Portal Hardware Wallet by TwentyTwo

[Tento článok v češtine a slovenčine na Bitcoin Alza]

Doing reviews on new hardware wallets is a bit of a difficult task – most of them don’t bring anything new to the table, they find their close-knit group of supporters, often fueled by a few successful podcasts, and eventually end up forgotten and unused. That’s fine until you want to get your sats out of them. That’s why I am holding back a bit when reviewing the next wallet that doesn’t deliver anything extraordinary.

In the case of TwentyTwo’s Portal wallet, it’s different precisely because it has a truly unique design. It’s a wallet primarily designed for use with smartphones, but it doesn’t have a battery, doesn’t use a cable, and doesn’t use Bluetooth. Its primary communication interface is NFC. At the same time, it is open-source and bitcoin-only. That sounds like it could be a replacement for SatoshiLabs’ popular Trezor for people who are on the go. Only, not really…

Unboxing and first look

The Portal’s packaging is simple and eco-friendly, as is now popular with new products. It has a bit of a “geek character”.

You will receive the portal in a box with recycled paper and in a “tamper-evident” envelope without any accessories. The advantage is that no accessories are needed – Portal is used purely without cables.

It is clear from the packaging that this is a new product from a small company. The first step is to verify the serial number of the envelope by the serial number on the box, on the envelope and, when initialized, on the display of the device. You can read in the manual about how to do this.

Hardware

The first thing you’ll notice when you unbox the wallet is that it’s big – it’s almost as big as a regular smartphone in height. The authors address this topic in their blog “Why you are all wrong“. Apparently, this is one of the things they are criticized for. Let’s break down their arguments. First of all – the wallet has to work via NFC, which is on the back of your phone, with a large enough antenna through which the device is also powered. This explains the “great circle”. But beyond that, you need to be able to see the display of the wallet, so it should be far enough away from the circle that you can see what’s written on it and use the button to confirm transactions and interact with the wallet.

But here we come to the question – who is the device is for? The authors write that we should use Lightning for normal payments and they continue:

“So why should Portal, an on-chain hardware wallet, be portable? If anything we should discourage portability. People shouldn’t be walking around with the keys for all their life savings, no matter how strong of an encryption key they have on their devices. Remember that 5$ wrenches exist and are readily availalbe to criminals.”

That may be true, but there’s a pretty wide spectrum between lifetime savings and Lightning paying “for a cup of coffee”. From digital nomads, to entrepreneurs or bill collectors, the use of a portable wallet is quite varied. Here, moreover, we come to the practical questions – if you don’t have a portable wallet, why bother with NFC at all? In that case, it’s not enough to simply use a USB-C cable, which will also extend the possibilities of use from a desktop computer.

“We believe this misconception comes from the fact that Portal is “mobile-native”. People naturally see smartphones as mostly portable devices. And while that’s definitely true, people also use their smartphones within the comfort of their homes or offices.”

Why then exclude from use desktops that are at home? Sometimes it can be more convenient to do a transaction from mobile. But sometimes it’s easier from a desktop.

By the way, the device cannot be directly protected by a hardware PIN, which in turn makes the mentioned $5 wrench (physical) attack easier. Nothing can be entered on the device itself, it only has one button that is used for confirming.

Portal from the back. The transparent design is appropriate (and kind of nice) for an open-source wallet.

But let’s get to what makes Portal different from all other hardware wallets. It’s wireless, but at the same time, it has no battery. This is made possible by the use of NFC technology. The idea is a good one in itself – batteries are perishable and we want to own Bitcoins for longer than the lifetime of a common battery.

The other solution to this problem would be to use USB (ideally USB-C), which provides both communication and power, similar to NFC. In this case, however, we would need a USB cable in addition to the device (but any Trezor with a short USB-C cable is smaller than the Portal, so the mere existence of the cable doesn’t matter, you can keep it connected to your wallet permanently). Perhaps the only problem is that the Trezor can’t be used to send Bitcoins from iPhone and iPad devices. For users who want to use a hardware wallet with Apple devices, the Ledger Nano X wallet, which communicates with Apple devices via Bluetooth, is currently the standard.

Of course there are many other solutions to these problems. With Coldcard for example, you can use standard batteries (either 9V or 3xAAA). But Coldcard is not open-source.

Using Portal would be a good replacement for Ledger, as it has had its share of controversy – and unlike Trezor or Portal, it is not open-source either. We could even put up with the fact that we can’t use the device with a computer, since the latter usually doesn’t have a compatible NFC interface.

