Author

Topic: 2-minute “hardware wallet backups – safety vs. security” survey (Read 160 times)

full member
Activity: 519
Merit: 197
Quote
i thing not for hardwallet only, this is good for software wallet too. i did for elecrum. thanks
jr. member
Activity: 35
Merit: 16
Sharing the strategy I’m using to protect my own hardware wallet backups.

I’ll be happy for any comments.


STEP #1: Keep Your Recovery Seed 100% Offline – ALWAYS

I created multiple physical recovery seed backups (wrote my recovery seed on a paper) and stored it in different places, 100% offline.


I tested the recovery seed I wrote on the paper to make sure I made no mistake.

Here is how you can test your recovery seed:

For Trezor wallet: https://wiki.trezor.io/User_manual:Dry-run_recovery

For Ledger wallet: https://support.ledger.com/hc/en-us/articles/360007223753-Recovery-Check


Also I’m considering buying a Cryptosteel or other “indestructible” metal seed storages:

https://medium.com/@lopp/metal-bitcoin-seed-storage-stress-test-21f47cf8e6f5


Finally, I scheduled regular reminders to check all my backups and make sure they are okay (not stolen/destroyed).


STEP #2: Enable Passphrase On Your Hardware Wallet

The passphrase is widely recommended by cybersecurity professionals and has multiple security effects as:


· If you do not use a passphrase, your recovery seed is all that is needed to access your coins

· Passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well

· Do not store passphrase right next to the backup of your seed. Consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months

· A passphrase or more passphrases can be used with the same device to create the so-called “hidden wallets”

· You can share your account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their custom passphrase – this is especially useful for inheritance planning


Read more about the passphrase security benefits from official Trezor wallet resources (similar also for other hardware wallets):

https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925b

https://blog.trezor.io/seed-pin-passphrase-e15d14a0b546


According to these recommendations, I activated a passphrase to protect my recovery seed.

Let’s say my passphrase is “my-super-secret-passphrase-20190414”


STEP #3: Backup First Passphrase Part Offline

Even if I can remember my passphrase, I am aware that I might forget it due to the passage of time, disease or accident. Not likely, but it might happen.


That’s why I wrote down the first passphrase part (“my-super-secret-“) on a paper and stored it in a different place than the recovery seed is stored (to keep recovery seed and the first passphrase part separated).


Then I scheduled regular reminders to refresh my memory, not to forget my passphrase and check all my backups.


STEP #4: Schedule Recovery / “Inheritance” Email Containing Second Passphrase Part

And now the most important thing.


I scheduled my recovery email containing the second passphrase part (“passphrase-20190414”).

What does it mean?


If I am inactive longer then a waiting period I choose (e.g., 3 months), my family will receive the recovery email containing the second passphrase part.


In my recovery email, I put important details on where my family can find my physical backups (recovery seed and first passphrase part), plus it also includes the second passphrase part itself, which they need to access my digital assets.


You can use this recovery email template as an inspiration:

https://seedcret.com/kb/recovery-email/

Besides Seedcret free account, you can schedule your second recovery email (as a backup) also with Google Account Inactive Manager:

https://support.google.com/accounts/answer/3036546?hl=en


WHAT ARE THE BENEFITS? WHY I DID IT?

BENEFIT 1 (for myself) – peace of mind: Even if I would forget my passphrase, I know where to look, to refresh my memory


BENEFIT 2 (for others) – inheritance plan: In advance, I can let my family know where both physical backups are (the recovery seed and the first part of the passphrase) and also that they would receive the recovery email containing the second passphrase part in case of an accident/death

Of course, I can give the second passphrase part to my family right away but I don’t want to do it because:

· The more people know the passphrase, the higher the risk is, that it will be compromised (even by accident)

· I want to make sure that my family will access my assets once I am not here anymore but not before (when I am still here:))


BENEFIT 3: No need for lawyers or any third party that you have to trust.


BENEFIT 4: Passphrase backup in separated into two parts stored offline and online – a criminal visiting your flat won’t be able to find the whole passphrase in one place (because the second passphrase part is stored online)
jr. member
Activity: 35
Merit: 16
Hi friends,


I'm working on a new service and trying to understand how people manage their crypto hardware wallet backups today. If you'd have 2 minutes to spare I'd greatly appreciate if you could take the anonymous survey below.


Specifically, I’m trying to get some insight into what is the reasonable balance between safety and security for crypto owners when managing their recovery seed and passphrase backups.


For example, the most obvious and arguably most "secure" is storing your passphrase backup in your head. However, this maybe isn't that "safe" in case of forgetting your passphrase due to the passage of time, disease or an accident. And certainly, it's not "safe" at all for inheritance purposes as your passphrase is going to the grave with you, leaving your Next-of-Kin with nothing Sad


There's not much I could offer back except good karma and sharing the survey results. But I can promise that your feedback will help me develop a better service that will benefit you and the broader crypto community.


Thanks in advance Smiley

https://docs.google.com/forms/d/1M27KYjG622Jq55-fD1EFZqYKEKtH_S7g1krFDfaWISo/


PS: If you are interested in the service I’m building, drop me a message. I’ll be happy to share more details and also give you the premium features for free (once built and finished)


PS2: Below in comments, I’ll share how I protected my own hardware wallet backups for your inspiration. Hopefully, you’ll find this strategy beneficial when keeping your backups safe and/or help me make it even better! I’ll be happy to answer anything.
Jump to: