Seed phrase security question

[nakamura12]

It's still not secure enough. You might lose the paper in some way or get it torn.
There's no proven way which can guarantee to store the seeds securely. We just have to back up the seeds with the least risk.

The back up of seed phrase getting torn is not a problem. How about you use a thicker paper and write the seed phrase there then use plastic cover or other things to laminate the piece of paper. I have done this before where I wrote some passwords for games and have to cover the paper with clear tape so no matter how many roll of tapes I used I can still see the content on the paper.

[1714000574]

1714000574

[1714000574]

1714000574

[1714000574]

1714000574

[o_e_l_e_o]

The back up of seed phrase getting torn is not a problem. How about you use a thicker paper and write the seed phrase there then use plastic cover or other things to laminate the piece of paper.

What if it gets incinerated in a fire? What if tornado buries it under 10 feet of rubble and you can't find it? What if it is stolen?

There is no single back up method which is immune to loss, whether it be laminated paper, titanium plates, or electronic devices, even if they are stored in an airtight, fireproof, waterproof safe bolted to the foundations of your house. The only way to come close to ensuring your back up survives is by having more than one back up in different locations, as I said above. Having only a single back up is a risk, and having only a single back up stored in the same location as your wallet (so both your computer and your seed phrase stored in your house, for example) is an even bigger risk.

[Upgrade00]

That's why you practice redundancy. Back it up more than once on more than one separate pieces of paper, and store these pieces of paper in separate geographical locations. If you are concerned about one of your pieces of paper being discovered, then ensure that it does not contain all the information required to steal your coins: Use an additional passphrase, encrypt your seed phrase, split your seed phrase, etc. Make sure that any additional information required to recover your seed phrase is also backed up on separate pieces of paper and also stored in separate geographical locations.

Do you think someone can feasibly have so many secure locations to store several back ups and be able to regularly check up on them? It seems the safest and most reliable way to avoid loss due to unexpected hazards.
I've been looking into the possibility of storing back up phrases in a bank vault (inside safety boxes). You'll have a bit of privacy as the banks aren't allowed to know what you have inside, but they are regulated and can give up the contents on request by the government.
Also, if bitcoin is a taxed commodity in your country, you may be asked to reveal the content of your wallet.

What would be the best way to store in multiple locations, fo someone living in one Location, work place?

[o_e_l_e_o]

Do you think someone can feasibly have so many secure locations to store several back ups and be able to regularly check up on them?

Secure locations can include your house, the house of any family, parents, siblings, children, close friends, your work place (easier if you have lots of other confidential documents which would be under lock and key anyway), safe deposit boxes, etc. If you are worried about one of your back ups being compromised by a thief or an untrustworthy relative/friend, then do something to mean one back up is insufficient to take your funds - encrypt, add passphrase, use multi-sig, etc., as I mentioned above.

Also, if bitcoin is a taxed commodity in your country, you may be asked to reveal the content of your wallet.

Then don't make it obvious that it is a wallet. Encrypt your seed phrase and store the encrypted string on one piece of paper and the decryption key on another. One without the other is not only useless, but reveals nothing about what is encrypted.

What would be the best way to store in multiple locations, fo someone living in one Location, work place?

This all depends on your threat model. Are your back up locations more likely to be compromised by a thief, or more likely to be damaged by fire, flooding, natural disaster, etc? Do you simply need to write your seed phrase on two different pieces of paper and hide one in your house and one with a family member whom you trust completely? Or do you need to use multi-sig so that a thief finding one share gets nothing, or two (or more) of your friends/family members would need to collude to steal your coins?

[CryptocurencyKing]

Memorising your seed phrase doesn't make it safe, it puts you in harms way. The kind of harm that could come only by your hands. How you may want to ask? Its simply by your forgetting it. Singing your seed phrase alongside your phone and sh*ts like that doesn't endanger you besides, its still on that same device that it was generated and you get to type it in occasionally when the need arises to have access to your coins. So, singing it doesn't affect anything except for the fact that, you stored the voice note of it! There is every possibility that, your device could be accessed by someone else, hacked or stolen or even, during a friendly usage of your phone by a friend that understands cryptos and wallets, your keys is been compromised and you end up being sorry. Always endeavour to be careful with your keys.

