Why doesn't every hardware wallet support two-factor seed phrases?

[larry_vw_1955]

Agreed. It's a drawback, but also an advantage. The mitigation is to enter your passphrase, note down the first address, reset your wallet, enter your passphrase a second time, and check the first address matches what you wrote down from the first round. Repeat a third time if you like to be extra sure.

i guess but anytime you ever have to enter your passphrase, it seems like (as you mentioned) you would have to do some type of additional verification that you have the right wallet. that seems like a real pain. the chances of something going wrong are higher than me not using a passphrase and someone figuring out my seed phrase. i think we could agree on that.

i don't use passphrases so maybe i'm not so knowledgeable on how many times you have to enter it. but maybe just once when you originally set it up? that being the case maybe what you said is feasible mitigation. i just dont like having to rely on some external data such as an address to tell me i have the right wallet. 

[1714964913]

1714964913

[1714964913]

1714964913

[1714964913]

1714964913

[o_e_l_e_o]

i guess but anytime you ever have to enter your passphrase, it seems like (as you mentioned) you would have to do some type of additional verification that you have the right wallet. that seems like a real pain.

Not every time - just the first time. Once you've confirmed that you have definitely entered the correct passphrase the first time, by performing the process twice (or three times) and checking you reach the same set of addresses each time, then presumably you are going to fund the wallet. Every future time you enter the passphrase, you'll know that you entered it correctly because you will reach your wallet containing your coins.

the chances of something going wrong are higher than me not using a passphrase and someone figuring out my seed phrase.

But the chances of your seed phrase being compromised and your coins being stolen are exponentially higher than the chances of both your seed phrase and your passphrase being compromised.

i just dont like having to rely on some external data such as an address to tell me i have the right wallet. 

That's the beauty of passphrases. There is no "right" wallet. Your hardware and software has absolutely no idea which wallet is the right wallet, and any string is a valid passphrase. This means it is harder to attack, and it gives you plausible deniability. This is a feature, not a bug.

[n0nce]

i don't use passphrases so maybe i'm not so knowledgeable on how many times you have to enter it. but maybe just once when you originally set it up? that being the case maybe what you said is feasible mitigation. i just dont like having to rely on some external data such as an address to tell me i have the right wallet. 

Every single possible passphrase will create a new, valid wallet. Those will at first all be unfunded, of course, so you can 'find' your wallet again either by noticing there is a balance on it (after having sent some funds to it) or - as Leo said - writing down an address and verifying that when you enter the passphrase for the second & third time, you get the same address again.

[larry_vw_1955]

But the chances of your seed phrase being compromised and your coins being stolen are exponentially higher than the chances of both your seed phrase and your passphrase being compromised.

the only additional benefit/security i can see from adding on a passphrase is the plausible deniability that MIGHT protect someone if armed bandits held them hostage and demanded their bitcoin. but if someone knows how to store their seedphrase properly then it is really not at risk of being discovered by anyone.

That's the beauty of passphrases. There is no "right" wallet. Your hardware and software has absolutely no idea which wallet is the right wallet, and any string is a valid passphrase. This means it is harder to attack, and it gives you plausible deniability. This is a feature, not a bug.

it is nice that you can have one seedphrase and re-use it as many times as you like by just changing the "passphrase".

Every single possible passphrase will create a new, valid wallet. Those will at first all be unfunded, of course, so you can 'find' your wallet again either by noticing there is a balance on it (after having sent some funds to it)

yeah if it has a balance on it then that makes things much easier to detect if something went wrong on the passphrase entry step.

[o_e_l_e_o]

but if someone knows how to store their seedphrase properly then it is really not at risk of being discovered by anyone.

Then you would be the first person in world to have a perfect security set up with no risk of compromise. There is no such thing as 100% safe. To quote Gene Spafford:

The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it.

Maybe your seed phrase back up is "safe enough", but getting complacent and assuming there is no risk of it being discovered is a recipe for disaster. And since there is always a risk of it being discovered, then there is little to lose by mitigating that risk by using an additional passphrase.

[larry_vw_1955]

but if someone knows how to store their seedphrase properly then it is really not at risk of being discovered by anyone.

Then you would be the first person in world to have a perfect security set up with no risk of compromise. There is no such thing as 100% safe.

there are 2 types of risk when storing a seedphrase on some physical medium as a backup. one is the risk of unintended discovery and the second is the risk of loss. a perfect backup would be immune to both of those. i was referring to unintended discovery not to the loss risk.
  

