First, it’s important to understand the underlying security and encryption methods used by MEW wallet to secure your private key.
Your PIN code or biometric access, such as FaceID or Fingerprint, are the first step of accessing your private key information from the secure local storage on your mobile device. It follows this general path, with extra layers of security and encryption steps omitted for simplicity:
PIN/biometry -> Secure Enclave Key -> Master Key -> Private Key
Since your PIN code is not actually used to encrypt your private key, it is unnecessary to use a complex password for access. If a hacker managed to get hold of your device and somehow managed to access your encrypted private key, they would have to brute-force a proper AES 128 bit SE encryption, which would take longer than the age of our universe to accomplish.
The other scenario is that someone gains access to your phone and tries to use your MEW wallet app to send funds directly. First, they would need to unlock your phone’s main lock screen, then they would need to unlock your MEW wallet app. (For stronger security, use different PINs for your phone’s lock screen and your MEW wallet app!)
Brute-forcing a PIN code requires trial and error to try and determine the correct combination. However, both your mobile device and the MEW wallet app have placed heavy restrictions on the number of attempts you can make to unlock them. For this reason, the possibility of someone accessing your app with your phone is very small, even if they have prolonged access to it.
While using a password or a PIN code are both viable options, we chose the PIN code route for simplicity, efficiency, and the ability to place restrictions on the number of attempts to unlock.
The best way to keep your funds safe using the MEW wallet app is to make sure you write down your 24-word recovery phrase on paper with a pen, double-check every word, and store it somewhere safe for the long term. Don't store your phrase online, don't enter your phrase on any websites, and never share it with anyone. The recovery phrase offers complete and permanent access to your wallet.
mewwalletios, mewwalletandroid, access, pin