[Chikito]

I was singing my seed phrase to memorize it

I am not worried about your iPhone paranoid (if you aren't Intelligent, political, or work in government). I'm worried about you if in on public then slip away singing the song (BIP39 word) loudly on the train. If I'm on the train also, I will know you covered the song with the bitcoin seed.

your action memorized seed on the song is very careless.

[Upgrade00]

Also, if bitcoin is a taxed commodity in your country, you may be asked to reveal the content of your wallet.

Then don't make it obvious that it is a wallet. Encrypt your seed phrase and store the encrypted string on one piece of paper and the decryption key on another. One without the other is not only useless, but reveals nothing about what is encrypted.

I guess this is the part I needed to clear up. I'm not very savvy in the legal distinctions, but would it technically be aginsts the law to store such information with a bank? Or is it a grey area that is not well defined and as such cannot be regulated.

From my research each bank would tell you what can and cannot be stored with them, how do they ensure customers do not violates their codes; this should be by checking the content would they be suspicious. They may not be able to reveal the contents, but would irbpose any legal implications, particularly for countries who are not receptive to Bitcoin.

[pawanjain]

This all depends on your threat model. Are your back up locations more likely to be compromised by a thief, or more likely to be damaged by fire, flooding, natural disaster, etc? Do you simply need to write your seed phrase on two different pieces of paper and hide one in your house and one with a family member whom you trust completely? Or do you need to use multi-sig so that a thief finding one share gets nothing, or two (or more) of your friends/family members would need to collude to steal your coins?

This reminds me of Vitalik Buterin. I saw his interview recently in which he mentioned that he has split up his keys and given to family members in another country.
He had to call up his family members and get the pair of words and attach the pair of words he had to access his funds.
What do you think about this way of storing and accessing funds ?

[o_e_l_e_o]

Singing your seed phrase alongside your phone and sh*ts like that doesn't endanger you besides, its still on that same device that it was generated and you get to type it in occasionally when the need arises to have access to your coins.

That's not true. If you generate a seed phrase on Electrum on mobile, for example, the seed phrase stays encrypted within the Electrum app and is pretty unlikely to be accessed by any other app (not including malicious apps or malware, of course). If you speak your seed phrase out loud, then any number of apps on your phone such as Siri, Alexa, Google Assistant, Facebook, etc., which have access to your microphone and are recording all the time will pick it up and send it to some server somewhere, unencrypted, for analysis.

So, singing it doesn't affect anything except for the fact that, you stored the voice note of it!

Storing an audio file of your seed phrase is just as risky as saving your seed phrase unencrypted in a text document, i.e. a terrible idea.

but would it technically be aginsts the law to store such information with a bank?

Depends entirely on your jurisdiction. If bitcoin is not illegal in your country, then I see no reason why you couldn't store a copy of your seed phrase or similar in a safe deposit box, though.

From my research each bank would tell you what can and cannot be stored with them, how do they ensure customers do not violates their codes; this should be by checking the content would they be suspicious.

As I mentioned, you can always encrypt the information before you store it. If the bank asks you to decrypt it, you can say that you don't know what it is and you will be given a decryption key from a relative's estate after their death, or something along those lines. Or you could encrypt it on digital storage, using a hidden volume to hide the fact that there is a wallet encrypted at all. If ever forced to decrypt it, by utilizing a hidden volume you can decrypt the drive to other "sensitive" decoy data, and never reveal the existence of the wallet.

[Davidvictorson]

I was singing my seed phrase to memorize it and realized my phone was right next to me. VidMate  Mobdro

An old Chinese proverb says that “the faintest ink is more powerful than the strongest memory.”  I would not advice anyone to memorize their seed pharse.

However if you think your it has been compromised, you need to create a new vault, and then transfer your funds to that vault immediately.

Then, write the your new seed phrase on a physical paper. You can have offline duplicate copies stored in a bank safe, a vault in the north pole, buried under the earth or in an offshore location  . Just ensure it's kept in a secure location.

[jerry0]

That is something i never thought of.  But when you guys write your seed or look at your seed, do you all make sure your phone or laptop camera isn't pointing straight at your paper that has your seed in it?

[pooya87]

That is something i never thought of.  But when you guys write your seed or look at your seed, do you all make sure your phone or laptop camera isn't pointing straight at your paper that has your seed in it?

That sounds like paranoia to me but when you handle your seed phrase you should already be on an airgap computer which means that even if that computer has an attached webcam that could read your seed phrase it still is "air gapped" and doesn't have any connection to the rest of the world. In fact one way of keeping that system clean is using a camera and scan QR codes which is useful when signing transactions (to import unsigned tx).