To quote Gene Spafford:

The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it.

maybe it is safe from loss but not from unintended discovery. and because of that, it might become unsafe from loss if a powerful enough adversary decided to try and attack it.

Maybe your seed phrase back up is "safe enough", but getting complacent and assuming there is no risk of it being discovered is a recipe for disaster. And since there is always a risk of it being discovered, then there is little to lose by mitigating that risk by using an additional passphrase.

if the risk is lower than other risks such as the risk of loss then it makes little sense to worry about the risk of unintended discovery.

[o_e_l_e_o]

i was referring to unintended discovery not to the loss risk.

And there is no back up which is is immune to unintended discovery either. So if you want to mitigate this risk, then you need a system where the discovery of said back up does not result in immediate compromise of your wallets.

if the risk is lower than other risks such as the risk of loss then it makes little sense to worry about the risk of unintended discovery.

Strongly disagree. You should be considering every realistic avenue in which your coins can be stolen, not just the most likely one.

[larry_vw_1955]

i was referring to unintended discovery not to the loss risk.

And there is no back up which is is immune to unintended discovery either.

well if you're going to be stamping your seed phrase onto a honking piece of metal then yeah, i mean anyone could possibly stumble upon it no matter how well you hide it. most people don't have the capability to do it but if you could reduce it to a microscopic size then it does become immune to unintended discovery. that's just the way it is. i suppose you think you could prove me wrong if i hid a microscopic seed phrase somewhere in my house and then give you as long as you want to to search through the entire house. do you really think you're going to find it even then? i think not. that's why i say it is pretty much immune to that issue.

So if you want to mitigate this risk, then you need a system where the discovery of said back up does not result in immediate compromise of your wallets.

i mean if you're writing your seed phrase down on a big 8.5x11 sheet of paper so that anyone can easily read it then yeah, i mean, that could be discovered quite easily most likely. there's nowhere you can hide that to make it immune to unintended discovery most likely. some people might disagree with even that though...

Strongly disagree. You should be considering every realistic avenue in which your coins can be stolen, not just the most likely one.

it's not realistic to think that a microscopic item can be discovered accidentally or even if someone was specifically searching for it. it's too small. you could be looking right at it and not even know what it was. but i know you would say you would lug around a huge magnifying glass that you inspected every single inch of the entire house. good luck. i doubt you would be successful even given unlimited time and resources...

[o_e_l_e_o]

that's why i say it is pretty much immune to that issue.

Once again, you are coming up with fantastical scenarios which are in no way based on reality. It's easy to come up with theoretically immune systems, but I am not aware of a single person who has microscopically engraved their seed phrase on to some object, and I'm guessing you aren't either. People don't do this. People write down their seed phrase on a piece of paper, and store it somewhere with varying amounts of security. Even stored somewhere very secure, it will not be immune to discovery, so an additional passphrase provides useful additional security.

Yes, you should be hiding your back up somewhere very secure, and yes, you can make it very unlikely to be accidentally discovered, but this assumes universally good security practices throughout the entire community (which will never happen), and even then, there is not a 0% chance of compromise. Even one of the bitcoin devs recently lost hundreds of bitcoin through poor security practices. If a bitcoin dev can trip up, then the average user can definitely trip up too.

[larry_vw_1955]

Once again, you are coming up with fantastical scenarios which are in no way based on reality. It's easy to come up with theoretically immune systems, but I am not aware of a single person who has microscopically engraved their seed phrase on to some object, and I'm guessing you aren't either. People don't do this. People write down their seed phrase on a piece of paper, and store it somewhere with varying amounts of security. Even stored somewhere very secure, it will not be immune to discovery, so an additional passphrase provides useful additional security.

i wrote down my seedphrase on a piece of paper recently but it didn't make me feel too good. i felt like no matter where i put it, since it is so big it would be easy for someone else to find it too. but i don't want a passphrase. that's just another thing that someone could find and maybe i forget where i put it or something. without both of them i would be screwed too. so if someone found one of them and not the other then they might not be able to get my money but neither would i!

