Today we’re talking about safely and securely taking custody of your crypto – and establishing such strong redundancies that you could take a blowtorch to your seed phrase.
What’s A Private Key?
The simplest way to understand private keys is that a private key is an epic password. A private key is a 256 bit number which results in roughly 100 uppercase/lowercase characters and numbers. A Seed Phrase, sometimes referred to as a Mnemonic Phrase or Recovery Phrase, is the human readable way of generating private keys introduced by BIP39.
BIP39 Introduced a list of 2048 words which can be used for private key generation. Most wallets will randomly select 12 or 24 words from this list to generate your private key.
- No two words share the same 4 letters
- Words can be re-used multiple times in a seed phrase
- Technically you can not simply choose words from the list yourself because the last word is a checksum of the first 11 or 23
Different Security For Different Wallets
Your strategy for protecting your seed phrase depends on how you plan to use the wallet:
- Hot Wallet – A wallet connected to the internet. For example, mobile wallet apps on your phone are all hot wallets. Hot wallets are less secure and should only be used for small amounts of money. Think of it like the wallet you carry with you to the grocery store. For Hot wallets, you can store your seed phrase in a good password manager like 1Password or LastPass.
- Hardware Wallet – For a crypto savings account, you want a wallet that has never been connected to the internet. For example, a hardware wallet is a cold storage device that’s a bit less convenient, but much safer than a hot wallet. Typically when talking about Hardware Wallets we’re referring to a Ledger or a Trezor.
Hardware Wallet Setup
While setting up your Hardware Wallet, it will ask you to write down your seed phrase on paper and enter it back into the device to confirm you wrote it correctly.
- The sequence of the words matters! Write the number before each word to ensure it’s clear.
- Never enter the words into a computer! The whole point is that these words never touch a device connected to the internet.
Your wallet will also ask you to create a pin. Typically the pin is only numbers and shouldn’t be too difficult to enter as you’ll need to enter it every time you use your hardware wallet.
Your hardware wallet will shuffle the numbers around on the screen each time it asks you to punch in your pin as an extra level of security.
Be sure to enable Passphrase functionality while setting up your Hardware Wallet as it’s not always turned on be default.
Passphrases
A passphrase is a 13th or 25th word you can use to create an infinite number of wallets. You can use any word or combination of words you want as a passphrase.
To start, you’ll want two passphrases. One for your savings account where you’ll keep the bulk of your crypto and one for “plausible deniability”. If worst case scenario happens, and you’re kidnapped, held at gunpoint and forced to cough up your passphrase, you can give them this secondary passphrase where you keep a small amount of crypto.
Later you may want even more passphrases. For example, one for your DeFi/Yield Farming wallet, one for NFTs or one for your business. You can create as many as you want, just be sure to remember them and include them in your recovery strategy.
You’ll need to enter your Passphrase every time you use your Hardware Wallet. So keep it simple but not something which can easily be guessed. Ledger has a handy feature which allows you to bind a pin to your passphrase making this much easier.
Recovering Your Private Key
Your seed phrase + your passphrases are what protect your crypto, not your hardware wallet. Your Hardware Wallet is just hodling onto your private key for you and allowing you to sign transactions on behalf of your key. If your hardware wallet breaks or you lose it (please don’t lose it) all you need to do is get a new Hardware Wallet and recover your wallet using your seed phrase + passphrase. But:
- If someone gets a hold of your Hardware Wallet and your pin and your passphrase, they can steal your crypto.
- If someone gets a hold of your seed phrase and your passphrase, they can steal your crypto.
- If you lose your hardware wallet and your seed phrase or your passphrase, your crypto is lost forever.
- If you lose your pin to your hardware wallet and you lose your seed phrase or your passphrase, your crypto is lost forever.
- If something happens to you, and no one else knows your seed phrase and your passphrase, your crypto is lost forever.
This is scary, which is why we need an epic plan for protecting these things. For this plan, we need two things. Chunks of metal and someone you trust.
Chunks Of Metal
The first step is to replace that piece of paper with something more durable, like a chunk of metal! Our favorite product for stamping your seedphrase in metal is a Cryptosteel, but there are tons of cold storage protection tools out there. Jamison Lopp got his hands on all of them and tested/ranked them incase you like to geek out on these things.
I recommend you get at least two chunks of metal. It can get expensive, but you’ll see why it’s important. You can also go the DIY route on the cheap. Here’s what you do with them:
- Metal #1 – Your seed phrase
- Metal #2 – Your passphrase(s)
Trusted Parties
Incase something happens to you, we need to involve someone else in our recovery strategy. Here’s a few things to consider when pulling other people into the fold.
- You don’t want to burden anyone with protecting your life savings. They’ll only have your seed phrase OR your passphrase. Not both.
- Tell them, if they lose it, or something happens to it. No big deal. Just make sure they tell you! So you can create new keys.
- Tell them you’ll only ever ask them about it in person and to never share it with anyone or talk about it over the phone, even with you.
- You may want this person to not be crypto savvy. This way they wouldn’t even know how to steal your crypto if they tried. If this is the case, you should give them the contact info of a crypto savvy friend they can contact in case something happens to you.
- I hate the idea of using a bank, but if you need to, you can use a safety deposit box and give someone the key.
- The person should not be a member of your household.
- If the person lives in a different state, even better.
The Strategy
Now that you’ve got two chunks of metal and a trusted third party to help you here’s the ultimate crypto backup and recovery strategy:
- Memorize your passphrase(s)
- Hide the chunk of metal which hodls your seed phrase
- Give your trusted person the chunk of metal with your passphrases and tell them where you hid your seed phrase
- 🔥 burn the paper copy of your seedphrase
This is a pretty powerful combination:
- Your hardware wallet hodls your private key and you remember your passphrases so you can use it whenever you need
- If something happens to your hardware wallet, you can easily recover it since you know where your seed phrase is hidden
- If someone magically finds your seedphrase they won’t also find your passphrases
- You’ve got your “fake” passphrase you can give out if you’re kidnapped
- Your trusted third party can lose the passphrases you gave them because you know them too
- Your (hopefully) trusted party can’t do anything with the passphrases they have without also stealing your seedphrase
This is a great starting point for your strategy, but more importantly is that you now know all the tools at your disposal for protecting and recovering your private key. Feel free to mix, match and get more parties or chunks of metal involved if you feel it’s necessary but make sure to keep things simple! The last thing you want is for this plan to fail in its time of need.
