I thought I was suppose to hodl the crypto myself in my own wallet!?
It’s true, you are! But with great power comes great responsibility. Even though you understand the difference between different types of wallets important to understand how wallets work. From there, we can run some tests with small amounts to ensure you’re comfortable with the process, and finally put together a strong long term plan for safely storing your crypto - the right way.
What's A Private Key?
The entire purpose of your wallet is to create, protect and use your private key. But what is a private key!?
The simplest way to understand private keys is that a private key is an epic password. A private key is a 256 bit number which results in roughly 100 uppercase/lowercase characters and numbers. A Seed Phrase, sometimes referred to as a Mnemonic Phrase or Recovery Phrase, is the human readable way of generating private keys introduced by BIP39.
- No two words share the same 4 letters
- Words can be re-used multiple times in a seed phrase
- Technically you can not simply choose words from the list yourself because the last word is a checksum of the first 11 or 23
Different Security For Different Wallets
Your strategy for protecting your seed phrase depends on how you plan to use the wallet:
- Hot Wallet - A wallet connected to the internet. For example, mobile wallet apps on your phone are all hot wallets. Hot wallets are less secure and should only be used for small amounts of money. Think of it like a checking account or like the wallet you carry with you to the grocery store. For Hot wallets, you can store your seed phrase in a good password manager like 1Password or LastPass.
- Hardware Wallet - For a crypto savings account, you want a wallet that has never been connected to the internet. For example, a hardware wallet is a cold storage device that's a bit less convenient, but much safer than a hot wallet. Typically when talking about Hardware Wallets we're referring to a Ledger or a Trezor.
Hardware Wallet Setup
While setting up your Hardware Wallet, it will ask you to write down your seed phrase on paper and enter it back into the device to confirm you wrote it correctly.
Your wallet will also ask you to create a pin. Typically the pin is only numbers and shouldn't be too difficult to enter as you'll need to enter it every time you use your hardware wallet.
Your hardware wallet will shuffle the numbers around on the screen each time it asks you to punch in your pin as an extra level of security.
This guide walks step by step through setting up your Ledger device using passphrases:
A passphrase is a 13th or 25th word you can use to create an infinite number of wallets. You can use any word or combination of words you want as a passphrase. Even an empty passphrases counts as a phassphrase, thats how your original key is created in the first place, with an empty 13th or 25th word.
The empty, default private key is where you’ll keep a small amount of crypto for “plausible deniability”. If worst case scenario happens, and you’re kidnapped, held at gunpoint and forced to cough up your hardware wallet and pin, you can give them the pin to your empty key which contains a small amount of crypto.
The majority of your savings you’ll keep secured behind a passphrase. You may eventually even have multiple passphrases. For example, one for your DeFi/Yield Farming wallet, one for NFTs or one for your business. You can create as many as you want, just be sure to remember them and include them in your backup/recovery strategy.
You may need to enter your Passphrase every time you use your Hardware Wallet. So keep it simple but not something which can easily be guessed. Ledger has a handy feature which allows you to bind a pin to your passphrase making this much easier.
Again, use this guide when setting up your wallet to ensure you do it correctly.
Recovering Your Private Key
Your seed phrase + your passphrases are what protect your crypto, not your hardware wallet. Your Hardware Wallet is just hodling onto your private key for you and allowing you to sign transactions on behalf of your key. If your hardware wallet breaks or you lose it (please don’t lose it) all you need to do is get a new Hardware Wallet and recover your wallet using your seed phrase + passphrase. But:
- If someone gets a hold of your Hardware Wallet AND your pin AND your passphrase, they can steal your crypto.
- If someone gets a hold of your seed phrase AND your passphrase, they can steal your crypto.
- If you lose your hardware wallet AND your seed phrase OR your passphrase, your crypto is lost forever.
- If you lose your pin to your hardware wallet AND you lose your seed phrase OR your passphrase, your crypto is lost forever.
- If something happens to you, and no one else knows your seed phrase AND your passphrase, your crypto is lost forever.
Remember when I said, “with great power comes great responsibility”? This is what I meant. I know this sounds scary, but once you’ve done this a few times it will all come as second nature. And don’t worry, we’re going to practice! And we’ll put together an epic plan for protecting, backing up an recovering your seed phrase and passphrase(s). For this plan, we need two things. Chunks of metal and someone you trust.
Chunks Of Metal
The first step is to replace that piece of paper with something more durable, like a chunk of metal! Our favorite product for stamping your seed phrase in metal is a Cryptosteel, but there are tons of cold storage protection tools out there. Jamison Lopp got his hands on all of them and tested/ranked them incase you like to geek out on these things.
I recommend you get at least two chunks of metal. It can get expensive, but you’ll see why it’s important. You can also go the DIY route on the cheap. Here’s what you do with them:
- Metal #1 – Your seed phrase
- Metal #2 – Your passphrase(s)
Incase something happens to you, we need to involve someone else in our recovery strategy. Here’s a few things to consider when pulling other people into the fold.
- You don’t want to burden anyone with protecting your life savings. They’ll only have your seed phrase OR your passphrase. Not both.
- Tell them, if they lose it, or something happens to it. No big deal. Just make sure they tell you! So you can create new keys.
- Tell them you’ll only ever ask them about it in person and to never share it with anyone or talk about it over the phone, even with you.
- You may want this person to not be crypto savvy. This way they wouldn’t even know how to steal your crypto if they tried. If this is the case, you should give them the contact info of a crypto savvy friend they can contact in case something happens to you.
- I hate the idea of using a bank, but if you need to, you can use a safety deposit box and give someone the key.
- The person should not be a member of your household.
- If the person lives in a different state, even better.
Now that you’ve got two chunks of metal and a trusted third party to help you here’s the ultimate crypto backup and recovery strategy:
- Memorize your passphrase(s)
- Hide the chunk of metal which hodls your seed phrase
- Give your trusted person the chunk of metal with your passphrases and tell them where you hid your seed phrase
- 🔥 burn the paper copy of your seed phrase
This is a pretty powerful combination:
- Your hardware wallet hodls your private key and you remember your passphrases so you can use it whenever you need
- If something happens to your hardware wallet, you can easily recover it since you know where your seed phrase is hidden
- If someone magically finds your seed phrase they won’t also find your passphrases
- You’ve got your “fake” pin you can give out if you’re kidnapped
- Your trusted third party can lose the passphrases you gave them because you know them too
- Your (hopefully) trusted party can’t do anything with the passphrases they have without also stealing your seed phrase
This is a great starting point for your strategy, but more importantly is that you now know all the tools at your disposal for protecting and recovering your private key. Feel free to mix, match and get more parties or chunks of metal involved if you feel it’s necessary but make sure to keep things simple! The last thing you want is for this plan to fail in its time of need.
Written by: @gerbz Gerbz is the founder of BitLift and has been journeying down the crypto rabbit hole since 2013.