Topic: [Tips] Ways to Protect Recovery Phrase - Mnemonic (Read 322 times)

Which is the whole point of multi-sig - to build redundancy in to the system so it doesn't matter if one or two friends start losing the keys. If you really don't trust your friends, then go for something like a 4-of-8, meaning 50% of them can lose the keys and you can still recover your wallet. But if your friends can't be trusted to safely hold on to a piece of paper, then maybe you should be looking for other friends/relatives/locations to store your keys with.

If you have absolutely no other options, then it's marginally better than just committing your seed phrase to memory, which is obviously the worst possible method. But I wouldn't go recommending in a thread aimed at newbies who don't understand the distinction.

I agree with you. Keep it simple for newbies. They just make several copies and keep them safe and in secret place.

It's not good if they start with complicated process and don't actually know what they are doing. In the end, it would be a nightmare if they lose in a complicated procedure to recover their wallet.

So, to start off, they should use a simple method, backup on paper, test validity / usability of their backup, try to recover their wallet with backup. If the recovery works, they can start using wallet.

The step to test validity/ usability of backup is very important because if you make some mistake when backing up your wallet, it won't work in case you need it definitely. So in the end, it is like you don't have any backup at all.

After being proficient with a cycle from create, backup, recover wallets on paper, they can try other methods.

That's true. But using novem to store this information requires great care and the highest possible level of protection.

If you get to use this, in addition to the various measures already mentioned by other users, it will be to have this information inside a file in which its name has nothing to do with the cryptos and the content of the file has much more information than just the keys.

For example, writing the words in the middle of a 200 page book. It's not easy and much less recommended, but here's this suggestion.

It doesn't completely negate a good back up, it rises risks against certain threats while lowering risks against other threats. In your example the person would have a drastically higher chance of losing their coins to malware, but the steel plate seed will give them a good chance of saving their seed from a house fire.


With multisig you can lose your coins if your friends start losing their keys. IMO this is even worse than a bank, because banks specialize at storing things, but regular people easily lose and forget things.


This can be the last resort in certain situations. Like being in a warzone or in a place affected by some natural disaster. When all your physical backups can be lost at any second, even the ones you store in other places.

That's right because most of the newbies here don't have any idea about using different ways to store their seed safely and in that case the perfect advice is to store them safely on piece of paper only without any online storage involvement.They should note it down once they have setup their wallet and no pictures should be taken or saved as notes in the mobile phone which could be reason for loss of funds.Having proper backup in two or more places is important because if one place is compromised you can have it from other sources.

You cam trust someone close to you in case something happens to you they can use your funds but keep in mind trust is the vital factor that plays major role in keeping your funds safe.



Mixing up the words maybe confusing for the person himself and he needs to sort the words in order to use his funds or transfer them but in the case of splitting it becomes more difficult as you have to collect the words and if any of the 12 or 24 words is not in correct order or not available with you then funds are lost permanently.So why go with such complex methods when you some simple and traditional way can save you from lot of troubles.

I remember there was one such thread on the forum where member was using unique way of memorising the seed phrase like with images of Queen Elizabeth, elephant and relevant example but it sounds too complex and bad idea to many including me as human mind is strong and can have storage but there are some limitations and we should not experiment with them in such risky way.So avoid this is really bad way of keeping it safe as it this could direct lead to fund loss.

You can try different methods other than paper definitely but it's time consuming and you need to have proper metal that can survive extensive condition of heat also so that in any case of calamity or fire it could survive the damage with seed backup safely printed on it.Members could take a look at these threads:

Securing Your Seed Phrase with Washers

n0nce's Steel Washer Backup jig (customisable)

There are many such ways in which you can protect your funds but see they all are offline ways because storing them in online storage like cloud,drives or even having them stored on your device as soft copy is prone to hacks and stealing of your funds so be safe not to use them and keep your funds safe because it's your responsibility.

After feedback from several users, I inform you that I updated the OP.
I removed some options, which would be more controversial, and can lead to security breaches in the youngest.

I appreciate the feedback.

