail how to carry out the set up. From there a link to the current Chrome extension developed by KeepKey is provided.
Install Chrome extension
KeepKey relies on a Chrome extension on the software side. At the time of testing, there is a stable version and a beta version with ERC-20 tokens support, which will replace the other version in the medium term. As part of this test report, the latest beta version will be used directly on the recommendation of KeepKey. This can be installed in seconds with a click.
If you start the app after installation, you will be asked to plug in the hardware wallet. It may now be necessary to update the firmware first, which will be explained in detail later. Then you can start setting up the hardware wallet .
Set up KeepKey
A short setup is required before the hardware wallet can be used normally. This process is guided by the Chrome extension.
Instead of setting up a new wallet, you can also click on “or Recover KeepKey” in the first step. This allows you to import an existing backup. More on that later, too.
Choose a Name
At the beginning it gets creative: A name is set for the hardware wallet. This makes it possible to distinguish several KeepKeys. The name can be changed at any time later. Clicking on “Set Label” saves the name. No interaction with the hardware wallet is required.
A PIN is then set for security reasons. In this way, access is blocked in the future and unauthorized use is avoided.
For PIN-setting a random pattern of the numbers 1 to 9 appears on the KeepKey display. The numbers are then entered via the Chrome extension on the computer. For this, you press the corresponding box with the mouse. So it is not possible for malware on the computer to determine the actual numbers because the pattern on the hardware wallet is constantly changing.
The selected PIN can then be confirmed by clicking on the “Choose PIN” button. The PIN must then be re-confirmed to rule out errors. This time, of course, with a new pattern.
Creating a Backup
Now comes the most important step, which is to make a backup.
This is generated in the form of 12 words and appears on the display of the hardware wallet. The seed is generated by combining the entropy of KeepKey and the computer client, which together produce 128 bit of entropy.
Your recovery seed is the backup key to all your crypto currencies and applications. The recovery seed (backup) can only be displayed once. Never make a digital copy of it and never upload it online. Keep the recovery seed in a safe place, in the best case also safe from fire and water. Special backup products such as Cryptosteel Capsule or Billfodl are suitable for this.
No one but yourself can be held liable for financial losses caused by improper handling of sensitive data.
These 12 words are now best recorded on the included card in order to get to your coins in case of a defect or theft. The writing is then confirmed by long pressing the button on the hardware wallet. This completes the setup.
Conclusion Set Up
The setup process is quick and easy, as there is little need to interact with the hardware wallet itself. The surface is simple and tidy, which I like very much.
I find it a little worrying that the backup will not be checked on a random basis. So I could imagine inexperienced users simply skipping this step without noting the backup. This is dangerous, because there is only this one possibility. This is better solved by other hardware wallets.
KeepKey is also currently dependent on the Chrome browser, even though Google has already announced the end of the Chrome apps. According to its own statements, however, an alternative is already being worked on.
With the completed setup, you end up directly in your Bitcoin Wallet. From here, it’s on to receiving and sending cryptocurrencies, in this case Bitcoin.
If you want to send cryptocurrencies to your hardware wallet , you select the “Receive” button under the corresponding account and an unused address is generated. This appears directly both in the software and on the display of the hardware wallet.
Only if both addresses match should the address actually be used. Otherwise, the output of the address in the KeepKey software may have been tampered with.
Passing on then goes through the clipboard icon, for example, to copy the address to the clipboard. To generate more than one new address, click on the right arrow next to the QR code. This creates a new address. With the arrows < > you can navigate through the addresses.
This address can be shared with anyone you claim payment from. Of course, you can also send coins from a third-party provider to this address, for example from an online exchange like Coinbase. This address will work for the entire lifespan, but should only be used once due to privacy.
The corresponding accounts also provide an overview of transactions made so far. For this, click on the “Transactions” button, which opens a new window.
This is where a list is generated that displays all the transaction details of transfers of this account. The “details” link leads to a blockchain explorer, where more information is available.
