 Show Posts
|
|
Pages: [1] 2 »
|
Sharing the strategy I’m using to protect my own hardware wallet backups. Simply described process is as follows: Step #1: Keep Your Recovery Seed 100% Offline – ALWAYS Step #2: Enable Passphrase On Your Hardware Wallet Step #3: Backup First Passphrase Part Offline Step #4: Schedule Recovery Email Containing Second Passphrase Part More details here: https://seedcret.com/kb/how-protect-hardware-wallet/The benefits are: BENEFIT 1 (for myself) – peace of mind: Even if I would forget my passphrase, I know where to look, to refresh my memory BENEFIT 2 (for others) – inheritance plan: In advance, I can let my family know where both physical backups are (the recovery seed and the first part of the passphrase) and also that they would receive the recovery email containing the second passphrase part in case of an accident/death Of course, I can give the second passphrase part to my family right away but I don’t want to do it because: The more people know it, the higher the risk is, that it will be compromised (even if by an accident) I want to make sure that my family will access my assets once I am not here but not before (when I am still here:)) BENEFIT 3: No need for lawyers or any third party that you have to trust BENEFIT 4: Passphrase backups separated offline and online – a criminal visiting your flat won’t be able to find the whole passphrase in one place I’ll be happy for any comments. |
|
|
|
Your 2nd post seriously deserves a merit. The entire tutorial is easy to understand though I knew about majority of what you discussed already, but newbies can appreciate the gesture.
The inheritance part is something which many investors skip due to which incidents like the recent QuadrigaCX CEO death happen.
Again - very happy to hear it  I'll do my best to continue with the project ... |
|
|
|
Although I do not use a hardware wallet anymore since I lost my ledger nano a year ago, but thanks for sharing this tutorial to secure our hardware wallet. It is helpful for those who owns hardware wallet especially newbies who plan to use it in the near future.
Thanks. Happy to hear it! |
|
|
|
Hi friends, I'm working on a new service to help people manage their crypto hardware wallet backups. If you'd have some time to spare I'd greatly appreciate if you could take a look and share your feedback. There's not much I could offer back except good karma and give you premium features for free (once built and finished). But I can promise that your feedback will help me develop a better service that will benefit you and the broader crypto community. Thanks in advance  Homepage: https://seedcret.com/Here is a use case scenario: https://seedcret.com/kb/how-protect-hardware-wallet/https://seedcret.com/demo/ |
|
|
|
only thing I do to secure my wallet is to keep my recovery phrase online.
You mean keeping your recovery seed OFFLINE? :-) Thanks for your comment! |
|
|
|
Sharing the strategy I’m using to protect my own hardware wallet backups. I’ll be happy for any comments. STEP #1: Keep Your Recovery Seed 100% Offline – ALWAYSI created multiple physical recovery seed backups (wrote my recovery seed on a paper) and stored it in different places, 100% offline. I tested the recovery seed I wrote on the paper to make sure I made no mistake. Here is how you can test your recovery seed: For Trezor wallet: https://wiki.trezor.io/User_manual:Dry-run_recoveryFor Ledger wallet: https://support.ledger.com/hc/en-us/articles/360007223753-Recovery-CheckAlso I’m considering buying a Cryptosteel or other “indestructible” metal seed storages: https://medium.com/@lopp/metal-bitcoin-seed-storage-stress-test-21f47cf8e6f5Finally, I scheduled regular reminders to check all my backups and make sure they are okay (not stolen/destroyed). STEP #2: Enable Passphrase On Your Hardware WalletThe passphrase is widely recommended by cybersecurity professionals and has multiple security effects as: · If you do not use a passphrase, your recovery seed is all that is needed to access your coins · Passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well · Do not store passphrase right next to the backup of your seed. Consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months · A passphrase or more passphrases can be used with the same device to create the so-called “hidden wallets” · You can share your account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their custom passphrase – this is especially useful for inheritance planning Read more about the passphrase security benefits from official Trezor wallet resources (similar also for other hardware wallets): https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bhttps://blog.trezor.io/seed-pin-passphrase-e15d14a0b546According to these recommendations, I activated a passphrase to protect my recovery seed. Let’s say my passphrase is “my-super-secret-passphrase-20190414” STEP #3: Backup First Passphrase Part OfflineEven if I can remember my passphrase, I am aware that I might forget it due to the passage of time, disease or accident. Not