June 26, 2022
Best Practices for Storing a Wallet’s Mnemonic (Recovery Seed)
One of the benefits of blockchain technology is that, as individuals, we can regain autonomy over many different elements of our lives, including our money, our identity, and our data.
With great power comes great responsibility and when we regain control over these elements of our lives we also acquire the responsibility of keeping them secure. We use wallets to interact with the blockchain and to store our blockchain based assets (this is only if you use a non-custodial wallet, and this is where the phrase “not your keys not your coins” comes from).
Cardano wallets, and all crypto wallets, use a pair of cryptographic keys, called public and private, to secure the assets they hold. The public key is used for the wallet’s address and is what all your assets are associated with. The private key is secret and used to sign and approve transactions. Without the private key you can’t sign a transaction. The owner of the private key owns the funds in the wallet.
What is a Mnemonic or Recovery Seed?
The above-mentioned key pairs are generated from a mnemonic, a string of human readable words, coming in three sizes: 12, 15, and 24 words. This list of words is regularly called called a wallet’s recovery seed or seed phrase. This is a simple representation of your wallet’s key pairing and can, therefore, be said to be your wallet, as knowing a wallet’s recovery seed gives you unfettered access to the wallet, and the funds therein. When creating any non-custodial crypto wallet you will be shown this list of words and be asked to record them.
Most wallet key pairs, including those for Cardano wallets, are created by using what is known as the BIP39 standard. You can find out more about that here.
Keep Your Mnemonic Safe
These words are VERY IMPORTANT. This seemingly subtle and simple list of words can be used to recover your wallet should you need to; say you lose the device on which the wallet is stored or you forget your spending password. Simply enter them into any wallet interface to retrieve your wallet and gain access to your funds again.
Anyone in possession of a wallet’s recovery seed has unrestricted access to all the funds in that wallet (your spending password is only associated with your wallet’s implementation in the wallet interface you’re using).
It is imperative that you store your wallet’s mnemonic securely.
Best Practices for Storing a Recovery Seed
Seeing as your recovery seed is just a list of words there are multiple ways it can be stored. However not all methods are as secure as each other and, as this list of words can give anyone access to the contents of your wallet, it should be stored in a safe place.
Here are the ways you can store your Cardano wallet’s recovery seed, ranked from worst to best.
In plain text on your computer.
Why: If someone gains access to your computer, either virtually or physically, they can simply view, and even copy and paste, your seed phrase.
In a password manager on your computer.
Why: Password managers may be secure (not all are created equal though) but they are only protected by a single password. If someone learns this password, either through you telling them or by installing a keylogger on your computer then they can access your recovery seed in under a minute.
Why: Paper copies are the most widely recommended method for storing a mnemonic phrase. They are a physical medium, which means that they are not online, and can easily, simply, and discretely be stored and transported almost anywhere.
Solid physical backup.
Why: Solid backups come in a wide variety of shapes and sizes giving you a wide variety to choose from. These backups are typically made of metal and can survive almost all conditions. Many are stainless, shockproof, fireproof, and acid-resistant and you even get ones that say they’re bulletproof. They are small and due to their superior toughness they are much, much better than paper.
The Importance of Backups
If you have just one copy of your mnemonic and you lose that then you have the potential to permanently lose access to your funds at any point. It is therefore important to create multiple copies of your recovery seed and to store them in different locations.
The 3-2-1 backup rule is a best practice for storing data and can be applied to storing your wallet’s recovery seed. The 3-2-1 rule is:
- 3 - Have one primary backup and 2 copies of it.
- 2 - Store the two copies in different locations from the primary version.
- 1 - Keep one backup in a physically separate location e.g. someone else’s house.
Where to Store your Wallet’s Seed Phrase
Where you store your copies of your mnemonic phrase is not something you should take lightly. Carefully choose where you store them, both locally and in your physically separate location. Some people use safes, others prefer to hide them, some people have buried them.
Wherever you store your wallet’s recovery phrase the copies should be well hidden so that no one can “accidentally” find them.
When choosing a second physical location for your wallet’s recovery seed choose it carefully. Make sure it is a secure location and, if it will be in the possession of another person, they need to be someone who you trust unequivocally. These copies also need to be well hidden so that no one can “accidentally” find them.
It is worth noting that someone else should know the location of your recovery seed should you happen to suddenly die or become incapacitated. It should go without saying that this should be someone that you trust immensely.
A Final Word
In summary, the best way to store your recovery seed is in multiple physical mediums (never digitally) and in at least two separate locations. Ideally the physical mediums are resistant to intense conditions e.g. water, fire, and other adverse conditions. These copies of your recovery seed should be well hidden so no one can “accidentally” find them and only you, and potentially one other trusted person, should know where they are.
If you lose all copies of your mnemonic or think that it has been compromised, e.g. you think someone found or stole a copy, it is best to move your funds out of your wallet to a brand new wallet, with a different recovery seed, immediately. Then review your storage practices so that it does not get compromised again.