Introduction: hot and cold wallets
Wallets as “devices capable of authorizing transactions” are hot when connected directly to the Internet and cold otherwise.
Wallets use the private key to sign transactions, authorizing them. If someone has access to your private key or your wallet and authorizes a transaction sending them all your coins, most likely you will not see your coins again
While the classification is usually binary (hot—cold), it is better to think about different levels of “temperature”, from hottest to coldest, these would be the options:
Browser extension: A web browser is meant to be connected to the Internet, and browser extensions make DeFi accessible, although not necessarily very secure. Different browser extensions may incorporate additional security measures, like logging out after some inactivity time, or 2FA. Metamask is a popular browser extension as it has good compatibility with blockchains and protocols.
Mobile app: Counterintuitively, a mobile app provides additional than a browser extension. While phones are connected to the internet nearly permanently, using WiFi and the mobile network, and never turning off, they have an advantage over regular PCs, no administrative privileges from users, potentially keeping them safer.
Hardware wallet: Hardware wallets are devices normally not connected directly to the Internet, but to your computer or phone, making hacking attempts harder, although not impossible.
Piece of paper, metal plate, your brain,… As long as you can keep it out of sight for other people, and preserve it from deterioration, your seed phrase is the crucial part that you need to access your tokens1.
Hacking attempts are going to normally focus on the weakest link in the chain. Oftentimes, they are not going to target technology but the person using it, through social engineering. In other cases, the attacks are going to target protocols rather than specific users, e.g. check rekt.news. After considering the types of wallets, in the case of crypto, the normal precautions applicable to other contexts are similarly applicable2.
As a conclusion, you may want to use browser extensions for convenience and hardware wallets for security. You can use both with the same wallet as well, using the browser extension to interact with the interfaces and the hardware wallet to authorize the transactions, with the private key never leaving the hardware wallet. If that is the case, check if your chosen options are compatible with each other.
Perhaps more important than hot and cold wallets is the next topic: custodial and non-custodial wallets.
To use them, you will also need the means to sign transactions, which includes an Internet connection.
If there is interest in Internet security, please let me know. Otherwise, I will not be covering it. As general rules: keep your software updated, and do not mess with it.