likely, but it might happen. That’s why I wrote down the first passphrase part (“my-super-secret-“) on a paper and stored it in a different place than the recovery seed is stored (to keep recovery seed and the first passphrase part separated). Then I scheduled regular reminders to refresh my memory, not to forget my passphrase and check all my backups. STEP #4: Schedule Recovery / “Inheritance” Email Containing Second Passphrase PartAnd now the most important thing. I scheduled my recovery email containing the second passphrase part (“passphrase-20190414”). What does it mean? If I am inactive longer then a waiting period I choose (e.g., 3 months), my family will receive the recovery email containing the second passphrase part. In my recovery email, I put important details on where my family can find my physical backups (recovery seed and first passphrase part), plus it also includes the second passphrase part itself, which they need to access my digital assets. You can use this recovery email template as an inspiration: https://seedcret.com/kb/recovery-email/Besides Seedcret free account, you can schedule your second recovery email (as a backup) also with Google Account Inactive Manager: https://support.google.com/accounts/answer/3036546?hl=enWHAT ARE THE BENEFITS? WHY I DID IT?BENEFIT 1 (for myself) – peace of mind: Even if I would forget my passphrase, I know where to look, to refresh my memory BENEFIT 2 (for others) – inheritance plan: In advance, I can let my family know where both physical backups are (the recovery seed and the first part of the passphrase) and also that they would receive the recovery email containing the second passphrase part in case of an accident/death Of course, I can give the second passphrase part to my family right away but I don’t want to do it because: · The more people know the passphrase, the higher the risk is, that it will be compromised (even by accident) · I want to make sure that my family will access my assets once I am not here anymore but not before (when I am still here:)) BENEFIT 3: No need for lawyers or any third party that you have to trust. BENEFIT 4: Passphrase backup in separated into two parts stored offline and online – a criminal visiting your flat won’t be able to find the whole passphrase in one place (because the second passphrase part is stored online) |
|
|
|
Hi friends, I'm working on a new service and trying to understand how people manage their crypto hardware wallet backups today. If you'd have 2 minutes to spare I'd greatly appreciate if you could take the anonymous survey below. Specifically, I’m trying to get some insight into what is the reasonable balance between safety and security for crypto owners when managing their recovery seed and passphrase backups. For example, the most obvious and arguably most "secure" is storing your passphrase backup in your head. However, this maybe isn't that "safe" in case of forgetting your passphrase due to the passage of time, disease or an accident. And certainly, it's not "safe" at all for inheritance purposes as your passphrase is going to the grave with you, leaving your Next-of-Kin with nothing Sad There's not much I could offer back except good karma and sharing the survey results. But I can promise that your feedback will help me develop a better service that will benefit you and the broader crypto community. Thanks in advance Smiley https://docs.google.com/forms/d/1M27KYjG622Jq55-fD1EFZqYKEKtH_S7g1krFDfaWISo/PS: If you are interested in the service I’m building, drop me a message. I’ll be happy to share more details and also give you the premium features for free (once built and finished) PS2: Below in comments, I’ll share how I protected my own hardware wallet backups for your inspiration. Hopefully, you’ll find this strategy beneficial when keeping your backups safe and/or help me make it even better! I’ll be happy to answer anything. |
|
|
|
Sharing the strategy I’m using to protect my own hardware wallet backups. I’ll be happy for any comments. STEP #1: Keep Your Recovery Seed 100% Offline – ALWAYSI created multiple physical recovery seed backups (wrote my recovery seed on a paper) and stored it in different places, 100% offline. I tested the recovery seed I wrote on the paper to make sure I made no mistake. Here is how you can test your recovery seed: For Trezor wallet: https://wiki.trezor.io/User_manual:Dry-run_recoveryFor Ledger wallet: https://support.ledger.com/hc/en-us/articles/360007223753-Recovery-CheckAlso I’m considering buying a Cryptosteel or other “indestructible” metal seed storages: https://medium.com/@lopp/metal-bitcoin-seed-storage-stress-test-21f47cf8e6f5Finally, I scheduled regular reminders to check all my backups and make sure they are okay (not stolen/destroyed). STEP #2: Enable Passphrase On Your Hardware WalletThe passphrase is widely recommended by cybersecurity professionals and has multiple security effects as: · If you do not use a passphrase, your recovery seed is all that is needed to access your coins · Passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well · Do not store passphrase right next to the backup of your seed. Consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months · A passphrase or more passphrases can be used with the same device to create the so-called “hidden wallets” · You can share your account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their custom passphrase – this is especially useful for inheritance planning Read more about the passphrase security benefits from official Trezor wallet resources (similar also for other hardware wallets): https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bhttps://blog.trezor.io/seed-pin-passphrase-e15d14a0b546According to these recommendations, I activated a passphrase to protect my recovery seed. Let’s say my passphrase is “my-super-secret-passphrase-20190414” STEP #3: Backup First Passphrase Part OfflineEven if I can remember my passphrase, I am aware that I might forget it due to the passage of time, disease or accident. Not likely, but it might happen. That’s why I wrote down the first passphrase part (“my-super-secret-“) on a paper and stored it in a different place than the recovery seed is stored (to keep recovery seed and the first passphrase part separated). Then I scheduled regular reminders to refresh my memory, not to forget my passphrase and check all my backups. STEP #4: Schedule Recovery / “Inheritance” Email Containing Second Passphrase PartAnd now the most important thing. I scheduled my recovery email containing the second passphrase part (“passphrase-20190414”). What does it mean? If I am inactive longer then a waiting period I choose (e.g., 3 months), my family will receive the recovery email containing the second passphrase part. In my recovery email, I put important details on where my family can find my physical backups (recovery seed and first passphrase part), plus it also includes the second passphrase part itself, which they need to access my digital assets. You can use this recovery email template as an inspiration: https://seedcret.com/kb/recovery-email/Besides Seedcret free account, you can schedule your second recovery email (as a backup) also with Google Account Inactive Manager: https://support.google.com/accounts/answer/3036546?hl=enWHAT ARE THE BENEFITS? WHY I DID IT?BENEFIT 1 (for myself) – peace of mind: Even if I would forget my passphrase, I know where to look, to refresh my memory BENEFIT 2 (for others) – inheritance plan: In advance, I can let my family know where both physical backups are (the recovery seed and the first part of the passphrase) and also that they would receive the recovery email containing the second passphrase part in case of an accident/death Of course, I can give the second passphrase part to my family right away but I don’t want to do it because: · The more people know the passphrase, the higher the risk is, that it will be compromised (even by accident) · I want to make sure that my family will access my assets once I am not here anymore but not before (when I am still here:)) BENEFIT 3: No need for lawyers or any third party that you have to trust. BENEFIT 4: Passphrase backup in separated into two parts stored offline and online – a criminal visiting your flat won’t be able to find the whole passphrase in one place (because the second passphrase part is stored online) |
|
|
|
Hi friends, I'm working on a new service and trying to understand how people manage their crypto hardware wallet backups today. If you'd have 2 minutes to spare I'd greatly appreciate if you could take the anonymous survey below. Specifically, I’m trying to get some insight into what is the reasonable balance between safety and security for crypto owners when managing their recovery seed and passphrase backups. For example, the most obvious and arguably most "secure" is storing your passphrase backup in your head. However, this maybe isn't that "safe" in case of forgetting your passphrase due to the passage of time, disease or an accident. And certainly, it's not "safe" at all for inheritance purposes as your passphrase is going to the grave with you, leaving your Next-of-Kin with nothing  There's not much I could offer back except good karma and sharing the survey results. But I can promise that your feedback will help me develop a better service that will benefit you and the broader crypto community. Thanks in advance https://docs.google.com/forms/d/1M27KYjG622Jq55-fD1EFZqYKEKtH_S7g1krFDfaWISo/PS: If you are interested in the service I’m building, drop me a message. I’ll be happy to share more details and also give you the premium features for free (once built and finished) PS2: Below in comments, I’ll share how I protected my own hardware wallet backups for your inspiration. Hopefully, you’ll find this strategy beneficial when keeping your backups safe and/or help me make it even better! I’ll be happy to answer anything. |
|
|
|
Is it better to have just seed-only wallet (without any passphrase activated) OR is it better to have a passphrase activated and store it somewhere else (even online)?
