Hardware wallets may be all the rage right now, but multisig wallets are beginning to come of age, and there is already a wide array of options available for them. Which will you use to secure your stash online?
Looking over all of the major multisignature wallet services offered in December 2014, it quickly becomes apparent that no two were offering the same set of options. Being so early in the game and having so many different features and strategies to safeguard our coins, it's of little wonder that our results turn out so varied. After all, the very first multisignature wallet, BitGo, only made its debut this time last year and no best practices for multisig wallets have been universally established yet.
In my search I found fourteen projects in English offering multisignature wallets, so I'll try to split them up below into relevant groups and offer some of the best reviewed in alphabetical order.
Announced but not fully ready yet:
Four multisig wallet services are already being well-promoted and are in some cases fully operational, but they are not yet ready for full release:
These four all look very promising, but won't be included in the reviews below since they are not fully ready and instruct us not to use them with large amounts of coins as of the time of review, December 2014. (Or in Frozenbit's case, do not even have a website up yet at all.) Feel free to investigate them if you are ready to be a guinea pig, but do not store any considerable wealth on any of them yet.
Ready, but offering no co-signing service:
The next four wallets all appear to be excellent wallets, but they do not offer the service that most people come to associate with multisignature wallets; holding a key and co-signing it for you remotely. This makes them only partial solutions for the sake of this review, but they do offer the multisignature wallets themselves and these are all certainly useful for some kind of setup:
Armory and mSIGMA are desktop programs, while Coin Kite and Copay are web-based wallets with a large array of enterprise-ready options. All four have established places in bitcoin's future, but they leave it up to you to provide your own co-signer(s). This makes them not a wallet service at all, but more of a wallet platform for you to bring your own co-signers into, no matter if they are human or just a 3rd-party “oracle” service.
This can be very desirable for both security and flexibility, but unless you have your own coworkers, employees, or an Oracle service like Cryptocorp.co waiting there to sign your transactions with the other key(s) you give them, then this isn't a practical use for most people. There simply isn't an easy, extra layer of automated judgment people expect when they look for multisignature protection.
Some examples I can imagine these would be useful for are enterprise environments, big family trusts, and super-secure arrangements where you have multiple keys hidden in multiple places to add the ultimate layer of complexity to your security.
Such wallets let you generate up to 15 total keys (only 12 for Copay) and assign any number of required signers you'd like for the ultimate in flexibility. All four of these services can be used anonymously, but Coinkite is the only one of them that allows for TOR routing and 2 factor authentication (2FA) giving you extra layers of protection while online. They also offer merchant Point of Sale solutions and smartcards, too.
Full Multisignature Wallet Services:
That leaves us with six wallets services that are what most people imagine when they think of a multisig wallet; A website or app that holds one of the keys for your wallet remotely, in order to help you sign each transaction so that hackers can't get all of the keys needed from you alone.
These six wallets are very different from each other, all with their own strengths and weaknesses. The only things they have in common between them is that they all run on the web (most of them exclusively) and the all can use 2 factor authentication in some configuration.
Bitalo is a 2-of-2 key multisig wallet based in Finland. It's the smallest offering of the bunch, relying on a successful 2FA confirmation to sign your remote key. They also offer an exchange on their website, and have been in the news recently when they placed a 100 BTC bounty for the identity of a DDoS extortionist that was shutting down their domain, on Roger Ver's controversial Bitcoin Bounty Hunter.
BitGo is a 2-of-3 Key multisig wallet that was the very first to market, and it still appears to be the most popular multisig wallet so far. Interestingly, the first multisig wallet is the only one of the group to offer a 2-of-3 keys wallet, where the owner holds 2 keys. This configuration is widely regarded as the most safe type among personal-use, multisig wallets.
Out of all wallets listed here, BitGo may be the most simplified, making it a great first wallet for newbies to bitcoin.
Block.io is another 2-of-2 key multisig wallet, but this one can hold Litecoin and Dogecoin as well as bitcoin. Their site further puts heavy emphasis on their API service, claiming enterprise-level security and yet it is freely offered for using block.io wallets inside 3rd party applications and websites. They appear to have gone to great lengths streamlining their API offering, and proudly proclaim on the front of their site that it is the “Worlds easiest Block Chain API”.
Block.io's wallet is well-developed and smooth, with a couple of extra signing options, but it really differs from the others in that they require a pin # for their wallets as an added layer of security. They also feature “green addresses” which are basically pre-tested wallet addresses that can send and receive funds immediately and be guaranteed by Block.io.
Coinbase’s multisignature vault operates more like a physical cold storage safe than a wallet. Although you can send coins directly to it, you cannot spend coins directly from this vault at all; It works in conjunction with a coinbase ‘hot’ wallet, allowing you to store your funds in a 'deep' cold multisignature wallet that requires 48 hours and 1 or more confirmation on all withdraws.
During the mandatory 48 hour wait time on each withdrawal, they contact you to verify in every way you request them to, including email, SMS, and telephone. To recover a lost vault password, you have to download and run a vault recovery tool that works with their proprietary backup key.
GreenAddress is clearly the multisig wallet with the most options. While all other wallets here are restricted to 1 single platform, (usually in-browser) GreenAddress wallets are available on all modern platforms, including desktop and both phone and android apps.
This optional 1-of-2 key or 2-of-3 key wallet really stands out with their variety of ways to validate your spend requests. There is even a watch-only account that you can easily log into from facebook or reddit to view your wallet balance but never spend from. For a backup, you have access to a seed phrase to generate this wallet again if either key should be lost.
QuickWallet is a clean and simple 2-of-2 key wallet that was acquired by Huobi recently, and many parts of the site is in Chinese. The only option they offer for 2FA and therefore servicing your remote key is Google Authenticator, which was very simple to set up from inside their wallet at your leisure. In case of key loss, you get a single chance to backup the seed phrase to generate this wallet again. Since you only get 1 of the 2 keys, it is vital that you copy it carefully and save it somewhere safe, or this wallet could easily be lost forever with all funds inside. -There is no second chance to copy it again later.
The ideal mainstream multisig wallet:
All wallets reviewed here are well-designed and noteworthy, most with unique features. However, in search of the best mainstream multisig wallet, there isn't a perfect wallet yet. It is still too early to pick just one to hold up as a blueprint for the others to copy with all of these interesting options we have.
If we take the best attributes from these services and put them together in an 'ideal' web wallet, it would resemble GreenAddress more than any other wallet here, if you use its' optional 2-of-3 key setup, and took advantage of many of its' 2FA options.
GreenAddresses' array of security options can even be mix and matched so that hackers would not only need access to the various devices, but would first need to know how many and the correct combination of your devices to hack too!
Simply put, the more options available for authentication, the more hoops a hacker would have to jump through. Here's hoping we see more of these options arise as the technology unfolds.
Article updated 31st Dec 2014