Once coins are present in an account, they can also be sent on. To do this, you choose the “Send” button.
Here you will find a really very rudimentary form, which only allows the amount and the receiving address. After all, there is a button for sending all coins. After clicking on Send, the transaction must be confirmed twice to the hardware wallet .
It is also important here that the address displayed on the device matches the address you entered.
The fee is determined automatically and cannot be adjusted with your own software. This is paid to the miners for dismantling each block and securing the blockchain as a reward so that the network remains functional. KeepKey, of course, does not receive a share.
create more accounts
So far, everything has played out in the original Bitcoin account. However, with KeepKey software, it is also possible to add more accounts. These can be from the same cryptocurrency, or you open an account of another supported cryptocurrency. For this you click on “Add Account” in the software at the bottom right.
Here you choose the currency and a name for the new account. These accounts then appear in a list at the start of the software and you can switch between them at any time. Each account is set up in the same way and does not differ from the operating point of view.
Direct switching between cryptocurrencies
With KeepKey, it’s especially easy to swap one cryptocurrency into another. This is due to integration with the Shapeshift exchange. But how does it work?
Before the ShapeShift feature can be used, there must first be an account for both coins. Then you switch to the account, whose coin you want to switch to another and click “Send.”
In the recipient field, you select from the drop-down menu the account to which the coins are to be changed. So this is the cryptocurrency you will own after the ShapeShift transaction is completed. Thanks to the ERC20 token support, you can also exchange it with any (supported) token!
Now there is only one click on “Convert and Send.” Then the ShapeShift service must be accepted at the Hardware hardware wallet and, of course, the transaction must also be confirmed. The cryptocurrency is exchanged in the background at the current market value plus a fee and then automatically transferred to the chosen account.
Perform firmware update
KeepKey regularly asks you to update the device’s firmware. This enables new features and closes security vulnerabilities.
To start KeepKey in firmware update mode, you need to hold down the device button while connecting KeepKey. KeepKey then launches in firmware update mode. Now just follow the instructions on the screen. It is important that the backup is always available. After the update, the device could reset.
Once the update is complete, simply disconnect the cable and reconnect it. Now you can use KeepKey as usual. The firmware version can be checked by opening the settings in the KeepKey app, where the version number is in the bottom left corner.
The official application of KeepKey has definitely been developed on the principle of “less is more.” Just compare the functionality of cryptocurrencies with the hardware wallet TREZOR:Indication of multiple recipients, time-delayed shipping, custom fees, displays of inputs and outputs … There you will be slain with many additional functions. KeepKey attaches more importance to a tidy surface. As a result, everything is very clear and the software is easy to use. For the normal user, in my opinion, this is also quite enough. If you want more features, you can use a compatible third-party software at any time, such as Electrum.
However, the features offered should then also work smoothly. The lack of ability to adjust fees has led to erroneous transactions at Ethereum in my tests. Here, the transaction freezes in the confirmation screen because not enough gas has been charged. No error message appears and the software needs to be restarted. It would also be nice to be able to see the current equivalent in euros.
The large elongated display is proven in everyday life, as it can represent much better information. Especially long addresses can be read optimally. An absolute killer feature is, of course, integration with ShapeShift, which allows you to exchange between different cryptocurrencies directly within your accounts. This is very straightforward and you don’t have to mess around with the different addresses.
Thanks to the use of Chrome extensions, KeepKey can be used on almost all operating systems. Mobile use via Android with the help of an OTG cable is also possible:
- Chrome OS
As usual with hardware wallets, not only Bitcoin is supported. Many different cryptocurrencies are supported.
- Bitcoin Cash
- ERC-20 Tokens
KeepKey does not rely on the Wallet myetherwallet software for ERC20 token support, like many other companies, but has implemented its own solution into its Chrome extension. This is still in beta status and supports only a few selected tokens.
