How to secure your Recovery seed or Mnemonic phrase?

[Ana_crypto]

First I will explain what a Seed or a Mnemonic phrase is?

Mnemonic phrase - It is a 12 or 24 letters word which will be generated when you create a wallet. You can store that in a paper, so that it can be used later to recover your funds if the device breaks down or not useful.

The "Passphrase" is an additional password used to secure your mnemonic seed. If your recovery seed is lost or hacked, then you will loose all your funds. In order to protect a seed of your wallet, passphrase is implemented. Even if your seed is stolen, it cannot be lost as it will have an additional feature Passphrase that protects your funds.

There are many wallets that support passphrase feature like Ledger Nano S, Trezor wallet, Exodus, Coinomi etc.

If a passphrase protection is disabled on your wallet, you can enable passphrase protection on your device. Unlock your device and check "Advanced" tab and you can enable passphrase there. A new wallet will be created inside your wallet, it will be like a hidden wallet inside your wallet.

Hope this will help the newbies or those who have not enabled this feature on their device.

Also, I would like to know which wallet are you using? Do you have this feature on your device? Or
How do you protect your Seed?

[boyptc]

How do you protect your Seed?

I'm using the usual method of keeping the paper that came from ledger on a safe and wet-free place.

And I also duplicated my seed which is very usual to do backups through hand writing.

[Lucius]

For start most users will write seed down on paper, but we can see that some people just forget to do that which can be big problem if device is lost or broken, or if desktop wallet is for some reason unavailable.

Paper is good, but it is not resistant to fire or water, and it can be very easily destroyed. There are solutions in form of steel plates in which users can engrave their seed words, and since such plates are very resistant on almost everything, only thing user need to do is to find some safe place to store such backup.

That extra word you mention (passphrase) is just extra security, but users should be very careful with that and not forget to save that word also since this is just extra word, but seed is become worthless without it.

Seed protection should be something for what every user should turn on imagination and be creative. Bad practice is to have only one backup and think that's enough, same as keep such backup/s in places which thieves most often look first.

[Furryball]

I have a huge thick book that I write all my recovery phase in and I've been using the book since 2018,i have different types of wallet recovery seeds safely written down,i keep my book in a safety lock

[Harlot]

With these days writing it in paper wouldn't be enough to keep it safe for long, I myself would advice not just writing/printing it down and put it on a random shelf because you will never know when things will be misplaced all of a sudden, that is why I advice you to store it in a special storage like a safe or even a security box from banks so you know its really protected from any kind of theft or misplacement. Also lets not be too literal here not just put it on paper but also protect the paper itself maybe with a folder or laminate the paper yourself.

[gentlemand]

I favour an encrypted folder on multiple micro SD cards in multiple places. I photograph the seed and write it down in txt files before sticking it in the folder. The cards are also renewed on a rotating basis in case one or more fails.

No way would I use something like a cryptosteel or something simply written down in an accessible manner. You never know who's going to uncover it. The days of few people knowing what a seed consists of are drawing to a close.

[masulum]

you can store your mnemonic backup to encrypted files like ms. word document, pdf document. Then, you compress files to zip with passwords. you can copy to local disk, offline disk (sd card, flash disk).

and You can add a backup to the secure and trusted cloud storage service. Connect your cloud storage with Boxcryptor or related service. But remember, add security for your Boxcryptor account with 2FA.

with this way, you have multiple layers of security
1. Encrypted document,
2. Encrypted zip,
3. encrypted cloud storage,
4. encrypted cloud storage with Boxcryptor,
5. and secure Boxcryptor with 2FA

DYOR

[mk4]

This can only work out if you're using an air-gapped device, and if you actually know and are confident with what you're doing. With your typical cryptocurrency investor though? Pen and paper in a locked safe is still the easiest and safest way to go. Encrypted files on air-gapped devices is more for the more experienced.

[Delos]

Take a look here.

Never mind you store Seed in a USB stick or write it down somewhere. You still need to hiding this. Storage online should be only one option and is NOT safe. Too much can happen. Hardware crash or the company you rent the online storage is suddenly bankrupt.

This website shows really some secret places I never think about.
Its not my site. I get it after a extensive search in google.

https://www.familyhandyman.com/smart-homeowner/the-ultimate-guide-for-secret-hiding-places-in-your-home/

[bob123]

~snip~

I wouldn't advise anybody to store their seed in a cloud.

You definitely don't want to have it uploaded anywhere. Not even encrypted.


You never know who gains access to the files.
And you can never know whether there will be a vulnerability found in the software you used to encrypt the file.
This could easily lead to your mnemonic code / seed being exposed to the wrong person.


