Does using multiple hardware wallets (w/o seed) make sense?

[yowbow]

I’m thinking of using multiple hardware wallets (e.g., 3 devices), with the seed stored only on the devices as private keys, not backed up offline. The idea is that if one or two devices fail, destroyed or stolen, you still have an access and move your coins to a new wallets. And the stolen device is not usable because of the PIN protection.

Alternatively, with a seed + passphrase, I’d need to store the seed somewhere offline, which carries the risk of theft or loss. For the passphrase, I’d either have to memorize it (which feels risky if it’s short and easy to guess) or write it down, which makes it vulnerable to theft.

Looking for insights, especially from those with experience using hardware wallets or seed phrases long-term:

1. Is using 3 hardware wallets (with seeds only on the devices) a safer option than seed + passphrase? Are there long-term risks with relying on multiple wallets (e.g., hardware failure, tech obsolescence)?

2. How likely is it for an attacker to guess a passphrase made up of 4 words from the BIP-39 list? It seems like 4 words (2048 options per word) could be brute-forced in just a few days on powerful systems — how risky is this in practice?

3. What’s your take on passphrases in general? How long or complex should they be to make brute-forcing impractical?

[OmegaStarScream]

1. Some  firmware update might require you to have access to the seedphrase. Is this a risk you would be willing to take? I wouldn't.

2. The passphrase as far as I know does not need to be part of the BIP39 wordlist. It can be anything you want so this should limit your risks.

3. The thing with passphrases is that no one who would find your seedphrase, would necessarily think of brute forcing it and think of a passphrase. Cause the seedphrase would still allow him to access the wallet, it's just going to be an empty one. I would go with an actual long phrase as opposed to just extra word(s) from the dictionary.

[OcTradism]

I’m thinking of using multiple hardware wallets (e.g., 3 devices), with the seed stored only on the devices as private keys, not backed up offline. The idea is that if one or two devices fail, destroyed or stolen, you still have an access and move your coins to a new wallets. And the stolen device is not usable because of the PIN protection.

Alternatively, with a seed + passphrase, I’d need to store the seed somewhere offline, which carries the risk of theft or loss. For the passphrase, I’d either have to memorize it (which feels risky if it’s short and easy to guess) or write it down, which makes it vulnerable to theft.

You can think of using different hardware wallets for two reasons

The first reason is to diversifying your storages to different hardware wallet brands. That is good as each hardware wallet brand has different strength and weakness. Hardware wallets have their hacks, data breaches history too and by diversifying to different brands, you are diversifying risk and likely reducing risk too.

The second reason is you can use different hardware wallets as cosigners of your multisig wallets. That will prevent chance of losing bitcoin fund if one wallet compromised.

[LIST] Open Source Hardware Wallets.
[GUIDE] How to buy a Hardware Wallet the right way.
[LIST] Multisig Wallets.
Timeline of hardware wallet hacks.

[yowbow]

1. Some  firmware update might require you to have access to the seedphrase.

Then you need to move your coins to new wallet. I mean update 1 of 3 hardware wallets, create there new wallet, move your coins there. Update 2 other wallets. Destroy the seed phrase. Yes it's some work to do, and some small costs to move your coins.

2. The passphrase as far as I know does not need to be part of the BIP39 wordlist. It can be anything you want so this should limit your risks.

That's right, but if it's short it could be brute-forced and if it's long you have to write it down, which makes it vulnerable to theft.

would necessarily think of brute forcing it and think of a passphrase.

I wouldn't count on it. I'm sure that if someone gains access to the seed phrase, they will immediately begin the process of searching for the passphrase, even if there are coins on the open wallet with just the seed phrase. Brute-forcing for the passphrase isn't as expensive as the prize the attacker could win.

[rat03gopoh]

• The risk of damage (accident) or loss of your physical wallet from the moment it's in your hands is truly beyond long-term prediction.
• It depends on whether the four words you put together are meaningful. After all, why use words from the BIP39 list for a passphrase when you can simply add any word you like with special character support?
• Use this tool as a rough reference: https://codeforgeek.com/free-password-strength-checker/#google_vignette

[NeuroticFish]

Maybe I'm getting old, but I'm not a big fan of passphrases and I am totally against the seed being handled only by hardware devices, without backup.
Your logic somehow seems to be missing something obvious: storing safely the wallet seed is not more difficult as storing safely the (3x) PIN for those HWs.
So imho you're overcomplicating things with no actual benefit.