The problem with this approach is that one poor back up can completely negate other goods ones. Going to the effort of stamping my seed phrase on washers, and then covering them up with some tamper evident seal, and locking them in a fireproof safe in my basement which is bolted to my foundations, all becomes pointless if I then also store my seed phrase in a text file on my daily use computer. When we have a back up method which is both one of the most secure and also by far the easiest - write it down on paper - then why suggest anything else to newbies?

I would move away from using the phrases "extension word" or "password" in relation to a BIP39 passphrase, because it encourages people to use exactly that - a single word. A passphrase should be strong and random enough to resist brute forcing, and so should be at a minimum several random words or a string of random characters. It also isn't encryption.

The best way around this is to use multi-sig. I can leave individual seed phrases with multiple friends or relatives knowing that they cannot access the coins within.

I disagree with this advice. Don't store your seed phrase in the cloud, period.

IMO the method of storing your seed should be decided by what sort of threats you are trying to mitigate. And it's also important to remember that you don't have to use just 1 method, you can have many backups with different methods.

If you worry about theft, you need to use encryption. This also affects the physical mnemonic seed - you need to use a bip39 extension word, which is basically a password. Don't bother with changing order of words or splitting your seed - it's not secure and more likely to backfire. Speaking of backfiring, using a password means you need to manage one more piece of secret information, and losing it will lock you out of your funds. There is no "I forgot my password" button in Bitcoin. If you are not sure about your ability to manage a password, than don't use encryption.

The other threat is loss of your backup. It can happen due to damage or misplacing it. The best way to deal with it is to have multiple backups in different places. But since most people don't have multiple private properties, this means some trust is required. I.e. storing an encrypted seed in your relatives house or a bank deposit box.

Digital threats are also something that must be considered. There's already a lot of malware that targets wallets, and incentive to develop and spread it will only grow. The best way to deal with it is to use airgapped devices for doing operations with wallets. It can be tempting to use cloud storage for your encrypted seed or wallet file, but the password needs to be very-very strong, it should be truly random and has 128 or more bits of entropy. Which means it would be unfeasible to memorize it, unless it's a specially designed mnemonic system.

Given that this thread is in the Beginners and Help forum, the whole topic could be condensed as follows:

Write it down on paper, make at least two copies, and store them safely and separately.

That's it.

Beginners should not be using electronic back ups, regardless if this is a text file, password manager, USB drive, or whatever. To safely create an electronic back up then you need to have a permanently airgapped computer running a clean open source OS, with no cross contamination to your online devices. Most beginners cannot do this safely or securely, and so should not be using these methods.

Splitting your seed phrase or obfuscating it with swapped words or order is always a bad idea. It very rarely increases your security in a meaningful way, and more often simply leads to problems recovering your coins in the future. If you want to have a 2-factor back up, then use passphrases or multisig.

Memorizing your seed phrase is a terrible idea and should be practiced by no one.

Other than writing on paper, the only other item on that list which is acceptable is a metal back up. However, this is by no means necessary since paper is a perfectly adequate back up, and metal back ups require far more time and effort than writing on paper. There is no need to get hung up on making a metal back up instead of just making paper back ups and converting to metal at a later time.

Try and read the posts of people that have replied to OP. Do not have a force sense of security because you think you split your seed phrase, if one halve of it is compromised, very possible the whole seed phrase can be generated (brute force). If you can not go for paper backup, you can get yourself a steel sheet. Password manager is not recommended at all.

Sorry to say, but you seem to have misunderstood (or understand only partly) what I meant. Probably also because I've been too brief.


The problem is not only the "inaccessible location". The problem is that the HDD will still have traces of that file (so there's a risk to get stolen).
The problem is that pen drives and even HDDs or SSDs can suddenly crash/become irrecoverable.
The problem is that when you plug in a pen drive, if you are online, you expose it.

All in all, the best way to handle the seed is to generate it offline (preferably in a live OS with no persistence or hardware wallet) and keep it always offline. So the proper solutions are not IT related: paper, steel, ...


Fooling them can mean bad intentions. I didn't say that. I said mislead, which can be unintentional.


You are missing important points. Yes, many have excellent brain now. But that doesn't mean the situation will be the same in 10 years. Even more, many are young, so this is normal. But time plays strange games with the brain and one may not remember things exact in some years. Then, accidents can happen (from car crash to falling off a cliff or brain stroke), damaging badly one's memory. So no, memorizing can be handy but it's very unsafe.


Using more than one method can indeed be good and convenient as long as one doesn't use methods that can help hackers (txt file).

I don't use it because of above reasons. Not all people manage to assign an air-gapped devices to store such things so we should not use it at beginning.

I use paper to store mnemonic seed too but I never store them on digital device.

Another recommendation is people should have plan, in case they accidentally pass away, someone they love should know where they store seed and know basic steps to recover wallet.

What about storing it in two different password managers and splitting them and only accessing each part of one in a separate computer in case one computer might have malware?

I tend to agree with those stated OP above except on these two options, store in your memory and password manager it seems not a good option IMO.

Storing in your brain is not good because I tried it before, years had passed for sure you will forget those seed phrases that you store in your mind, we aren't computers that we can able to save the file in our mind, it might a matter I days or week you will forget those phrases.

Store password on manager seems the risk too, it's a third-party app that you shouldn't trust.  I have seed phrases that wrote on the book, each word as I was spread on the different pages just like a birth month and birth day, that's maybe a good idea to confuse and not easy to track.

What is more likely to cause lost coins? Loss of private keys or hacks? I wonder is there any research on the topic?

I bet it is more likely for people to lose their keys due to forgetfulness than theft. Thus, I think any method that involves human memory is a bad option. Even if you write a private key down on paper, there is a high probability that you will forget where you kept it after some time.

certainly, the worst option is the brain as storage for remembering recovery phrases or even only passwords.
how complicated it becomes when you have several similar services, whereas for security you have different phrases or passwords. then some potential security breach happens so you have to change it all, delete old phrases from your brain and replace them with a new one... (don't ask me how I know)
I would remove this category if we want to single out only safe ways.

I do not say that the method of having a TXT file is better than having it on paper. Nor is it the ideal method. Just present ways on how to store the information.
Also, I make it clear that when you do this, you must save the respective file in an inaccessible location, perhaps offline. For example on a pen drive, in the same place where you can keep a paper with the key.




Far be it from me to try to fool newbies! Once again I make it clear that the memorizing method is not for everyone, although it is possible.

By the way, many who are in the cryptocurrency world have very good mental abilities, some are excellent mathematicians and high level programmers. What may seem difficult to decorate for some, can be very easy for others. It is up to each person to know their capabilities and act accordingly.


Either way, the indicated methods do not need to be used alone, the combination or use of several is possible and recommended.

All the methods above a feasible or workable, but some are very far from an ordinary man. Which means you have to have some skills before you can use a method. Example, to inscribe on a steel will need some mechanical skills of metals. Password manager need digital skills of encryption because it's an online service.

The most common and less technical means should be paper kept safe.
Otherwise I will recommend combination of two means; using ones means as major and the other as a backup plan.

If you consider text file a proper solution for backup then, sorry, you don't know what you're talking about.
At least the memorizing part you've got it somewhat correct, although I would not call it safe exactly because memory loss is a fact.



All in all, my advice is to read what people tell you here and update the OP accordingly. Right now you have a good chance to mislead newbies and that's not OK.

I'll add some points of my own:

Write on Paper
This option can only be used as a temporary solution until you choose another method for yourself. Paper is a very unreliable storage medium, prone to rotting, burning, dissolving and other forms of destruction. You can reduce the influence of these factors by placing the paper in a protective film or case, capsule. But as I said above, this temporary solution is completely unsuitable for long-term storage.

Steel Card
One of the good options for long-term storage with the disadvantages of paper eliminated. The variant described here is preferable to the steel card or plate due to its compactness and difficult access to mnemonic phrase due to the fact that you can't accidentally peep the text.

TXT file
The device on which the TXT file is stored should in no case be in contact with devices that have access to the Internet. Better yet, don't contact any devices at all. It is safer to store this file encrypted or at least in a password-protected archive. Also not the best option for long-term storage, as the device or storage medium on which this file is stored may fail. Can be used as an additional storage method, not the main one.

Password Manager
It can be called a kind of TXT file+password, but with one big weak point. It is not known who wrote the program for this manager and there are no guarantees that the information stored here will not fall into the wrong hands. Also, the two listed methods have the disadvantage that devices and electricity are needed to access the information, without which they will not work.