IMO it's better to have a passphrase activated (even if stored online) because if someone finds the seed, he/she doesn't know that there a passphrase activated (because of some small amount of crypto left on the seed-only account). It means the person will not be trying to find the passphrase somewhere (he/she doesn't know it exists), it means the passphrase protected wallet with "my fortune" will remain safe.
Exactly... a "seed mnemonic only" wallet, basically has a single point of failure... the seed mnemonic. Once the seed mnemonic is compromised == Game Over! Having a passphrase is essentially 2FA. Now you need two puzzle pieces to make it all work... plus, as you say, the "obvious" puzzle (the seed mnemonic) can actually be a red herring with a small amount of coin that could trick the user into believing they got it, but you had "nothing", whilst the real fortune is hidden behind 2nd puzzle piece (passphrase). Now the issue is... how does one "store" that 2nd puzzle piece (passphrase)? There are 2 aspects to consider... "Security" and "Safety". Security being prevention of unauthorised access of the puzzle pieces... safety being prevention of accidental loss of the puzzle pieces. The most obvious and arguably most "secure" is... in your head. If the passphrase is relatively strong (8+ chars, mix of upper/lower/numeric/symbols etc) and never, ever leaves your head... the odds of someone bruteforcing that are VERY small. However, this maybe isn't that "safe" for inheritance purposes as it is likely to go to the grave with you, leaving your Next-of-Kin with nothing  Once you start putting things online, the game changes significantly. Whilst it might increase the "safety" aspect of storing your puzzle piece in terms of having another (hopefully reliable) location to store it to prevent loss and the ability for your Next-of-Kin to get access should the worst happen... the "security" aspect is now greatly diminished. It is indeed a very delicate balancing act... and different people will no doubt have different requirements. Still, I view your service as a valid option for folks who want some peace of mind that their family will be able to get ALL the puzzle pieces should the need arise... and as I said earlier, it looks like you've put a lot of thought and care into this project... I hope it all works out! Thanks for great input again. What are your thoughts on this scenario below? Would it be better like this? [1] I write my recovery seed on a paper and store it at home 100% offline [2] Then I activate a passphrase which I can remember - e.g. "my-super-secret-passphrase-20190413" [3] Even if I can remember the passphrase, I am aware that I might forget it due to the passage of time, disease or accident ... (Not likely, but it might happen) That's why I write down the first passphrase part ("my-super-secret-") on a paper and store it in a different place than the recovery seed is stored (to keep recovery seed and the first passphrase part separated). Then I upload the second passphrase part ("passphrase-20190413") online. BENEFIT 1 (for myself) - peace of mind: Even if I would forget my passphrase, I know where to look, to refresh my memory BENEFIT 2 (for others) - inheritance plan: In advance, I can let my family know where both physical backups are (the recovery seed and the first part of the passphrase) and also that they would receive the recovery email containing the second passphrase part in case of an accident/death. Of course, I can give them the second part right away but I don't want to do it because: a/ The more people know it, the higher the risk that it will be compromised (even if by an accident) b/ I want to be sure that my family will access my assets once I am not here but not before (when I am still here ) Do you think this approach would be more usable with a reasonable balance between "Security" and "Safety"? Thanks! |
|
|
|
No issue, i've done quick testing/look. Few thoughts : 1. The UI is good and clear (at least for me) 2. Flexible duration/time option would better IMO 3. You might as well allow .rar attachment since you bother allow .tar. / "geek" extension such as .md, .pgp and .asc 4. There are minor typo such as "Finish" become "Finnish" I am just considering what is the right balance between security and usability in terms of inheritance planning.
