How to Keep Your Seed Phrase Safe?
In this post, I will cover several ways how you can store a backup copy of your BIP39
seed phrase. Seed phrase is a group of words of different length, compiled from private or extended private BIP44
HD key for more convenient storage. See example of a seed phrase below:
Update person force shell deal online viable hundred awesome voyage sausage main deliver gloom lazy
Words for seed phrase are chosen from a 2048-word dictionary
where each word determines a specific number. All current cryptowallets suggest storing a seed phrase when wallet is activated (i.e. a list of addresses is created). Based on the seed phrase with BIP32 or BIP44, public-private key pairs are generated, encrypted with your password, and stored in your device memory. The seed phrase itself is not encrypted and is a straight and sole source of your keys. Therefore, each user is faced with the necessity to store a copy of their seed phrase securely, so that it can serve as a backup in case of the following:
1. Wallet password is lost
2. Device where wallet is installed is lost
3. Wallet is not functional
There are 2 approaches to storing the seed phrase: digital and physical. The first approach is related to storing data in computer systems. The second one is about storing data in the real, physical world. Let’s briefly review the first option, because it’s all about encrypting the phrase, which is not a perfect solution and I will later explain why.
1. The easiest way to store a seed phrase is to write it into file and encrypt it with any encryption software. The pros here is that your girlfriend will definitely not steal your phrase. The cons is that she can still delete the file itself.
2. Let’s improve the first option and copy the file into Dropbox. The pros are that your girlfriend will not be able to delete files completely, as there would still be a backup copy in the cloud. Cons are that the cloud could become inaccessible.
3. Anyway, let’s copy the file into several clouds and physical storage (flash drives or CD disks). We will use the 3–2–1 rule of backup: storing at least three backup copies, on two types of storage, where one is located off premises. The pros here are that there is weak chance all clouds disappear with your backup copies. Cons: you continue to be the weakest link in the chain. First, you still have access to the file from your computer. This opens opportunities for phishing. Second, your cloud storage accounts are most likely registered under your ID and, thus, could be compromised.
You can add even more complexities into this scheme. For example, you can set up a secret container with double encryption and store it in the cloud. In case one password is entered, container will release a different version of data, while another password will open up another new version. However, human factor continues to be the main vulnerability in digital storage.
Now let’s review the off-line, physical storage approach.
1. The easiest option is a ‘paper wallet’. You write a seed phrase on a sheet of paper and store it in your safe. The pros are that it is secured from phishing software. The cons are that safe can be cracked or burnt.
2. You can write the phrase on some fireproof material like metal
. It will not burn, but could still end up in abusers’ hands.
3. You can separate the phrase into word groups on several paper sheets and store them in different safes. It solves previous problem, though, and also creates a new one. What if one of the sheets gets lost? Then the integrity of the seed phrase will be broken and it couldn’t be restored.
4. ‘Paper Wallet
’ smart wallet is a service that allows you to split your seed phrase with desired redundancy. For example, you can split it into 3 pages where 2 of them will be enough for full seed phrase restore. Or you can choose to split into 7 pages where 4 pages would be enough. This way part of the pages are redundant, but in case of their loss you still keep the phrase recoverable. The redundancy algorithm in Paper Wallet originates from traditional RAID5
disk-based storages which are still widely used to protect your data in data centers all over the world. After the seed phrase is split in Paper Wallet, you have several pages for print with detailed instruction on each page describing steps to restore. Restore can be done manually or with the help of the Paper Wallet service. Its code is open and published on GitHub
. Paper Wallet service does not have a backend as all operations with your seed phrase are done on your browser level. The service itself is hosted on GitHub Pages
, so that you can be sure that it operates on code from the known repository. For security reasons, I recommend disconnecting your computer from the Internet when generating and splitting your seed phrase. This solution cons are that you have to store the pages separately. The pros on top of the above-mentioned are that you can restore the seed phrase using 3rd parties. For example, 1 page is stored at your lawyer’s, another one at your parents, and the last one is with you. Imagine you go abroad and lose your wallet and you urgently need a backup. If your backup is stored in a safe deposit box somewhere in New York, you wouldn’t get to it quickly. With Paper Wallet, you can ask your lawyer and parents for the pages, and restore the seed phrase in minutes.
In this post I reviewed two conceptually different approaches to storing the seed phrase from your crypto wallet: digital approach and physical approach. Both have their pros and cons. When choosing between them, choose the level of risk that you are comfortable with.
Subscribe to get your daily round-up of top tech stories!