8 Rules to protect your seed phrase best!

What is a seed phrase?

The seed phrase or recovery phrase or memnonic phrase is a set of memorable words - created by a blockchain wallet - that together are the source for creating and accessing multiple blockchain accounts. Such an account, also called EOA (Externally Owned Account) is a pair of a public key and a private key.

The public key is something you will usually never see but from the public key the public address is derived. This public address is like your e-mail address in web2; you are sharing it to receive crypto or NFTs or to transfer such items out, i.e. when selling.

The private key is the matching password for your ~~public key~~ public address in order to authorize outgoing transactions. The private keys are derived from the seed phrase via a special cryptographic method.

A private key provides full and permanent access to an account while the seed phrase provides full and permanent access to ALL accounts created within a wallet. Unlike a password, the seed phrase or private key can not be modified or changed. If a third person or party gets access to your private key(s) or your seed phrase, this access is permanent and your funds are on danger.

Having this said, protecting your seed phrase at all cost, is the number one goal when using a self-custodial wallet. Self custody means that you are owning the keys to your funds which comes at a high responsibility protecting them.

Alright, so let’s dive into basic and advanced ways of protecting your seed phrase

I. RULE: Keep it in a hardware wallet!

The best way for securing your seed phrase from malware and being hacked is using a hardware wallet like Ledger or Trezor are providing it. Using such hardware wallets allow you to sign transactions with an additional physical interaction - like a Two-factor-authentication - while NEVER giving away your seed phrase or your public keys. They never leave the device thus can’t be stolen.

In addition to that a hardware wallet usually has a stronger seed phrase than a software wallet. A Metamask software wallet uses 12 word seed phrases while a Ledger hardware wallet for example uses 24 word seed phrases. You can even set a 25th word but this is a topic in itself that will be covered in another article.

II. RULE: Keep it offline!

The #1 rule in keeping your seed phrase safe is by NEVER ever storing it on any electronic device that is connected to the internet. This includes:

Text documents
Screenshots / images
Googel Drive/ Dropbox / iCloud etc.
E-Mail, messengers or other chat tools
Password managers

III. RULE: Keep it secret!

I’m repeating myself here but let me make this clear again:

Don’t EVER share your seed phrase with anyone!
Don’t EVER show your seed phrase to anyone!
Don’t EVER say your seed phrase to anyone!
Don’t EVER think your seed phrase to anyone (Neuralink?)!
Don’t EVER trust anyone!

Buying a hardware wallet, you will usually find a piece of paper in the packaging that allows you to write down the single words of your seed phrase with pen and paper. Below is the seed phrase of my ledger vault (Don’t tell anyone, I trust you!)

IV. RULE: Keep it indestructable!

Keeping your seed phrase offline (see I.) and keeping it secret (see II.) prevents you from the most likely ways of loosing access to your wallet. BUT it doesn’t cover the more unlikely events that in sum are not so unlikely at all:

The recovery sheet could be eaten by your dog
The recovery sheet could be eaten by your toddler
The recovery phrase could get wet and dissolve the ink
The recovery phrase could burn
The rcovery phrase could be ripped apart by a jealous partner
The recovery phrase could be taken by the wind
… continue writing down more crazy ways of what can happen to paper

To make sure that all of this can’t happen to your seed phrase recovery sheet, there are plenty options to choose from:

Fire- and waterproof document bag

A cheap and easy way to achieve this is by putting your seed phrase into a document bag that protects it from fire, water and acids.

Cryptosteel Capsule

Ledger itself offers a metal capsule to store each of the first four letters of your seed phrase words on small metal plates and put separators inbetween before covering it with an outside shell. Very expensive if you want to follow RULE V below. I also recommend to not let the letter plates slide of the pipe which could mess up the order of your words.

Recovery cards

In any case, the best way to go is with metal! You can choose from various metals here, ranging from copper via steel to titan. The harder the metal, the more long lasting but the harder to engrave it is.

I personally recommend basic and cheap metal cards with an engraving set to scratch the secret words of your seed phrase onto that plate. There is also a nice way of ‘burning’ the secret words into metal using a method called ‘chemical engraving’ but that’s worth another article.