Fair point, but IMO leaving hint about encryption password for your family (such as hobby, activity or secret that only your family know) would better. Great points. Really appreciated. Thanks a lot |
|
|
|
IMO it's better to have a passphrase activated (even if stored online) because if someone finds the seed, he/she doesn't know that there a passphrase activated (because of some small amount of crypto left on the seed-only account). It means the person will not be trying to find the passphrase somewhere (he/she doesn't know it exists), it means the passphrase protected wallet with "my fortune" will remain safe. It's definitely better to have a passphrase than not to have a passphrase at all, but as HCP has said, there are many ways to store your passphrase, each of variable security, recoverability, and ease. You say you store it unencrypted online, which is safe for you since your seed is stored on paper in your flat. Presumably if someone has access to your seed, they therefore have access to your flat and also your computer. Depending on your computer set up (do you use whole drive encryption? do you use an encrypted password manager?), it could be fairly trivial for them to break in to your online accounts and access your seed. Similarly, by uploading your seed unencrypted online, it could be stolen by malware or poor security on the computer(s) it is stored on, malware on your computer, a man in the middle attack, etc. It's better than nothing, sure, but it's still not great. I prefer not to back up anything online, encrypted or not, but in the rare event I might want to store something sensitive online, I wouldn't dream of not encrypting it first. Agree. I would also prefer to encrypt everything. I am just considering what is the right balance between security and usability in terms of inheritance planning. Will be your family able to decrypt it without any issues and so on... Thanks for your input. |
|
|
|
While that might work for your setup... it may not work for others who store their seed offsite and would have a significant time delay between seed being compromised and them knowing that it is... and even with your setup, what happens if you go away on vacation for 2-3 weeks and your house is robbed the day after you leave? But I digress, we could play this "but what if?" game forever  Just realise that I'm not saying that your personal system is "bad" per se... simply that you could (and probably should) offer the option to users who can then decide how they want to do it Of course, then the issue would be "how one can store an encrypted passphrase... and still allow your family to get access to it in case of death/incapacitation?"  you would need some way to store the passphrase for the passphrase!  and then you get into an infinite loop of how/where to store passphrases Thanks for your input. Really valuable for me. I am not trying to convince you or argue... Just need another point of view to understand this better. Let's put it in another way. If my understanding is correct, according to what you are saying, having seed-only wallet would be bad security practice because if the recovery seed is stolen, there is no need for any passphrase and it means the seed is directly compromised, immediately when stolen? Or another way. Is it better to have just seed-only wallet (without any passphrase activated) OR is it better to have a passphrase activated and store it somewhere else (even online)? IMO it's better to have a passphrase activated (even if stored online) because if someone finds the seed, he/she doesn't know that there a passphrase activated (because of some small amount of crypto left on the seed-only account). It means the person will not be trying to find the passphrase somewhere (he/she doesn't know it exists), it means the passphrase protected wallet with "my fortune" will remain safe. What do you think? |
|
|
|
I think especially inheritance planning is really important. A lot of crypto was lost because of no inheritance plan.
Do you have any? Can you share your approach?
About that inheritance thing, i will follow this thing: Digital or Electronic method.
1. Private keys stored encrypted. You could use RAR, or AxCrypt or TrueCrypt. Spread this. Give a flash drive to everyone.
2. Instructions on how to use. Complete tutorial for newbies as needed.
3. Use one of those delayed email services, deadmansswitch, email-from-future, etc. It will send the email (with the 64 character alphanumeric password) when you don't contact the system in 60 / 90 / whatever number of days.
4. As long as you are alive and conscious, log in to your service to tell them you are alive.
Paper method.