PS. Keeping the PIN only memorized is a sure recipe for disaster, please don't even try to mention it.

[Catenaccio]

So imho you're overcomplicating things with no actual benefit.

PS. Keeping the PIN only memorized is a sure recipe for disaster, please don't even try to mention it.

Memorizing things
Relying on memory
Complicating things

They are preparations of disasters.

How to back up a seed phrase? It is long but worth reading and Lopp wrote some strong warnings.

I only think memorization is a good strategy for temporary emergency use. As a long term storage strategy it creates single points of failure:

You may forget the seed phrase.
You could be injured and unable to recall it.
You could die and your heirs would be unable to access it.
You could have seed phrase coerced out of you.

Seed Backup Threat Model
Loss due to complexity / not being able to restore from backup

[yowbow]

storing safely the wallet seed is not more difficult

Complicating things

Maybe you have seen the news "South Korea’s tax office leaks wallet seed and loses $4.8M in seized tokens" and the photos that have been published. These guys tried to keep everything simple, and here's what they ended up with  

[yowbow]

It depends on whether the four words you put together are meaningful. After all, why use words from the BIP39 list for a passphrase when you can simply add any word you like with special character support?

Let’s say I came up with a passphrase made of random characters, how many can I reliably remember – 8, maybe 10. How long would it take to brute-force such a passphrase?

[5W-KILO]

Sorry I got to call this a lame risk, it's not going to worth it.

Why? Those are electronic devices, you switch them off and on, they can refuse to turn on one day.
You can lost the three, the risk on the two that you use as an example also equals to the last hardware wallet.

Never, ever, let your hardware wallet do the keeping, they can stop working one day and you will be the next on paper millionaire in 2045 finding ways to bring a dead device bad to life.

Nothing can beat you keeping your recovery seed offline, by yourself.

[Catenaccio]

Maybe you have seen the news "South Korea’s tax office leaks wallet seed and loses $4.8M in seized tokens" and the photos that have been published. These guys tried to keep everything simple, and here's what they ended up with  

They did not do that in a simple way, but in a careless way.

Simple and careless are different.
You can do things in a simple way but it is safe and secure while if you do things carelessly, it is unsafe and not secure.

And you can do complicated things in careless way to make it bad, unsafe, not secure.

[Z-tight]

Maybe you have seen the news "South Korea’s tax office leaks wallet seed and loses $4.8M in seized tokens" and the photos that have been published. These guys tried to keep everything simple, and here's what they ended up with  

I have read the news and this loss has nothing to do with keeping things simple. It was a stupid mistake that should never have happened, and can only happen when a bunch of amateurs are dealing with crypto. How could you expose a seed phrase to the public during a press release, lol.

Overcomplicating things sometimes is a recipe for disaster. It is great to extend your seed phrase with a passphrase, that is a recommended extra layer of security, but you have to back it up and not memorize it, the same way you have to also back up your seed phrase.

[Cryptomultiplier]

I’m thinking of using multiple hardware wallets (e.g., 3 devices), with the seed stored only on the devices as private keys, not backed up offline. The idea is that if one or two devices fail, destroyed or stolen, you still have an access and move your coins to a new wallets. And the stolen device is not usable because of the PIN protection.

Alternatively, with a seed + passphrase, I’d need to store the seed somewhere offline, which carries the risk of theft or loss. For the passphrase, I’d either have to memorize it (which feels risky if it’s short and easy to guess) or write it down, which makes it vulnerable to theft.

Looking for insights, especially from those with experience using hardware wallets or seed phrases long-term:

1. Is using 3 hardware wallets (with seeds only on the devices) a safer option than seed + passphrase? Are there long-term risks with relying on multiple wallets (e.g., hardware failure, tech obsolescence)?

2. How likely is it for an attacker to guess a passphrase made up of 4 words from the BIP-39 list? It seems like 4 words (2048 options per word) could be brute-forced in just a few days on powerful systems — how risky is this in practice?