However, using it with a phone is quite inconvenient. It is relatively difficult to keep the Portal in the right place on the mobile so that it is always on. Basically, you have to hold the Portal pressed against the back of the phone with one hand, and if you move more than the tolerance of the NFC ring, the device shuts off and whatever you were doing has to be done again. Of course, the recommended use is to lay both the Portal and the phone on the table. However, this makes it difficult to scan QR codes and you have to do it in the presence of the table 🙂

Image: Portal initialization is similar to all other wallets. You write the seed and that becomes your backup. Portal only supports the traditional 12-word seed, I haven’t read about Shamir backup support.

The button confirmation is quite cumbersome. It doesn’t always respond to a press and needs to be pushed or touched again, which is often difficult if you have to hold the Portal pressed against the mobile with the other hand, or hold the mobile in a stable position if it is on the table and on the Portal. The display is quite large, but instead of displaying the Bitcoin address on multiple lines, Portal scrolls the address. So for ergonomics of use, it has pretty substantial minus points – even Trezor, which “hangs on a USB-C cable” from the mobile, is more pleasant to use than Portal.

Software

Unlike wallets like Trezor or Ledger, Portal doesn’t have its own app. You can use Bitcoin Keeper or Nunchuk. I mean, theoretically, because Bitcoin Keeper is not available in the Google Play Store for my location for some reason. That’s pretty strange for an open-source wallet. One can of course download the APK, but it’s still strange (minor note: the APK build is version 2.0.0 currently, but the release says 2.0.1, so it wants to update repeatedly through Obtainium).

This is of course more of a problem with Bitcoin Keeper itself than Portal, but I still find it odd that an open-source wallet is geoblocked. Even after installation, I couldn’t get Portal to work with Bitcoin Keeper, so that leaves us with Nunchuk.

Nunchuk also has its bugs, for example it doesn’t support taproot addresses, but otherwise it is usable for most normal operation.

A little annoying is that for each operation, the Portal needs to be removed and reattached. Once attached, the device makes a loud sound. So if you’re making multiple payments, for example, or conversely generating and verifying addresses, you’re constantly attaching the device and hearing a loud beeping sound. While doing this review, I got complaints from a family member that the beeping woke her up. You probably also do Bitcoin transactions at night when everyone is sleeping, right?

The disadvantage of the display is that it does not display the QR code (for example, if you want to accept Bitcoins, it is better to scan the QR code from the display of the hardware wallet and not from the display of the mobile device, which can be hacked). This is especially important for OTC traders, who might use the Portal the most – in the field it is a good idea to show the client the QR code from the wallet.

However, even the text display of the address is not very user-friendly. For example, Trezor displays the address in full on the screen and fragmented into parts. The same address in the same format is also displayed in Trezor Suite, so it is possible to compare the two in a simple way. Portal displays the address by scrolling – and when it finishes scrolling, it even starts scrolling in the opposite direction, so you can check from right to left – which is very unnatural. I would find it easier to break the address into parts, compare, and after the comparison of part that fits on the display, just press (not hold) the button to display the next part. Comparing a runaway address on the display is not a pleasant user experience.

Documentation

Apart from the Getting Started page, there is virtually no documentation (at least none that I could find). For example, a new firmware version has appeared on github, but I have no idea which file to give to Nunchuk to update. Nunchuk doesn’t download the new version automatically, but I have to select the file from the filesystem. But which one should I download – firmware.bin, firmware.elf or fw-signed.bin?

Conclusion

I’m very glad that the development of hardware wallets hasn’t stopped. Experimenting with different forms of interfacing with devices, new form factors, different ways of interacting with software, etc. is what is driving the industry forward. While the authors of Portal would like you to leave a lifetime of savings in it, I can’t quite recommend that yet. For virtually all use-cases, you’ll do better to buy some Trezor or, if you want to use a wallet from a mobile device, especially from Apple, the Ledger Nano X.

The advantage of the long-standing development of traditional manufacturers shows itself to the full in the features – Shamir backup, support for wallet applications, new standards (taproot) and so on. Portal suffers from growing pains and ill-thought out admittedly minor issues, but these deteriorate the user-friendliness of the wallet quite significantly.

On the other hand, it’s great that we have another wallet with free and open-source firmware and hardware design that the whole community can build on. Unlike Trezor, Portal officially supports miniscript, which makes it possible to set up more advanced multisig schemes with time locks, for example. Unfortunately, the Liana wallet, for example, which makes full use of miniscript, does not support Portal because it is a desktop wallet, not a mobile app. So perhaps the authors’ assumption that we want to access our savings primarily from mobile devices is incorrect. Or the assumption of the authors of wallets like Liana, which are not mobile, is incorrect.

When it comes to wallets, I want features, continuous development and options (for example mobile and desktop use). Portal is not quite there yet.