1. Print your private keys on paper. Seal the envelope. Tape it. Wax it.
2. Store in vault. Mark with "in case of death / emergency / whatever".
Quite old, but gold.  Yes, I agree - the "Digital or Electronic method." is actually similar to the app what I am building. You can achieve this also with Google Account Inactive Manager. But it's not focused/customized for crypto. Thanks for comments! |
|
|
|
That looks like a very useful service... you have obviously put a lot of thought and effort into this. Especially around the management of seeds, passphrases and inheritance/disaster planning. Interesting idea, few thoughts :
1. Don't allow user to upload unencrypted passphrase, it's bad security practice. If the browser is compromised or connection, the unencrypted passphrase could be used to guess passphrase/password for another user's account
Can you please explain why it's bad practice to store the passphrase online? I think you misunderstood what he said... he wasn't claiming that storing the passphrase online was bad practice, he said it was bad practice to store it unencrypted... As you say, (as long as it is a unique passphrase designed and used only for your hardwallet) if someone finds it, they wouldn't be able to use it without your seed mnemonic. The danger of course is that if your seed mnemonic is compromised, then having the passphrase online could be very problematic... especially if you're unaware that the seed was compromised. Also, the website is loading fine for me... Thanks! Happy you like it! I think that I understand it correctly. You are saying that it is not good/safe to store the passphrase online unencrypted ... But I am afraid, I still DON'T understand WHY I am storing my passphrase online unencrypted even for myself because of these reasons: * In case of accident or death (the inheritance plan), my family will receive the recovery email with the passphrase. It will be much easier for them if the passphrase is not encrypted (they are not technically skillful so I am worried they might have troubles to decrypt the passphrase). * I am again stressing that the recovery seed is in my flat, in a sealed envelope (see here https://seedcret.com/kb/letter-of-instruction/) so how it could be compromised? * Even if it would be compromised, I would probably found out because I set up regular reminders to check the sealed envelope (which is signed over its fold so I would see someone opened it) * Also I put some small bitcoin amount on the empty passphrase account/original seed-only account and I will be monitoring this address for a balance change. So if the seed is compromised, I would get immediately an email notification and moved funds from the main passphrase protected account somewhere else. Am I still missing something? Please advise. |
|
|
|
This service is only good for those people who do easily forgets Give me a reason why this project of yours is much more better compared on storing up my own passphrase? and making some schedule reminders on my own setting it up either on my casual calendar or simply on my mobile phone. Things like these are very hard to forget IMHO. But overall this is beneficial for some people. Yes, that's true - it's possible to manage the backups even without the app. Originally I created the app for myself to make the backup management and other stuff easier. And I believe these are helpful features (as described in the previous post): * INHERITANCE PLANNING * NOTIFICATIONS ON A BALANCE CHANGE * MAINNET AND SWAP ALERTS I think especially inheritance planning is really important. A lot of crypto was lost because of no inheritance plan. Do you have any? Can you share your approach? And of course, I also believe that I won't forget about my backups. But what about memory loss due to a disease or an accident? I know it's not likely but might happen. In my opinion, it's good to be ready. |
|
|
|
Interesting idea, few thoughts :
1. Don't allow user to upload unencrypted passphrase, it's bad security practice. If the browser is compromised or connection, the unencrypted passphrase could be used to guess passphrase/password for another user's account
2. Since you mention "MAINNET AND SWAP ALERTS", IMO it's worth to mention hard-fork event which create new cryptocurrency
P.S. Is your website down? I can't access it, whether using VPN or Tor.
Thanks for your comments! Can you please explain why it's bad practice to store the passphrase online? I mean without the corresponding recovery seed (it's stored offline) it's worthless, right? Let's say I generate a passphrase with a password manager (e.g. Keepass) and it looks something like this: QcWCJTCU0PVbnd4yyDOXRIai4Qj2V62xbLcIMEk6 Then, if someone finds it, why is the problem? Can he/she misuse this passphrase without the recovery seed? Website is up and running https://seedcret.com/Still having an issue? |
|
|
|
Just adding more details on use cases: Let me share the best practice suggestions from the official hardware wallet providers (Trezor, Ledger, ...) first. https://wiki.trezor.io/User_manual:Security_best_practiceshttps://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bhttps://blog.trezor.io/seed-pin-passphrase-e15d14a0b546I will quote some essential points from these resources: • If you do not use a passphrase, your recovery seed is all that is needed to access your coins. Never make a digital copy of your seed. We cannot stress enough to only store the seed offline. • The passphrase is widely recommended and cherished by cybersecurity professionals and has multiple security effect as: • Passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well. • If you have to make a physical backup of your passphrase, do not store it right next to the backup of your seed. Instead, you might consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months. • A passphrase or more passphrases can be used with the same TREZOR device to create the so-called “hidden wallets”. • You can share your