3. What’s your take on passphrases in general? How long or complex should they be to make brute-forcing impractical?

To rely on hardware devices for seed storage issues a significant risk of its own and that's why I can advice you to avoid the use of hardware only storage, always try to maintain a physical offline backup of your seed phrase which is best to be etched on something like a steel plate and stored in a secure location.
You should also try to avoid using sentences or related words for your passphrase.

 

[BlackHatCoiner]

Someone has to examine the urge of people to over-complicate the setup of their wallets. How can you prefer having three separate hardware wallet devices than just sticking with a paper and a pen?

Seriously, just keep a backup on a piece of paper. Three devices to stop working at the same time is improbable, but I just don't see why you just want to go against the traditional, thoroughly tested way.

[macson]

I wouldn't want to rely on hardware solely to store my seed phrases. Even if you say there are three devices for that, that still carries the risk that they could have problems at any time, and I don't want to risk myself with that. Just stick to the recommended method for securing your seed phrases --- there's no need to complicate things when it's not necessary.

[Bastketsrus]

I’m thinking of using multiple hardware wallets (e.g., 3 devices), with the seed stored only on the devices as private keys, not backed up offline. The idea is that if one or two devices fail, destroyed or stolen, you still have an access and move your coins to a new wallets. And the stolen device is not usable because of the PIN protection.

Alternatively, with a seed + passphrase, I’d need to store the seed somewhere offline, which carries the risk of theft or loss. For the passphrase, I’d either have to memorize it (which feels risky if it’s short and easy to guess) or write it down, which makes it vulnerable to theft.

Looking for insights, especially from those with experience using hardware wallets or seed phrases long-term:

1. Is using 3 hardware wallets (with seeds only on the devices) a safer option than seed + passphrase? Are there long-term risks with relying on multiple wallets (e.g., hardware failure, tech obsolescence)?

2. How likely is it for an attacker to guess a passphrase made up of 4 words from the BIP-39 list? It seems like 4 words (2048 options per word) could be brute-forced in just a few days on powerful systems — how risky is this in practice?

3. What’s your take on passphrases in general? How long or complex should they be to make brute-forcing impractical?

Relying only on hardware wallets without keeping a seed backup feels risky to me because devices can fail, get lost, or become outdated over time. The seed phrase is really your main recovery option. Using a seed plus a passphrase is generally safer if you store them separately, and a random 4–6 word passphrase is already very hard to brute-force. In the end, a solid backup setup matters more than just having multiple devices.

[nakamura12]

Maybe you have seen the news "South Korea’s tax office leaks wallet seed and loses $4.8M in seized tokens" and the photos that have been published. These guys tried to keep everything simple, and here's what they ended up with  

They did not do that in a simple way, but in a careless way.

Simple and careless are different.
You can do things in a simple way but it is safe and secure while if you do things carelessly, it is unsafe and not secure.

And you can do complicated things in careless way to make it bad, unsafe, not secure.

Yes, it may be simple but if it's stored safely then no one will be able to take the wallet's fund if it's stored correctly even If it's simple. There are people who only made a backup with not using any tools or encryption to make it not easily stolen is that they still have their funds and not getting stolen by anyone. Writing it on paper is even more simple than using devices or other ways to keep a backup and yet it can't be stolen once hidden safely.

[yowbow]

How could you expose a seed phrase to the public during a press release, lol.

When I wrote “these guys,” I didn’t mean the tax authorities, but those who were holding the coins and the seed phrase. They may have been stored together or separately, but that didn’t change the fact that they were discovered and seized during the search. If we assume the seed phrases were stored separately from the wallets, what did they do wrong?

[yowbow]

a random 4–6 word passphrase is already very hard to brute-force.

I saw a somewhat older video, can’t find it anymore, but maybe it was CryptoGuide. He was demonstrating and comparing the strength of different passphrase lengths. The conclusion was that 4 or even 5 words aren’t enough to be secure. Are there any more recent articles on this topic?

[yowbow]

if it's stored safely

Where is this place? It all depends on how long and persistently someone searching is willing to find it. A bank safe deposit box — definitely not, and there are plenty of examples of this; just look at the news from the past few months. Hiding it in your own home, only to come back after vacation and find that someone had spent several days tearing apart the walls, searching every inch, is also not such a great idea.