TL;DR: There are various types of Bitcoin wallets with different security and ease of use tradeoffs. Web wallets run in a browser, are highly insecure, and it’s best to avoid them. Mobile wallets are phone apps with private keys stored on the phone, offering more security than web wallets. Desktop wallets run on an application on your computer and provide increased security when paired with a hardware signing device (hardware wallets). Bitcoin nodes have a built-in wallet allowing you to connect directly to the Bitcoin network and pair them with other wallet types for added flexibility and security.
Let’s now look at some common types of Bitcoin wallets, and learn more about their strengths and weaknesses.
Web wallet: The wallet software runs in a web browser, with your private key stored in the browser or on a web server. This is highly insecure and should be avoided because it is constantly connected to the internet. Your private key might leak, allowing someone to steal your bitcoin.
Recommendations: none
Mobile wallet: The wallet software is a phone application with your private key stored on the phone. A mobile wallet is safer than a web wallet because a web wallet carries the additional risk of browser exploits, which are more simple to enact. A browser must always be considered compromised. In contrast, most phones have some form of a secure element (or blind oracle) for private key protection, but there may still be some risk involved because the keys for your mobile wallet are kept on an internet-connected device, meaning the keys are "hot." If the wallet software is fully open source, like with Blockstream Green, users can personally verify and audit the code and check whether or not their private keys are exposed to developers.
Recommendations: Blockstream Green, BlueWallet, Muun
Desktop wallet: The wallet software runs as an application on your computer, storing your private key either in the filesystem or externally on a specialized signing device, confusingly also called a hardware wallet. We will get to those in a minute. Since a computer tends to be connected to the internet, and has a large attack surface, storing the private key in the file system still comes with risk. Any virus or other malware could steal your key, and the bitcoin will move to the attacker's wallet. Using a desktop wallet with an external signing device, or hardware wallet, on the other hand, is highly recommended and will leave little chance for an attacker.
Recommendations: Blockstream Green, Specter, Electrum
Bitcoin node: The Bitcoin Core node software contains wallet functionality and has the advantage of connecting to the Bitcoin network as a peer among other peers, not as a somewhat limited client for sending requests, like most web, phone, or desktop wallets. Using a vanilla Bitcoin Core node correctly can be somewhat intimidating, but there are several free (and often open source) bundles that install with very few clicks and integrate a lot of ancillary functionality. As in the case of the desktop wallet, you should be weary about storing too much bitcoin if the private key resides in the file system. The Bitcoin node wallet can work with a hardware signing device, although it is not trivial to set up. If you want to run your own node and use a hardware signing device, take a look at the desktop wallets Blockstream Green or Specter, which can connect to your node and handle signing devices with great ease.
Hardware wallet (signing device): This is usually a small, limited computer with minimal external interfacing that securely stores your private key. Though it lacks much of the functionality of the other wallet types, it makes up for it with simplicity and improved security. When it cooperates with one of the other wallet types, it acts as an external device that basically does nothing but create private keys, create Bitcoin addresses (to receive), and sign transactions (to spend). Everything else is handled by the software on the other wallet type.
Recommendations: Blockstream Jade, Coldcard, BitBotx02