In any case, let NEVER someone else engrave the secret words of your seed phrase. If there is a service or a friend offering this, it’s a scam.

V. RULE: Keep it back-uped!

Loosing your seed phrase means loosing your ability to recover your wallet if you loose access from it. FOREVER. No one can help you recover it. It’s the blockchain, it’s all decentral and there is literally no one you can call to help you regaining access. If someone pretends to be able to recover your access, it’s a scam.

For this reason, ideally you set up another ledger per wallet with the same seed phrase by using the recovery mode in Ledger Live upon set-up. This way you have two Ledger devices with access to the same wallet. If you loose one device or it breaks, you have the one operable straight away. Put one in reach and one in a very secure place.

VI. RULE: Split your seed phrase

The best way to keep your seed phrase secure is not writing it on a single recovery card but splitting it into three parts, each 2/3 long. The split is done in a way that you only need two recovery cards to have the full seed phrase. One recovery card is not enough to recover your wallet and the third one is a back-up in case you are loosing one of the three. For an eight word seed phrase the split looks as follows:

Recovery card #1: Word 1 - 8
Recovery card #2: Word 9-12 + 1 - 4
Recovery card #3: Word 5 - 12

For a 24 word seed phrase the split would look as follows:

Recovery card #1: Word 1 - 16
Recovery card #2: Word 17-24 + 1 - 8
Recovery card #3: Word 9 - 24

As we’ve learned with RULE IV, keep each recovery card indestructable, ideally on metal. Applying this logic, my super secret Ledger seed phrase looks like this now:

You can have multiple copies of each one. If an unauthorized person gets one of those into his/her hands, he can’t do much with it. Bruteforcing the missing words is economically not possible with today’s technology. This also means, that you could securely deposit one of these thirds at a place you trust, like your parents or a bank locker, without the fear that one of them could drain your wallet.

VI. RULE Keep it hidden!

Finding good places to store your seed phrase is key for a decent wallet safety strategy. ‘Good’ means a place that is hard to find for others while the same time easy to reach for yourself. I won’t provide examples for good places for a reason but make sure the following applies:

You should not use a place that others can likely find (i.e. the toilet tank)
You should not use a place that can be moved (i.e. a cut out bible, teddy bear)
You should not use a place that you forget about (i.e. bury in the garden)
You should not use a place that is visible for others when you get it (i.e. ceiling)

Use the 2/3 method to split your seed phrase and find good places for all your fragments. Don’t keep them together in one location.

VII. RULE Keep it encrypted!

In order to add another layer of security, I recommend encrypting your seed phrase before you write down the (encrypted) words on your recovery cards. You can use a simple Ceasar cipher and remember the ‘shift’ yourself or you are going to use something more advanced and store the logic in your password manager and other places to have backups of the decryption information.

In my example I’m using the simple Ceasar code, which means that each letter is replaced by another letter of the alphabet. I’m going with a shift of 8. So the letter ‘A’ is replaced by the eighth letter of the alphabet, which is ‘H’. You can use this tool as help to write down your encrypted alphabet.

DON’T enter your seed phrase in such a tool as it’s an internet connected device (II. RULE!) as your computer could be compromised with a keyboard logger or the link I provided you allows the owner to see your input and use the seed phrase to drain your wallet.

https://cryptii.com/pipes/caesar-cipher

Having this done, my seed phrase looks like this now:

Applying the 2/3 method with encrypted seed phrase

Isn’t this easy to crack? Yes, you are right BUT the idea here is not to making it hard to crack but to not let anyone catch the real words if they get a glimpse of it, because you had your one copy laying on your desk or when you are storing one at your parents house.

As mentioned above, you can go crazy here and use a more sophisticated encryption method but don’t loose the decryption information!

Last words

I highly suggest to invest some money and energy in a) buying hardware wallets and b) securing your seed phrases accordingly. This in combination with a smart wallet strategy - the way of how you use your accounts - is the best way to stay safe and not loose your crypto funds, being active in web3.