Hardware wallets offer the highest degree of usable security for cryptocurrency owners.

Hardware wallets are dedicated single-purpose offline computers used only to store private keys and conduct cryptocurrency signing operations. Private keys are generated on the device and never leave it; they can not be exfiltrated via a network connection. The devices connect to internet-enabled computers via NFC / QR codes / USB to transfer data and provide signed transactions for broadcast.

Some people feel that paper wallets are more secure than hardware wallets since they are non-electronic and therefore free from direct malware threats. But paper wallets add a host of complexity, taking setup and use time from minutes to hours or even days. Additionally paper wallets can still be affected by malware, since PCs and printers are often used in their generation. Some paper wallet generator sites themselves are malicious and generate keys that are known by the wallet author. Users of paper wallets still must consider supply chain attacks, air-gapping, how to trust the software stack, and side-channel attacks when generating paper wallets.

We use hardware wallets to store the majority of keys and conduct signing operations because it is the best way today to create secure storage systems that are usable by the general public.