KeepKey is compatible with other third-party software, including:
For example, you could use Electrum instead of the KeepKey software. This software offers a lot more features, but is only compatible with Bitcoin.
Conclusion of compatibility
KeepKey can be used with the popular platforms, including Android. This makes it possible to use on the go.
KeepKey is currently a little behind in supporting cryptocurrencies . For example, there is still a lack of support for Segwit. I have not seen the implementation of my own software solution for ERC20 tokens before and I should definitely be positive.
Documentation & Support
KeepKey has an extensive support pagethat splits into multiple subcategories. So there is the answer to frequently asked questions, but also instructions especially for beginners. As usual, everything is only available in English.
Of course, if the documentation does not help, there will also be a dedicated support team to take care of the customer’s questions. This can only be achieved in writing and only in English.
One of the most important aspects of a hardware wallet , of course, is security. But how does KeepKey perform in this area?
KeepKey must be unlocked after each launch before accounts can be accessed. This prevents unauthorized persons from reading out account balances or sending coins. In addition, the number placement is randomly re-encrypted with each connection of the device, so that even a keylogger on the client cannot decrypt the PIN. Because the numbers are only displayed on the device and the input is done via anonymous boxes by mouse. This allows the PIN to be entered securely on an infected computer, according to KeepKey.
After a third failed PIN attempt, an automatic wait is imposed before another attempt becomes possible. The waiting time starts at 8 seconds and increases exponentially with each subsequent failure (16 seconds, 32 seconds, 64 seconds, 128 seconds …). As a result, the KeepKey remains locked for several years after a few false attempts.
If you have forgotten your PIN, but still its backup is no problem. You can also access a page with limited settings directly from the PIN input screen, where you have the option to delete the device. So you can then play your backup and choose a new PIN.
To restore a backup, the device must be on factory settings beforehand. Now you can start in the software via “or Recover KeepKey” like the recovery process.
First, as with the setup, a name and a PIN are first set. Then the backup is entered. Something special has been devised for this security-related operation. And the hardware wallet displays a cipher that randomly assigns each letter to another. Instead of the real drawing, the assigned must be entered via the keyboard. So, as with the PIN input, a keylogger can’t read the real password. After typing in the fourth letter, the word is automatically completed.
When importing with your own software, only 12 words are queried and displayed. However, it is also possible to import an backup with 18 or 24 words. To do this, simply blunt continue the input and confirm at the end.
Encryption by passphrase further increases security by using additional passwords at startup.
The passphrase option allows you to open multiple hidden wallets. Each passphrase opens a new, independent wallet based on your seed. This gives you the possibility of a plausible deniability ("PLAUSIBLE DENIABILITY") in case of blackmail, because the Recovery Seed only opens the first wallet. Activate this option only if you really understand it to not lose access to your coins!
However, the activation at KeepKey is a bit cumbersome, as you have to work here either via a python script, the developer mode of Chrome or a third-party software. You won’t find a simple button in the settings. Once the mode is activated, however, you are now asked for a passphrase in addition to the PIN every time you start.
Since the input of the passphrase cannot be done via the hardware wallet , it must be entered via the computer’s keyboard.
The basic advantage of a hardware wallet is, of course, also met at KeepKey: The private keys remain safe on the device. This protects them from hackers and cannot be reached over the Internet.
Additional security features such as PIN protection and passphrase encryption allow for even greater security. While most recovery-critical inputs (Recovery Seed and PIN) are made via the computer, the fact that all characters are encrypted or reversed is considered safe, according to KeepKey. The input of the passphrase, in turn, is entered without a cipher via the keyboard and is thus readable by attackers.
On the positive side, the whole project is OpenSource. This allows anyone to examine both the components and the software closely.
FAQ 7Ask your own question
That is not a problem. You can restore your accounts to a new hardware wallet using the recovery key you wrote down when you set it up.
