[Guide] Ways to improve your seed phrase backup process.

[Bitmore1]

How about a Safety Deposit box at a local bank?  About $40 a year.   

[1714753968]

1714753968

[1714753968]

1714753968

[1714753968]

1714753968

[1714753968]

1714753968

[1714753968]

1714753968

[tjtonmoy]

~Snip

You can just whatever method you are comfortable with. But the thing is, we need to encrypt seed phrase before backing it up. Could be a universal method, or as you mentioned entropy or something similar like that. I am confident about my method and I will continue to use it also I am not forcing anyone to use my method. If you like it you can use it. That's all. Otherwise you have other options to choose from.

How about a Safety Deposit box at a local bank?  About $40 a year.  

Banks are centralized. You cannot trust anything that is centralized. At least for me, I will never trust a bank for safekeeping something that is valuable to me. Have you ever realized if something happens to that bank then your safety deposit box is at risk too? Fire, water, storm, earthquake, natural disaster, anything like that could destroy the bank and those data stored into it. If you do it in multiple banks then that acceptable. But never do it in a single bank.

[DYING_S0UL]

Rather than making it too complex I might use a hardware wallet instead. At least it's hassle free. And as for your methods it is actually good but the thing is our memory is bad. We can't even remember our social media passwords let alone pin of my debit card. But since we don't have access to hardware wallets due to the ban I might think of testing your methods.

How about a Safety Deposit box at a local bank?  About $40 a year.   

Ever heard of natural disaster buddy?

Moreover, in case of death, amnesia, accident that makes you unconscious for the rest of your life, or whatever extreme yet real-life possibilities, will there be anybody else who's able to unlock that encryption? Or will the coins perish with you?

I remembered something from o_e_l_e_o.

Other answers above have told you just how insecure brain wallets are and how humans are a terrible source of entropy.

Each year:

69 million traumatic brain injuries: https://pubmed.ncbi.nlm.nih.gov/29701556/
12 million strokes: https://www.world-stroke.org/assets/downloads/WSO_Global_Stroke_Fact_Sheet.pdf
10 million new diagnoses of dementia: https://www.who.int/news-room/fact-sheets/detail/dementia
5 million new diagnoses of epilepsy: https://www.who.int/news-room/fact-sheets/detail/epilepsy
2.5 million cases of meningitis: https://www.path.org/articles/toward-world-without-meningitis/
2 million new brain tumors: https://academic.oup.com/noa/article/3/1/vdaa178/6043315
1.5 million cases of encephalitis: https://www.sciencedirect.com/science/article/pii/S0163445322002110

That's each year, and that's only major conditions which directly affect the brain. Add in things like cardiac arrest, heart disease, sepsis, shock, diabetes, vascular injury, hemorrhage, poisoning, smoke inhalation, etc., all of which can cause secondary brain injury, and there are literally hundreds of millions of people every single year who suffer some form of insult to their brain which can lead to memory problems.

Do you want to trust all your coins to those odds? I know I don't.

[Darker45]

Moreover, in case of death, amnesia, accident that makes you unconscious for the rest of your life, or whatever extreme yet real-life possibilities, will there be anybody else who's able to unlock that encryption? Or will the coins perish with you?

I remembered something from o_e_l_e_o.

Other answers above have told you just how insecure brain wallets are and how humans are a terrible source of entropy.

Each year:

69 million traumatic brain injuries: https://pubmed.ncbi.nlm.nih.gov/29701556/
12 million strokes: https://www.world-stroke.org/assets/downloads/WSO_Global_Stroke_Fact_Sheet.pdf
10 million new diagnoses of dementia: https://www.who.int/news-room/fact-sheets/detail/dementia
5 million new diagnoses of epilepsy: https://www.who.int/news-room/fact-sheets/detail/epilepsy
2.5 million cases of meningitis: https://www.path.org/articles/toward-world-without-meningitis/
2 million new brain tumors: https://academic.oup.com/noa/article/3/1/vdaa178/6043315
1.5 million cases of encephalitis: https://www.sciencedirect.com/science/article/pii/S0163445322002110

That's each year, and that's only major conditions which directly affect the brain. Add in things like cardiac arrest, heart disease, sepsis, shock, diabetes, vascular injury, hemorrhage, poisoning, smoke inhalation, etc., all of which can cause secondary brain injury, and there are literally hundreds of millions of people every single year who suffer some form of insult to their brain which can lead to memory problems.

Do you want to trust all your coins to those odds? I know I don't.

Thanks for quoting his post. The actual figures are much higher than I would probably estimate. But even without knowing the actual numbers, even discounting all these diseases, illnesses, and injuries, can we fully trust our memory or our brains even if they're healthy? I don't think so. It doesn't take an amnesia for people to forget things. And given that what's at stake is something that we can't just afford to lose, should we risk it? Of course, not.

