These instructions are pretty generic and your methods may vary. Do several test runs going through the entire process of generating, funding, and redeeming with small amounts of whatever method you choose to be sure your system works and you don’t get locked out of your own funds. Don’t make it too complicated that you can’t remember.

Here’s how you do it:

The object is to create your seed(s) and generate your address(es) offline on a computer with a fresh OS install or live disk and keep that computer as a dedicated cold storage. A laptop works well for this and/or a virtual machine. Normally you need to be online to use the wallet in order to get your address for your seed, but the paper wallet lets us work around this.

Your setup may vary, but for simplicity we will use a laptop and Microsoft Windows restored to factory settings. Disable networking on both Ethernet and Wi-Fi and never reconnect it. This is an offline cold storage vault. Get all the tools you need first on a thumb drive and then boot into your cold storage computer.

The tools you will need to save to your usb drive are:

  1. IOTA seed generator of your choice
  2. IOTA paper wallet generator
  3. KeePass installer.
  4. I also had a copy of Google Chrome.

Once you are on your laptop with a fresh copy of Windows, insert your usb, install chrome and KeePass. Open KeePass and create a new database with a password and key file.

Start generating seeds:

  1. Generate your seeds and input them into the paper wallet generator to get your corresponding address.
  2. Record both your seeds and addresses in KeePass, save it to one or more usb drives for backup.
  3. On a separate USB thumb drive, save just your addresses only to a text file and copy to your online computer.

You now have a list of addresses you can start sending your funds to for cold storage.

Optionally: Write down or print your paper wallet and/or KeePass password and keyfile using a usb printer that doesn’t have networking capabilities. Make sure it isn’t one of those that has a hard drive that records copies of your prints.

For the extra paranoid, encrypt your hard drive and your usb backups.

Create at least 2 backups of all your data for good practice and store them in separate safe locations. Never connect your cold storage computer or usb backups to the network or any other computer until you have spent or removed the funds.

Hopefully a hardware wallet will show up sometime in the future to make this easier. If you store the key file and the password in the same location as your backup, it defeats the purpose of encrypting.

So, you can store the keyfile and password in several separate places that you won’t lose like your cloud storage or online password manager and then keep the actual database file safely offline.

So now you have your seeds safely generated and secured offline with multiple backups and you have your text file with your addresses that you can begin withdrawing your IOTA to from the exchange online. Go to bed knowing your funds are secure from hackers. It also makes them less accessible to panic selling.

FAQ

Why use the paper wallet generator?

The GUI wallet won’t show your addresses while it is offline and connecting online defeats the purpose of cold storage.

Why cold storage?

You can’t hack air. As long as your wireless is disabled and you maintain an air gap, there is no remote attack vector. By storing your seeds in encrypted backups, you neutralize local attacks as well. For more information see this video by Andreas Antonopoulos on coin security.

Why KeePass?

It’s convenient, it works, provides strong encryption and even seed generation capabilities. You can use it as a seed generator as well by generating passwords of 81 uppercase letters and replacing one or more letters with 9(s).

How do we know we can trust the paper wallet generator?

Test it out and examine the code if you want, if it is generating the same seed and address combination as the light wallet you will know it works. As long as you are using it offline you can be sure it isn’t leaking your seed remotely either.

Please don’t lock yourself out of your own funds by losing either the database, password, or keyfile. Keep them secure but don’t lose access to your seeds because nobody can recover them for you.

Disclaimer:

Not responsible for lost funds. This post was written and granted use of by /u/DanDarden