Yes, you should be hiding your back up somewhere very secure, and yes, you can make it very unlikely to be accidentally discovered, but this assumes universally good security practices throughout the entire community (which will never happen), and even then, there is not a 0% chance of compromise. Even one of the bitcoin devs recently lost hundreds of bitcoin through poor security practices. If a bitcoin dev can trip up, then the average user can definitely trip up too.

tell me an example of someone that had a serious security protocol in place who "tripped up". that's the person i'm interested in hearing about because ultimately they had to have done something wrong. i'll let you know when i make my microscopic seed phrase backup. 

[o_e_l_e_o]

i felt like no matter where i put it, since it is so big it would be easy for someone else to find it too.

A slip of paper is too big?

but i don't want a passphrase. that's just another thing that someone could find and maybe i forget where i put it or something.

So you do agree that back ups are not immune to being found by an attacker.

tell me an example of someone that had a serious security protocol in place who "tripped up". that's the person i'm interested in hearing about because ultimately they had to have done something wrong.

I would suggest that multi-national tech giants like Google and Apple though to US government agencies including the FBI and the Pentagon all have serious security protocols in place, and yet all of these entities have suffered hacks or compromises. Maybe there was some human error involved, but that doesn't mean you are immune to making a mistake either. All the more reason to use a system which mitigates human error. Accidentally reveal your seed phrase? Thankfully you've not lost everything because you are using an additional passphrase.

[larry_vw_1955]

i felt like no matter where i put it, since it is so big it would be easy for someone else to find it too.

A slip of paper is too big?

well i wrote it down on a piece of 8.5 by 11 inch paper not only the seed phrase but some other important details like the derivation path and what software wallet it uses. i think those things are important. you cannot recover a seed phrase without knowing the derivation path unless you know the software you used...so when all was said and done i had used up about half of the sheet of paper. maybe i write big.

So you do agree that back ups are not immune to being found by an attacker.

backups that i write on a piece of paper i already admitted i don't think those can be easily hidden. and they stick out like a sore thumb if someone happens to catch a glance of it.

I would suggest that multi-national tech giants like Google and Apple though to US government agencies including the FBI and the Pentagon all have serious security protocols in place, and yet all of these entities have suffered hacks or compromises.

organizations have different attack surfaces than individuals. they have more weaknesses when it comes to protecting sensitive information. the more people that know or have access to the information or could get access to it through someone they do know just multiplies the risk factor. a rogue employee that became unreliable and acted improperly you can have all the security in the world but if you put too much trust into one person then you can be doomed. show me a case where the US government had a 5 of 7 bitcoin wallet and they were able to brute force it because 3 of the 7 people because untrustworthy. organizations have attack surfaces that are vastly different than people like you and me.

[o_e_l_e_o]

but some other important details like the derivation path and what software wallet it uses. i think those things are important. you cannot recover a seed phrase without knowing the derivation path unless you know the software you used.

If you stick to the standard BIP44/49/84 derivation paths, then this step is unnecessary in my opinion. Those paths are so ingrained in the wider bitcoin ecosystem that even if you forget them you will have no problem recovering from them in the future. Hell, I would bet the majority of users don't even know what derivation path they use, because if they import their seed phrase in to some other piece of software it will almost certainly find their coins on these standard paths. And then you've got software like Electrum, which will scan a bunch of commonly used derivation paths for you if you forget.

It would only be if I were using a non-standard and custom derivation path for some specific reason that I would also back it up.

organizations have attack surfaces that are vastly different than people like you and me.

I'm not denying that, but it is still a mistake to think you are immune to human error.

[larry_vw_1955]

If you stick to the standard BIP44/49/84 derivation paths, then this step is unnecessary in my opinion. Those paths are so ingrained in the wider bitcoin ecosystem that even if you forget them you will have no problem recovering from them in the future.

maybe it is for you but i have experience where the derivation path was m/44'/60'/0'/0 but no one knew that. i spent a long time researching and googling it before i came across it. that's an ethereum wallet but the point still stands. from that experience i learned about the importance of storing the derivation path because one little change like if you turned m/44'/60'/0'/0 to m/44'/60'/0/0 who would know how to fix that? no one would. you would just be making wild guesses. kind of like a brute force search.

I'm not denying that, but it is still a mistake to think you are immune to human error.

well yeah i mean i'm not immune to making errors. i need to test things that i'm doing to make sure they are functioning the way they were intended to. i'm just not convinced on the security aspect of an additional passphrase. that's all. why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?

[o_e_l_e_o]

maybe it is for you but i have experience where the derivation path was m/44'/60'/0'/0 but no one knew that. i spent a long time researching and googling it before i came across it. that's an ethereum wallet but the point still stands.

I don't think you can reach conclusions about bitcoin based on what some random altcoin is doing. Any worthless altcoin can decide to use completely moronic derivation paths if they want, as can any random piece of terrible wallet software. If you stick to reputable software using known processes, then the derivation paths are largely standardized.

why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?

As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.

When there are standardized methods of doing something, which are tried and tested and provably more secure, then coming up with your own ad hoc system is almost always a recipe for disaster.

[Welsh]

As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.

I feel like a broken record, because I've said I feel like a broken record before about a similar discussion, but it's the common theme of security vs convenience, and actually convenience is partly security. You make something too complex, and you'll likely forget it or potentially mess up during the creating of it or when verifying it.

In most cases, a simple physical backup of a seed phrase or private key is secure enough. As long as it's secured physically. That eliminates online attacks, and realistically you're only at the mercy of your local population. Depending on how you secure it, will depend how likely it's it'll get compromised. However, let's be honest there's some pretty simple ways of doing it, which which would basically eliminate any common thief that happens to wonder in your house.

[larry_vw_1955]

I don't think you can reach conclusions about bitcoin based on what some random altcoin is doing. Any worthless altcoin can decide to use completely moronic derivation paths if they want, as can any random piece of terrible wallet software. If you stick to reputable software using known processes, then the derivation paths are largely standardized.

ok but if you never actually check what the derivation path is then how do you know it's not something unexpected? you really don't. that's why i'm always going to see if the expected derivation path is actually the path the funds are on. that's a very important check to do instead of just assuming "oh this is wallet xyz everyone says it uses such and such path so i don't need to check anything".

why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?

As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.

notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.

In most cases, a simple physical backup of a seed phrase or private key is secure enough. As long as it's secured physically. That eliminates online attacks, and realistically you're only at the mercy of your local population.

this is a reasonable point of view. i think the local population is an important concept. that's really who you're most concerned with when you hide a seed phrase. they are the only ones that could possibly discover it thus i don't see the need for a passphrase. that just adds to the risk of something going wrong and you losing one or both. but to each their own. not saying passphrases are bad but i don't think they are for newbies.

[o_e_l_e_o]

ok but if you never actually check what the derivation path is then how do you know it's not something unexpected? you really don't. that's why i'm always going to see if the expected derivation path is actually the path the funds are on. that's a very important check to do instead of just assuming "oh this is wallet xyz everyone says it uses such and such path so i don't need to check anything".

That's a fair point. But if you check your derivation path, and it is the standard and very common m/84'/0'/0' for example, then I wouldn't feel the need to back that up as well, knowing how ubiquitous such a derivation path is and how easy it will be to recover from it in the future, even if I forget.

notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.

Ahh apologies, I misread. I'm still not a fan of splitting up an individual component of a back up, and much prefer that if you want to set a threshold of multiple back ups to recover your wallet then to use multiple components, such as seed phrase plus passphrase, or multi-sig. Having said that, splitting up a passphrase certainly can provide plausible deniability, especially if you then put some decoy coins on the wallets which were generated from both halves of your passphrase being used individually.

[larry_vw_1955]

That's a fair point. But if you check your derivation path, and it is the standard and very common m/84'/0'/0' for example, then I wouldn't feel the need to back that up as well, knowing how ubiquitous such a derivation path is and how easy it will be to recover from it in the future, even if I forget.

i could agree with that.  

Having said that, splitting up a passphrase certainly can provide plausible deniability, especially if you then put some decoy coins on the wallets which were generated from both halves of your passphrase being used individually.

hopefully the decoy coins amount to enough cash that they don't become wise to what you're doing.  you certainly don't want to be cheap there. it needs to be enough so that they actually believe you don't have a secondary stash somewhere that is bigger. because if they believe that then you got a whole other problem, convincing them that your net worth is that small. oh and here's a free tip: don't have any 2 ways transactions between your decoy and main wallet since when the robbers get home and see that your decoy coins are related to a bigger wallet, they might possibly pay you another visit.  

otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...

[dkbit98]

notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.

This is not a good idea, and remember that this is not ultimate protection for your assets, that can be brute force attacked, and keeping anything in your brain/memory is highly unreliable thing.
Please don't come up with this ''revolutionary'' splitting techniques for anything, because many security experts say that this is recipe for disaster.
People who are trying to make stuff to complex usually end up losing access to stuff they are trying to hide.