account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their custom passphrase. Based on the above suggestions I can see multiple use cases as below: [1] REGULAR REMINDERS TO CHECK BACKUPS Often people lost/forgot their hardware wallet backups over time. As a result, they lost their crypto. As mentioned above, it is a good practice to schedule regular reminders to refresh your memory every few months and not forget about the backups. This relates to both the recovery seed and passphrase backups. We aim to provide a simple and easy to use app for backup management which provides higher comfort than just using a regular calendar for reminders. [2] PASSPHRASE BACKUPS The rule is “never store your passphrase together with your recovery seed”. I personally store my recovery seed offline at home and my passphrase online. This brings me these benefits: a/ Even if someone finds my recovery seed, it is still protected, because the person doesn’t know the passphrase (doesn’t even know that there is a passphrase activated) b/ If someone finds the passphrase online, the person can’t get any benefit out of it without the recovery seed is stored somewhere else and offline I am not afraid of storing my passphrase online because of this but if someone would be afraid, it is still possible to encrypt the passphrase before uploading it online (and write password for decryption offline together with recovery instructions). Another way would be to protect passphrase with a randomized list as explained here for recovery seed: https://seedcret.com/kb/randomized-list-protection/c/ I can create an inheritance plan for my family as described further [3] INHERITANCE PLANNING Because my backup consists of both the recovery seed and the passphrase, it is easy for me to create an inheritance plan for my family/friends. It works as follow: a/ My recovery seed is stored at home, written on a paper Together with the recovery seed I also wrote the letter of instruction as here: https://seedcret.com/kb/letter-of-instruction/It will help my family to access my funds if needed... b/ I used Google Inactive Account Manager (see here https://support.google.com/accounts/answer/3036546?hl=en) to schedule recovery email. If my account is inactive longer then a waiting period I choose (e.g., 3 months), my family will receive a recovery email I prepared for them. The recovery email contains information where they can find my physical recovery seed backup and it also includes the passphrase they need to use together with the recovery seed to access my digital assets. You can use this as a template when creating your recovery email: https://seedcret.com/kb/recovery-email/c/ finally I do the same with Seedcret (the app we are developing), to schedule a secondary recovery email as a backup. You can read more details on how to do it here: https://seedcret.com/kb/store-recovery-seed-safe-guide/[4] NOTIFICATIONS ON A BALANCE CHANGE Besides the standard email notification on a balance change, this feature also offers a great security improvement for your recovery seed backups. Even my “whole fortune” is stored on the passphrase protected account, it is still a good idea to leave some small funds/amount on the empty passphrase/original seed-only account. Then, the empty passphrase/original seed-only account is used as a “decoy”. If someone finds your recovery seed backup and steals your coins from the empty passphrase/original seed-only account, we'll send you email notification immediately once we detect a balance change. Once notified, you can move your funds from your main passphrase protected account to a new, safe wallet. [5] MAINNET AND SWAP ALERTS When a project decides to launch its own mainnet, it is important to migrate the existing tokens from the residing blockchain to the mainnet. Missing the mainnet may cause a complete asset loss. With Seedcret, you can enable mainnet alerts, so we'll send you the alert email in advance to protect your funds. These use cases came out from my own experience when I was trying to secure my and my friend’s crypto. And that's why I believe that also other people might find such a service helpful when protecting their digital assets. Looking forward to any comments! I'm building a website to help with recovery seed management and also with inheritance planning. I'd like to use it to protect my recovery seed backups and also offer it to others if they like it. The idea is never to ask users for their recovery seeds – it is always in the user’s hands and offline. Users just schedule reminders to check their backups regularly and thus protect themselves from forgetting the backups due to the passage of time, disease or accident. Optionally, users also might create a recovery/inheritance plan so their close ones can access user’s assets in case of an accident or death. This works similarly as Google Inactive Account Manager but its more customized for cryptocurrencies. Again, the recovery seed stays completely offline all the time. The only thing which might be uploaded online (depending on the user’s decision) is a passphrase (in plain or even encrypted form). Already implemented features are here: https://seedcret.com/demo/Features we are currently building listed here: https://seedcret.com/premium/Would you share your thoughts on this? Is there anything you are missing, is not clear enough or you would make it a better way? Thanks |
|
|
|