[o_e_l_e_o]

I have shared both simple and complex methods.

The simple one adds zero security and is trivial to brute force, while the complex one adds minimal security while greatly increasing the chance that you accidentally lock yourself out of your wallet.

I have lost track of the number of posts on this forum of people who have come up with their own back up method or their own "encryption" scheme (what you have done is not encryption, by the way), and locked themselves out of their wallets. It is not safe and it does not add the security you think it does.

If you are worried about your seed phrase back up being found, then you have two main options: Hide it somewhere safer, or move to a system which requires the compromise of multiple back ups - either seed phrase plus passphrase, or multi-sig. Both passphrases and multi-sig are far safer and far more secure than your proposal, as well as adding more redundancy against loss and being standardized across the entire ecosystem.

Why you not encrypt it using an free application? Files saved in Notepad format won't be accessible to anyone unless they know the key or password for the file. There are many free encryption tools available, such as WinRAR (there is free version) or even OpenPGP.

And you've reviewed the code of these programs to ensure they are 100% foolproof? WinRAR isn't even open source, so good luck with that. And you've made sure to write junk data over the sectors of your hard drive which held the unencrypted seed phrase before you encrypted it? I doubt it.

Just write it down on paper like you are supposed to.

[Mate2237]

Op this your method of encrypting seed phrase will confused someone and by the way if you enter wallet board you see different ways of backing up you seed phrase and the best way to secure your seed phrase if there is devices and to reduce cost is paper. You can just write it in different papers like 4 and laminate them and keep them in different locations. And not necessarily in you house only but somewhere you trust. And you can make something like as the encrypted one.

Assuming this is the seed phrase.
Mate2237 theymos NotATether hilariousandco Cyrus TryNinja
_act_ icopress LoyceV o_e_l_e_o sleep guitar

This is another way to arrange it.
12Guitar 1Mate2237 theymos2 NotATether3 Cyrus5 4hilariousandco TryNinja6
sleep11 o_e_l_e_o10 LoyceV9 icopress8
With the numbering like this you will know where each word would be fixed in.

[Mr. Magkaisa]

      -   It's okay that you did it, mate, so for me, as long as you know how to keep it and appreciate it, I think that's enough. As long as you can put the seed phrases of your wallet account in the right place, that's enough, as well as the order.

As others who gave their opinion said, it's better to keep it simple. Let's not make it complicated if we can just make it simple. If someone else is simplified by the tips you gave, that's good.

[Zaguru12]

Assuming this is the seed phrase.
Mate2237 theymos NotATether hilariousandco Cyrus TryNinja
_act_ icopress LoyceV o_e_l_e_o sleep guitar

This is another way to arrange it.
12Guitar 1Mate2237 theymos2 NotATether3 Cyrus5 4hilariousandco TryNinja6
sleep11 o_e_l_e_o10 LoyceV9 icopress8
With the numbering like this you will know where each word would be fixed in.

This is not still different with the OP suggestions because even if you don’t lock your self out of this one, once someone gets hold of these phrases he will easily arrange this in the right order. The numerical numbers you attached to each one will definitely show the person the position of each since we all know that seed phrase are just words and not with characters attached. And even if you use another thing to designate each word’s position, a brute force will be use to arrange them. Just as everyone said you can simply create an either a multi sig wallet or add passphrase to the seed phrase and store passphrase in another location.

[o_e_l_e_o]

You can just write it in different papers like 4 and laminate them and keep them in different locations.

Bad idea. You have zero redundancy in such a set up, and if you lose one back up you cannot recover the data stored on it. Thankfully your proposal is so insecure that the data could be trivially brute forced. All in all, a bad solution.

If you are willing to have four back ups, then either use a seed phrase with passphrase with two back ups of each, or use a 3-of-4 multi-sig. With both you can lose a back up with no consequences, they are resistant to brute forcing, and you are far less likely to lock yourself out of your wallet.

[Hamza2424]

Hehe, first of all securing only the seed is a big deal with that we are encrypting the seed and now saving the encrypted seed is also the same challenge. I know encryption will add a layer of security to the seed phrase but still securing that encrypted form is also the same as the original seed phrase.

I've seen that most of the centralized exchanges provided a feature of the Web-3 Wallet haha they've introduced a keyless, crypto wallet I'm particularly mentioning OKX here in which your Web 3 wallet is directly connected with the Exchanges's custodial wallet. Here the point to mention is that securing the seed phase offline is recommended and these wallets are recommending the Google Drive backup.

Hehe regardless of the encryption and extra security layers better prefer following the offline procedure as saving it on Paper or any other way you prefer.

