The main point to understand is that your password to your wallet gives you access to your private key, which when combined with your public key allows you to transfer Bitcoins.
If you are on a web based exchange wallet hybrid then your password to that exchange is to coin a phrase, “key”, and must be kept secret as anyone holding that then has access to your private key and therefore Bitcoins and can do as they wish.
The most secure and low risk type of wallet is a desktop wallet. Some of these such as Bitcoin-QT run the full Bitcoin client. There are others which concentrate on other various features, such as armoury which concentrates on security. Darkwallet attempts to take the ethos of anonymity further by using coin mixing. However desktop wallets are generally hard to run and use, and specifically aimed at those with a high level of technical knowledge.
The next type of wallet is your mobile wallet which does exactly what it says – it sits on your phone and comes with you wherever you decide to go. You can use these wallets to transfer Bitcoins to other people on the street either via touching your phones using near field technology, or by scanning QR codes. You can also use them in shops. These wallets are not full bitcoin or crypto currency wallets, as a mobile doesn’t have enough space to install the entire blockchain on it!
There are lots of options for your phone whether you are on android or apple, who have been notoriously close minded in their approach to Bitcoin having completely banned all wallet applications at one point. Kipochi actually allows you to use your phone number as a Bitcoin address and is a hope for mobile payments in emerging markets such as Africa.
Online wallets often double up as exchanges, and sometimes double up as a mobile wallet too. Their disadvantage is that in general the Company you use will have access to your Bitcoin private key address and when the security of these Companies is compromised, such as what happened with Mount Gox, client funds can be stolen. Coinbase and circle offer this hybrid wallet exchange where in the US you can actually use their services via debit card to then transfer into Bitcoin. Some other wallets such as Xapo & Strongcoin are working on security measures that mean the software is stored online but your private key is encrypted before being sent to their online exchange and accessing their funds or adding cold storage options.
Cold storage is essentially removing all traces of your wallet from being online. For example the guy who threw his bitcoin wallet away by accident was actually performing cold storage – disconnecting your private key from any network. The only option then is physical theft rather than cyber crime.
There are specific devices being developed to create specific devices to hold Bitcoins. One exciting option is the Nymi sports wristband that can store your Bitcoin and can use your own distinct heart beat as a security key to access your private key and perform transactions. Other hardware such as Trezor and the ledger wallet are secure ways of keeping your Bitcoins offline in a dedicated hardware device.
So what should you do to store your Bitcoins and crypto currencies from prying eyes. The best option is to have two wallets. One hot and one cold – just like your traditional wallet and your bank account. The hot wallet is your third party provider run wallet or mobile Bitcoin wallet – where you can pop into a shop and buy a coke by swiping your phone on the Bitcoin point of sale payment system, and your cold wallet is the safe stored in only a place you know where you top up your hot Mobile Bitcoin wallet from.
But be careful and beware. To find a wallet that suits you have a look at our wallet comparison page!