Safe
Roughly speaking, it is a capsule for storing the above methods. Having a safe will tell anyone that something valuable is stored in it and will be the first to attract attention, therefore, this is the worst place to store. By itself, a safe for a professional burglar does not represent any obstacle. The best solution would be to use an inconspicuous and unattractive metal capsule instead of a safe.

To memorize
Extremely unstable and sensitive (for example, to a 5$ wrench) to the effects to storage space It is risky to use not only in the long term, but also in the short term, because an accidental injury or forgetfulness can leave you forever without information. Absolutely not recommended for use for most people.

You do not have to go through a process that you will not be able to recover your seed phrase, or a process your seed phrase would later be compromised, back up on paper or steel is enough in different locations like two or three.

The most common wallet seed phrases are 12 and 24 seed words, but seed phrase can be 12, 15, 18, 21 or 24 words.

Exactly, but also important to protect your private key. The seed phrase is important to be protected because it can generate the private key.

Backup on paper or metallic sheet are the best way.

Do not think because you split a seed phrase without any encryption means your seed phrase is safe, having some words can possibly be used to brute force the other words.

This can lead to seed phrase loss in a way it may not be recovered.

Memory can fail, not recommendable.

If the file is on an offline pen, stored in the same place where the paper can be stored, it is minimally safe.

As I mentioned, these are just a few methods, which must be used in a thoughtful way and that, above all, can guarantee some security. Because in reality there is never any 100% safe way, just some more than others.

I agree with all your comments.

In the end, the best thing is to write in a piece of paper.  It is easy and safe to do. If you are worried about paper getting wet, you may have two copies in different places under different conditions.

All the other methods are not good imo.

Lets see one by one:

• TXT File - Bad because it can be hacked in normal conditions. Unless if you encrypt it and put somewhere safe. But, this is still more dangerous than a piece of paper, because you can be hacked before the encryption or you might do something wrong if you are a newbie.
• Password Manager - Can be hacked. Might have security flaws, etc. I wouldn't put my bitcoins inside one.
• Steel Card - Probably the best option above. But how will you write in a steel plate? If you are a blacksmith or something, it might be a good option. But not for me at the moment.
• Safe - The first place any thief will look for anything valuable. I prefer just to keep it like something worthless in a drawer.
• Memorize - I can't even remember my last meal.
• Splitting - Split the piece of paper

Using memory and brain to remember mnemonic seed is bad because even you have excellent brain and memory which do help you to remember mnemonic seed in normal condition. Unfortunately, you don't know that will your body be normal or get accident in future. If it turns to be abnormal by any accident which causes damage on your brain, destroy your memory partially, who will be able to help you for recovery?

txt file is bad too and in my opinion, password manager is good and easy to use. Steel plate is good but it is expensive to own.

WARNING: The information contained in this topic is indicative only, and each person should evaluate which option is best for him. We recommend reading the posts, with observations and advice from other users.