[Z-tight]

Another possible way to improve this is to rearrange the words before you group them, maybe you’ll have a pattern to decipher them when it’s time to use them. The importance that rearranging the words could serve is that even if someone else saw and tried the phrases, they still won’t get access because you’ve mixed up somethings, but then, it mustn’t be the whole words, it could be just a word or maybe rearrange the group instead. But in all, have a retentive memory so you don’t end up trying to crack something you set by yourself.  

Don't do this if you do not want to lock yourself out of your funds, 'rearranging' the words that make up your seed phrase only gives you a false sense of security, instead of doing that, add an extra layer of security like extending your seed phrase with a passphrase, or setting up a multisig wallet. The extra layers of security may prevent you from loss if your seed phrase is compromised and a passphrase is also great for plausible deniability in a situation of a $5 wrench attack.

Our memory can retain information, but for how long, and how about injuries to the brain and other diseases that affect the memory, you may have memorized your seed phrase today, but in a month or two you're already missing some words, or forgetting the right sequence. Just back it up on paper in the right order.

[jeraldskie11]

<snip>

Don't do this if you do not want to lock yourself out of your funds, 'rearranging' the words that make up your seed phrase only gives you a false sense of security, instead of doing that, add an extra layer of security like extending your seed phrase with a passphrase, or setting up a multisig wallet. The extra layers of security may prevent you from loss if your seed phrase is compromised and a passphrase is also great for plausible deniability in a situation of a $5 wrench attack.

Our memory can retain information, but for how long, and how about injuries to the brain and other diseases that affect the memory, you may have memorized your seed phrase today, but in a month or two you're already missing some words, or forgetting the right sequence. Just back it up on paper in the right order.

Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated.

If the basic security of Bitcoin is not enough to keep the funds safe, we would have heard a news of many investors who hold Bitcoin from around 2010 to 2015 that have been hacked.

And because we heard that most investors lose access of their wallet is because of a misplaced not by hack, so the problem is not in the security but in the key. We should focus on what is the best way to keep the key.

20% of All BTC is Lost

[Z-tight]

Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated.

A multisig set up is not unnecessary, it is a good extra layer of security to use. It is also not as complicated as you think it is, you only have more backups and you need more devices, but if you know what you are doing, it would give you better security because an attacker has to compromise more than one key to steal your funds

If the basic security of Bitcoin is not enough to keep the funds safe, we would have heard a news of many investors who hold Bitcoin from around 2010 to 2015 that have been hacked.

The BTC network is secure, but the BTC in your wallet is not secure by default, it is as secure as the device you use, your opsec and general knowledge. People lose their funds for many reasons, hackers compromise people's devices and steal their funds. I am not saying that without a multisig set up, one must lose funds, but a multisig wallet makes it harder to lose your funds.

And because we heard that most investors lose access of their wallet is because of a misplaced not by hack, so the problem is not in the security but in the key. We should focus on what is the best way to keep the key.

I am having a hard time understanding what you mean, your keys are stored locally in your wallet sofware, if a hacker compromises your wallet, they'll steal your funds, you can also lose your funds if your seed phrase is exposed.

20% of All BTC is Lost

I stopped reading this when the writer called BTC a token:

Bitcoin users have misplaced about 20% of all existing tokens

[DYING_S0UL]

Just write it down on paper like you are supposed to.

Yup that's the first thing I did. If I remember correctly, the only time my seed phrase was exposed is at the time of it's creation. And after that, I made sure to make it completely off grid. I just hope bugs or cockroaches doesn't eat out my note pad, lol (Saying in a sarcastic manner).

[o_e_l_e_o]

Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated.

It depends entirely on your threat model. It's maybe not necessary for you, or indeed for many people, but for some people it is exactly what they need.

If the basic security of Bitcoin is not enough to keep the funds safe, we would have heard a news of many investors who hold Bitcoin from around 2010 to 2015 that have been hacked.

Of course, but that has nothing to do with multi-sig. Multi-sig removes a single point of failure and adds redundancy to your back ups. It does nothing to the underlying security of the secp256k1 curve, which is of course plenty secure.

20% of All BTC is Lost

This is pure speculation.

[apogio]

Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated.

Just keep in mind that this security only helps in case one backup is lost or stolen. In general, the level of security that bitcoin provides is 128 bits. This Is infeasible to be violated, but what we do here, is we add another security layer on top of that in case any backup is lost.


I will guide you to my post here where I explain how many bits of security OP's suggestion adds, compared to my suggestion.

https://bitcointalk.org/index.php?topic=5477341.msg63312153#msg63312153

Just notice that using multisig essentially adds another 128 bits of security on top of the initial ones. It is similar to using a strong passphrase (128 bits +) security wise.