How to safely store your Bitcoin seed phrase
What is a seed phrase
Your seed phrase is a universal backup to your coins, keeping it safe is a crucial part of managing and securing your funds in case your wallet is inaccessible.
BIP39 describes the process of generating a mnemonic sentence that is later used to generate master private key by randomly selecting between 12 and 24 numbers in the range of 0–2047. Each number represents an index to a word in a preset word list of 2048 words from the English dictionary (other languages are supported as well). These index numbers are then used to generate a master private key and the user is eventually presented with the mnemonic sentence or a seed phrase. As long as the user backs up this list of words in the correct order, they will always be able to recover their funds as all private keys are generated from the master private key. A cool feature that is often missed when reviewing the mechanics of a BIP39 seed phrase is the fact that all words in the dictionary can be uniquely identified by the first 4 characters, making it easier to type in hardware wallets where you sometimes need to use a small touch pad and also makes it harder to misspell longer words.
If a list of 12 words from a known 2048 words dictionary sounds like a small set to randomly select such an important key from, then that’s because humans are really bad at imagining just how big, big numbers are.
If I gave someone my first 6 words of my seed phrase in the correct order, they would still need to go over a key space of 2048⁶ combinations, which is: 73,786,976,294,838,206,464 options. Even if we could compute 100 billion guesses per second it will still take us over 23 years to go over the entire key space and cover all possible combinations. And that’s for a single seed phrase which we had the first 6 words for in the correct order.
The security of your coins is as strong as the weakest link. A highly secure hardware device like a Coldcard/Trezor/Ledger is (almost) useless if your seed is stored in your email inbox, or as a photo on your mobile device.
When deciding how to protect your seed phrase, you will have to find the right balance between too much to too little security. Having a very complex security scheme can often leave users locked out of their wallets and their funds, while taking no security precautions will often lead to theft.
Should I set a password for my seed?
You probably should. As confusing as it sounds, setting a password for your seed is not the same as setting a password for your wallet. Setting a password for your wallet means that the particular software installed on your phone or computer will require the user to input the selected password whenever your wallet software is used. Even if your wallet software is password protected, anyone with access to your seed phrase can still access your funds regardless if they know the password for your wallet software.
Setting a password for your seed is like adding a custom 13th (or 25th) word, and saving this password in a different location from where you keep your seed phrase is effectively like setting up 2FA for your seed.
Setting a password for your seed will increase the level of security in 3 ways
- Mitigate hardware wallet security vulnerabilities - Hardware wallets do not store your seed password on the device, in contrast to your seed phrase itself. There are known vulnerabilities in some hardware wallets that allow the extraction of the seed phrase.
- Diversification of the way you store your seed - If you use a password, you can store the seed phrase in one place and your password in another without jeopardising your security. One part is useless without the other.
- Plausible deniability - Your seed phrase is valid with or without a password set, however, setting a password for your seed will generate different public/private keys and therefore different Bitcoin addresses. Saving just a small portion of your wealth on Bitcoin addresses generated by your passwordless seed phrase will allow you to possibly fend off any $5 wrench attacks and also to make sure that your seed was not exposed (as long as the Bitcoin is there, it's most likely not been exposed).
Should I split my seed phrase?
Maybe, it adds complexity but offers some benefits. There are 3 common ways of splitting your seed into multiple shares
- Seed XOR - Originally developed by Coinkite, Seed XOR is an open source software that allows you to split your seed into 2 shares (each share is a valid BIP39 seed phrase). Combining the 2 shares with the software will result in the original seed phrase.
- Shamir Secret Sharing Scheme - Using this method will allow you to define any number of shares to split the seed into and any number of required shares to recover it. For example, you could generate 5 shares and require any shares 3 for recovery. This provides some protection from data loss however SSSS has some pitfalls which you must consider.
- Word split - When using a 24 word seed, you could split your seed phrase into 3 shares, where any 2 shares can recover the complete seed phrase. 1st share holds words in positions 1–16, 2nd share holds 9–24, and the 3rd share holds 1–8 and 17–24. Anyone who gets a hold of just one share will need to recover 8 missing words, which is practically impossible. You should not use this method with a 12 word seed phrase, since each share will hold 8 words leaving just 4 words for an attacker to recover, a task that can, and have been done in the past.
How should I store my seed phrase?
Whether you chose to set a password for your seed phrase, split it or xor it - You still need to store it in a way that will allow you to successfully recover and restore it 10, 20 or even 50 years from now. Storing your seed phrase on any digital media is risky, especially on devices that are connected to the internet.
Regardless of the method you choose to store your seed phrase in, you should always make several copies and store in a safe location that only you have access to. You should also always separate your seed phrase from your password if you chose to set one up.
- Pen and paper - Make sure to allocate at least 15 minutes for this task, do it in a quiet room and pay close attention to what you're doing. You don't want to end up with a bunch of words you can't really read. Laminate to avoid any water damage.
- DIY Metal storage - Safu.Ninja describes the process of punching your seed phrase on metal wafers, which is a cheap and more robust way of storing your seed than using a piece of paper. You do have to consider the type of metal you choose to use for the wafers as ideally you'd want this solution to be protected from any corrosion, high temperatures and physical damage.
- Other metal based storage - There are many options for devices that were specifically designed to safely store seed phrases for long periods of time, honourable mentions are HODLR.swiss, Seedplate and Blockplate. They've been all battle tested extensively by Jameson Lopp.
Things you probably should not do
- Store your seed phrase in any digital device that has internet access.
- Mix up the order of the words in an attempt to increase the level of security.
- Obfuscate your real seed words by placing them along other decoy words.
- Memorize your seed.
Stack your sats wisely.