____________________
	What is a recovery phrase? A recovery phrase is basically a way of being able to read the private keys of a cryptocurrency wallet and is usually a 12, 18 or 24 word phrase. Each cryptocurrency wallet has its own private key - think of the private key as your online banking password, and each cryptocurrency wallet (account) has a different private key (password) that allows you to access the funds. In short, the recovery phrase is a backup of all your cryptocurrency assets. This means that if someone else manages to gain access to your recovery phrase, they will be able to access your cryptocurrencies. That's why it's extremely important to keep your recovery phrase safe. This topic will cover some techniques to protect your recovery phrase.
	Write on Paper This was one of the first ways to store the recovery phrase. The simplest basic, effective and economical. Of course, this forces the person to keep this paper in a safe place with limited access to third parties, so that no one with malicious intent has access to it. In fact, this aspect is valid for practically all protection techniques. The biggest downside is the probability of getting lost is high. Since it is enough for the paper to be damaged due to external elements (eg liquids), wear and tear or getting lost in a move, the recovery phrase is no longer available. A suggestion for those who use this technique is to have several copies and saved in different places, to minimize possible losses. On the other hand, we can conclude that this analog method, seems old-fashioned, to protect from the most digital assets that can exist. Now, it is still quite efficient. But there are other methods that are more "modern" or at least with a more hi-tech style.
	Password Manager There are many programs to manage and store passwords. Using one of these programs to save the recovery phrase can be a good way, especially if you are already used to using these programs. There are several solutions on the market, such as Keeper or Lastpass. You can learn more about this type of software and the various options on the market in this article from PCMag. As a rule, these programs store the passwords, and in this case the recovery phrase, in an encrypted database locally on your device, and some also allow access to this information remotely. Despite being a good way to store this information, and being a less analog way, we have to keep in mind that the recovery phrase is stored on the device. Therefore, it is necessary for us to ensure that it is not accessed by third parties or that it is not infected with any virus or other malicious software. To keep your device safe, you can use antivirus programs and the like, and above all, use it responsibly when browsing the web and the files you download.
	Steel Card An interesting, original and modern method can be to use a steel card or similar, where you can write the recovery sentence. It ends up being similar to writing on paper, but it has the advantage that it is an accident resistant support. There are several companies that provide this type of card, such as Blockplate, Trezor[/url ] or [url=https://shop.ledger.com/]Ledger, as well as most companies that make cold wallets. The precautions to be taken are the same as for other methods, keep it in a safe place with limited access to third parties. This method can be ideal to keep in an emergency kit, allowing you to be protected and take it anywhere, without the danger of being easily damaged.
	Safe Box The best way to save recovery phrase is offline, hack free. So if you use some of the methods already mentioned, you can always keep it in a safe, at home or in a bank. It is generally a difficult place for thieves to access. But at the same time, it can make it possible for trusted people to access, in case we have an accident. It may not be the simplest or most practical way, but it brings a lot of security. On the other hand, it can also attract more attention, as the existence of a safe conveys the idea that something of value is inside - even if it is not. Keeping it in a bank vault can be a good idea, but it ends up being subject to third-party protection, which is generally quite safe, but can be inaccessible in extreme situations.
	Splitting Splitting the phrase across multiple files, trusted people or otherwise, can be an interesting way to protect the recovery phrase. Since only you know the sequence, it becomes very difficult to find it or take a long time for it to happen. Also, if the people who have part of the recovery phrase don't know or know who has the other parts, it becomes even more difficult to be able to gather that information effectively. Although it is a safe way to store this information, it has the disadvantage that when you need to use it, you have to go through several steps to put the sentence back together, and sometimes this can take time. But it is still an effective way to make it difficult for third parties to access the recovery phrase.
	To confuse This may be a complementary technique to the previous techniques. Basically it's confusing the security phrase, in order to make it difficult to build the phrase, which words and which sequence. This may involve: changing the order of words; change some letters of words; use synonymous words; use words with the same meaning but from other languages; include these words in a long text; among other options. In this method, you can use all your imagination. You just can't forget how you have to decipher those changes you made to the original recovery phrase. Therefore, when using this method, you should try to have a record of how to decipher the sentence, to safeguard any memory lapse. We have to keep in mind that the use of the passphrase is very sporadic, and we often only have to think about what it looks like long after we have created it.
	Prepared for Unforeseen Something everyone has to remember is that unforeseen events can happen at any time. So if something happens to you, the recovery phrase may disappear with you, unless someone knows how to recover the money accumulated in your wallet. In this sense, it will be good to create a plan B. Share with someone you trust, family or friend, the way to regain access to your wallet, in case something happens to you. It can be good to share with at least two people, who are not normally with you at the same time, reducing the likelihood that all three are involved in the same accident. Another option is to include instructions in a will or inside a safe. This may seem risky, someone knowing how to access our wallet, especially since something could happen in our relationship with that person. But remember that you always have the possibility to exchange your wallet money, with another recovery phrase, in case of any disagreement. The most important thing is to choose people you really trust. In the last case, if you don't want to create this plan B, you can be another "donor" to the network, with a wallet that could be worth thousands in 100 years, without anyone being able to touch it.

I hope this article is useful for everyone, and that it has reminded you of some useful aspects for those who already use some of these methods.
Not all of the suggestions presented may be ideas, they are just some ideas of what you can do, and they can even combine with each other.
If you use or know other techniques, share, in order to enrich this topic.

---

References/Credits:

• Icons by Freepik in www.flaticon.com
• Crypto.com