Most wallets support more than just one cryptocurrency, but only generate one backup. Nevertheless, this one backup is sufficient to restore all cryptocurrencies as all private keys of the different wallets result from the seed that is backed up as a backup during setup.
Hardware Wallets such as the Ledger Nano X, TREZOR Model T, BitBox02 or KeepKey all work according to the same principle. They are a special form of a so-called wallet, which is used to manage cryptocurrencies. A hardware wallet is a physical device that securely and inisolationly generates the private keys to the cryptocurrencies. Due to the extra hardware, they have some advantages over software wallets:
- Private keys are often stored in a protected area of a microcontroller and cannot be transferred out of the device in clear text.
- Hardware wallets are immune to computer viruses that steal from software wallets.
- They can be used securely and interactively, private keys never need to come into contact with potentially vulnerable software.
- The software is in most cases open source, so that the user or professionals can validate the entire operation of the device.
However, it is important to understand that hardware wallets are an attractive target for attackers and depend on several assumptions to maintain security. They are not a miracle weapon, and there are several realistic ways to hack a hardware wallet Especially if someone has physical access to the device.
A new cryptocurrency is rarely supported directly by a hardware wallet at the beginning. However, most providers such as Ledger or TREZOR are constantly working to support new cryptocurrencies. Therefore, it is often worth waiting until the desired currency is supported by your hardware wallet.
I would like to give a hardware wallet as a birth gift. Do I need this every time I want to deposit coins or is there another way?
No, you don’t need the hardware wallet every time you want to make a deposit. It is only necessary to set up the hardware wallet and generate an address of the corresponding cryptocurrency.
Cryptocurrency can now be sent to this address on the desired cycle on a regular basis without the need for the hardware wallet. The address does not expire.
Are my cryptocurrencies stored in the hardware wallet, or where exactly are they? This is a very good question because the answer defines what your wallet actually needs to protect.
Cryptocurrencies are so named because they are secured by cryptography. For this you need a set of digital keys, for example your (very secret) private key. With this key you can encrypt and digitally sign things.
Let’s take Bitcoin as an example (other cryptocurrencies work in a similar way). The entire Bitcoin network is kept up to date by a common data structure called the blockchain. It contains records of all transactions ever made and is publicly accessible online, so anyone can read it. When you receive some bitcoins, say 0.1 BTC, you see them in your bitcoin wallet, listed under a bitcoin address.
At the same time, the bitcoins are not actually stored in the wallet, they are just an entry in the public blockchain. What the wallet stores is your secret private key that belongs to that address. Since you control that private key, you can spend those Bitcoins again: that’s how “Bitcoin ownership” is defined. Anyone can see these bitcoins, but only you can spend it, so they are yours. But that also means that *anyone* with the right private key can spend those bitcoins. Therefore, it is very important to keep this key secret.
What stops the manufacturer of your hardware from using a backdoor and simply stealing your cryptocurrencies? How much do you have to trust hardware wallet manufacturers?
While a completely “trustless” solution is probably not possible, manufacturers are doing everything they can to minimize the need to trust them.
Most of the software code of many hardware waller manufacturers is open source, i.e. publicly available. Anyone can check how the device works and how secrets are handled. Of course, not everyone has the ability to review code: that’s why independent researchers are often encouraged to analyze, and are often rewarded by bug bounty programs when they find something. This does not limit their ability to publish a full independent report without permission.
The essentials to go: A wallet manages your secret private keys and requires full access to them. You can and should demand full transparency about how a wallet works and ensure that independent public audits are encouraged.
Ask your question about the product. The question will be published here together with the answer after a few days. You will be notified by e-mail.
|Compatibility||Mycelium, Electrum, MultiBit, ShapeShift|
|Cryptocurrencies||Bitcoin, Ethereum, Litecoin, Dogecoin, Dash, Bitcoin Cash, ERC-20 Tokens, Namecoin|
|Platform||Windows, Linux, Mac, Android, Chrome OS|
|FIDO U2F Authenticator|
User Reviews 6