Just adding more details on use cases: Let me share the best practice suggestions from the official hardware wallet providers (Trezor, Ledger, ...) first. https://wiki.trezor.io/User_manual:Security_best_practiceshttps://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bhttps://blog.trezor.io/seed-pin-passphrase-e15d14a0b546I will quote some essential points from these resources: • If you do not use a passphrase, your recovery seed is all that is needed to access your coins. Never make a digital copy of your seed. We cannot stress enough to only store the seed offline. • The passphrase is widely recommended and cherished by cybersecurity professionals and has multiple security effect as: • Passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well. • If you have to make a physical backup of your passphrase, do not store it right next to the backup of your seed. Instead, you might consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months. • A passphrase or more passphrases can be used with the same TREZOR device to create the so-called “hidden wallets”. • You can share your account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their custom passphrase. Based on the above suggestions I can see multiple use cases as below: [1] REGULAR REMINDERS TO CHECK BACKUPS Often people lost/forgot their hardware wallet backups over time. As a result, they lost their crypto. As mentioned above, it is a good practice to schedule regular reminders to refresh your memory every few months and not forget about the backups. This relates to both the recovery seed and passphrase backups. We aim to provide a simple and easy to use app for backup management which provides higher comfort than just using a regular calendar for reminders. [2] PASSPHRASE BACKUPS The rule is “never store your passphrase together with your recovery seed”. I personally store my recovery seed offline at home and my passphrase online. This brings me these benefits: a/ Even if someone finds my recovery seed, it is still protected, because the person doesn’t know the passphrase (doesn’t even know that there is a passphrase activated) b/ If someone finds the passphrase online, the person can’t get any benefit out of it without the recovery seed is stored somewhere else and offline I am not afraid of storing my passphrase online because of this but if someone would be afraid, it is still possible to encrypt the passphrase before uploading it online (and write password for decryption offline together with recovery instructions). Another way would be to protect passphrase with a randomized list as explained here for recovery seed: https://seedcret.com/kb/randomized-list-protection/c/ I can create an inheritance plan for my family as described further [3] INHERITANCE PLANNING Because my backup consists of both the recovery seed and the passphrase, it is easy for me to create an inheritance plan for my family/friends. It works as follow: a/ My recovery seed is stored at home, written on a paper Together with the recovery seed I also wrote the letter of instruction as here: https://seedcret.com/kb/letter-of-instruction/It will help my family to access my funds if needed... b/ I used Google Inactive Account Manager (see here https://support.google.com/accounts/answer/3036546?hl=en) to schedule recovery email. If my account is inactive longer then a waiting period I choose (e.g., 3 months), my family will receive a recovery email I prepared for them. The recovery email contains information where they can find my physical recovery seed backup and it also includes the passphrase they need to use together with the recovery seed to access my digital assets. You can use this as a template when creating your recovery email: https://seedcret.com/kb/recovery-email/c/ finally I do the same with Seedcret (the app we are developing), to schedule a secondary recovery email as a backup. You can read more details on how to do it here: https://seedcret.com/kb/store-recovery-seed-safe-guide/[4] NOTIFICATIONS ON A BALANCE CHANGE Besides the standard email notification on a balance change, this feature also offers a great security improvement for your recovery seed backups. Even my “whole fortune” is stored on the passphrase protected account, it is still a good idea to leave some small funds/amount on the empty passphrase/original seed-only account. Then, the empty passphrase/original seed-only account is used as a “decoy”. If someone finds your recovery seed backup and steals your coins from the empty passphrase/original seed-only account, we'll send you email notification immediately once we detect a balance change. Once notified, you can move your funds from your main passphrase protected account to a new, safe wallet. [5] MAINNET AND SWAP ALERTS When a project decides to launch its own mainnet, it is important to migrate the existing tokens from the residing blockchain to the mainnet. Missing the mainnet may cause a complete asset loss. With Seedcret, you can enable mainnet alerts, so we'll send you the alert email in advance to protect your funds. These use cases came out from my own experience when I was trying to secure my and my friend’s crypto. And that's why I believe that also other people might find such a service helpful when protecting their digital assets. Looking forward to any comments! |
|
|
|
I'm building a website to help with recovery seed management and also with inheritance planning. I'd like to use it to protect my recovery seed backups and also offer it to others if they like it. The idea is never to ask users for their recovery seeds – it is always in the user’s hands and offline. Users just schedule reminders to check their backups regularly and thus protect themselves from forgetting the backups due to the passage of time, disease or accident. Optionally, users also might create a recovery/inheritance plan so their close ones can access user’s assets in case of an accident or death. This works similarly as Google Inactive Account Manager but its more customized for cryptocurrencies. Again, the recovery seed stays completely offline all the time. The only thing which might be uploaded online (depending on the user’s decision) is a passphrase (in plain or even encrypted form). Already implemented features are here: https://seedcret.com/demo/Features we are currently building listed here: https://seedcret.com/premium/Would you share your thoughts on this? Is there anything you are missing, is not clear enough or you would make it a better way? Thanks |
|
|
|
|