[o_e_l_e_o]

That is something i never thought of.  But when you guys write your seed or look at your seed, do you all make sure your phone or laptop camera isn't pointing straight at your paper that has your seed in it?

I have all cameras unplugged or disabled all the time, except during the few seconds I am actively using them to scan QR codes. I unplug standalone webcams, and I have physically removed the camera which is built in to my laptop. If your phone does not have a physical shutter, you can buy an adhesive one for a few bucks.

Everyone involved in data harvesting, from Mark Zuckerberg to the director of the FBI, have either said that they cover or unplug their cameras, or have been seen to do so in pictures and videos. They know a lot of things we don't.

When dealing with seed phrases to my cold storage, I won't even have a camera in the same room as me. I'd rather be paranoid and safe than relaxed and a victim.

[Cryptoababe]

I backed up my seed phrase in an original memory card and and uploaded some in cloud storage. So far, ive not lost any coin due to seed phrase being compromised.

[o_e_l_e_o]

I backed up my seed phrase in an original memory card

This is only safe if you did this on a permanently airgapped computer (i.e. one without an internet connection and which will never have an internet connection again). Even if you deleted the seed phrase from your computer's hard drive after you transferred it to the memory card, then it still exists and is fairly easily recoverable until the location on the hard drive it was stored is overwritten by some other data.

and and uploaded some in cloud storage.

This is an absolutely awful idea. You should create a new seed phrase and move your coins out of that seed phrase immediately. You have absolutely no idea how many servers around the world your seed phrase is now stored on, how many people can access these servers, how securely it was transferred between servers, how securely it is being stored, etc. Cloud storage and other online servers are hacked all the time. Your seed phrase, and your coins, are at risk.

[Enellio]

This thread has given me some things to seriously think about. This is surely going to become more and more of an issue as more people become aware of seed phrases and what to look for.

[khaled0111]

...

Just because you didn't lose your coins yet doesn't mean it's a safe way to store you wallet seeds online, especially in the cloud where security is questionable.
I hope you have , at least, encrypted the seed before uploading it!
I don't know why so many users prefer to back up their wallets digitally whereas storing them physically is safer and easier. It won't cost you anything to write the seed on a piece of paper and store it in a secure place, as suggested above.

[Chikito]

I hope you have , at least, encrypted the seed before uploading it!

The seed will save as .txt in notepad it will easy to use the third party such as 7zip. but of course, if the third party had a compromise possible the seed also.

In windows 10 the user can encrypt the text in the property in the advance option, but that EFS is only available on Pro, Enterprise, and Education editions only.

I don't know why so many users prefer to back up their wallets digitally whereas storing them physically is safer and easier.

I have read much time about it because it will easy to copy-paste the seed if they want to restore it.

[o_e_l_e_o]

The seed will save as .txt in notepad it will easy to use the third party such as 7zip. but of course, if the third party had a compromise possible the seed also.

I would be wary of using tools such as 7zip for encrypting files when that is not their primary purpose. Many zip and archive programs will leave temporary files all over your hard drive, which can later be recovered or restored by an attacker. 7zip also had some pretty major bugs with their implementation of the encryption process: https://twitter.com/3lbios/status/1087848040583626753. You would be much better off using a piece of software which has been properly built solely for encrypting data, such as VeraCrypt or LUKS.

Not to mention that saving your seed file in a .txt file, adding it to an encrypted archive, and then deleting the original, leaves the data of the original on your hard drive indefinitely until you overwrite it with some other data, which again can be recovered by attackers.

I have read much time about it because it will easy to copy-paste the seed if they want to restore it.

Another terrible idea.

[aioc]

Hi this is a random question but is it possible for my seed phrase on hardware wallet to be compromised by an app using my iPhone microphone ? I was singing my seed phrase to memorize it and realized my phone was right next to me. I’m also kinda high and paranoid? I see lots of posts about ppl taking photos of their phrases and losing their coins so I didn’t know if saying my phrase out loud was a bad idea.VidMate  Mobdro

If you think your passphrase or private key is compromised or will be compromised take action right away create a new wallet and transfer the coins to that new wallet, when in doubt do the necessary action before it's too late and takes all the necessary precautions to protect your wallet private key, we are our own bank.