And you shouldn't trust encrypted archives either.
WinRAR, for example, implemented the encryption itself correctly, but used a 4 bit IV.
Any encrypted archive can be decrypted within a few minutes.

I don't know whether this has been fixed already, but such a huge mistake is just embarrassing.

[masulum]

-snip-

Of course offline is the most recommended to secure, but as i say if want to have more backup, we still using cloud service.

Write down mnemonic still have a risk, we lost them, on sdcard or flashdisk this can be broke or make a mistake delete the file or even infected virus.

Just in case we lost from offline storage, cloud will become alternative to access. I'm not giving advice, OP asking about how to secure, and i share my way.

[bob123]

I'm not giving advice, OP asking about how to secure, and i share my way.

What you are describing with having a Xth backup in case of all offline backups are lost / damaged / infected is regarding safety, not security.

While redundancy is good. Even redundancy via the cloud is good for safety. But it is not a good way to "secure your recovery seed.." as stated in the OP and the title of this topic.


Storing such sensitive information (which gives anyone who has access to this information the full control over your funds) online is the exact opposite of secure.

[bitart]

People tend to think that storing a seed safely and securely is a kind of really hard and technical thing...
It's really similar to using a web based banking system, where you have user ID, password, and nowdays 2FA too
Do they care about them, to store them securely?
Not really, they key in their login credentials at the first phising mail, on a totally unsecure webpage (which looks exactly like their bank's page)...
I know that this is a bit different because in a bank you can go into the first branch and can ask for a new password or new login ID or whatever (after you have identified yourself of course), and this is not possible with bitcoin seeds, but somehow similar...
As long as people don't learn to care about their digital financial data, it doesn't matter if it's fiat or bitcoin, they will take huge risk...
So if they will start to care about storing their everyday login data in a safe place, they will do the same with their seed too, but until then, it will be a big headache, how to do it...

[Ana_crypto]

It's really similar to using a web based banking system, where you have user ID, password, and nowdays 2FA too

I think the banking system is different from a wallet seed where you have the control of your seed. The bank will have your account information and you hold the PIN for it. If the PIN is lost or hacked then you will loose your funds.

I know that this is a bit different because in a bank you can go into the first branch and can ask for a new password or new login ID or whatever (after you have identified yourself of course), and this is not possible with bitcoin seeds, but somehow similar...

As you said, if the account is hacked, the bank can block your account and can create a new account and password. And your funds are still safe, if it is blocked before stealing your funds. Whereas in case of wallet seed, if you loose the seed then you lost it completely. No way you can recover your funds.

[Furryball]

I lock my private keys away in a very secured locker but they are written down in my private book

[virasog]

I have a huge thick book that I write all my recovery phase in and I've been using the book since 2018,i have different types of wallet recovery seeds safely written down,i keep my book in a safety lock

Many people fail to understand the importance of securing the seed and the passphrase.
In your case if the book is somehow lost or stolen by anyone they will have access to all of your private keys and  all of your money is at risk.
I never keep my wallet seed in a single place.  I divide the seed in three different parts and place them at three different places.  In this case if one of the places is  compromised , no one will have access to my wallet.

[hatshepsut93]

No way would I use something like a cryptosteel or something simply written down in an accessible manner. You never know who's going to uncover it. The days of few people knowing what a seed consists of are drawing to a close.

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

[bitart]

No way would I use something like a cryptosteel or something simply written down in an accessible manner. You never know who's going to uncover it. The days of few people knowing what a seed consists of are drawing to a close.

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.
After, you hide these half parts in totally different places (in your home, or the first one in your home, the second one in your realtive's home, etc...) and you're fine
You only have to remember which is the first one and which is the second part, not to mess the order...
And don't use a computer based laser engraver but a handheld type engraver (offline one ) not to expose your seed...

[hatshepsut93]

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.

A half of a seed can be enough to crack the whole seed, depending on attacker's capabilities. Electrum seeds have 135 bits of entropy, and 67.5 bits can be cracked on modern hardware.

Plus, you are making things harder for yourself by having parts of your seed in different places. There are better schemes for that like Shamir's Secret Sharing or good old multisig - they even allow N of M parts setups, so you can account for risks of losing some of the parts of the wallet.

[Ana_crypto]

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

I think Electrum wallet also has the feature of Passphrase. Instead of storing your password anywhere, you can choose a strong password which you can remember. Even if the seed is stolen, without the passphrase they cannot access the wallet.

You can choose to keep part of your funds under passphrase(large amount) and fewer amount without a passphrase(small amount). If the wallet is stolen, then only the small amount without a passphrase will be lost. You can still save the large amount of funds.