When you make a seed phrase (typically with a hardware wallet, and usually 12 or 24 words), you absolutely must write down the seed-phrase words to begin with. This is in case you lose your device, you can regenerate your wallet in a replacement hardware wallet (it can be the same or a different brand).
But before you rush into loading the wallet with your bitcoin, you should first wipe the device, and start fresh. Reload the wallet with the seed you wrote down, to be sure you have the power to regenerate the wallet (confirm this by checking the same addresses are created when you repeat).
Ideally, you should do this with a different brand hardware wallet (HWW), but this can be expensive. If you have a lot of bitcoin to secure, it is worth it. Not only do you test the seed recovery is generalisable to other devices (so you are not reliant on the company producing that HWW), but you are also testing that the extended public key AND addresses provided by the HWW, for that seed, are genuine (The production of the extended public key and addresses are mathematically derived from the seed words).
Why is that a consideration?
Imaging your device is nefarious. Imagine it gives you a seed that may be compromised – you check it, and it appears that it is fine. But what if the addresses it gives you are compromised (as in, belonging to the attacker)? You can check that with a new (and different brand) HWW, and compare that the addresses resulting from the seed are genuinely created (this assumes that different brand hardware wallets are not colluding to trick you).
I don’t wish to scare you – there is a super high chance it will be fine, but if you have a lot of bitcoin, this risk can be virtually eliminated simply by restoring your seed into a second (different brand) device (even if you already have bitcoin in it) – yes you can have the seed in multiple devices, and no, you don’t get more bitcoin doing this!
After you’ve wiped the device and restored the seed, and compared you generated the same wallet (by looking at and comparing the addresses), +/- restoring on a second device, you’re still not ready to load up the wallet. You must consider storing the words you wrote down. They are an important backup. They are essentially your bitcoin. If you hide it somewhere pathetic (desk draw! don’t laugh, people do this), and it gets found, you lose your bitcoin to the attacker.
If you hide it somewhere together with the HWW (eg within the same house), and say there’s a fire, and both are destroyed, you lose all your bitcoin. Solution? Keep your written seed words separate from the HWW, AND, have an additional copy of the words. Don’t have too many duplicates, as that increases the risk that one of them might get found. About that…
What can you do to prevent your bitcoin from being lost to someone who discovers one of your backup seeds?
Easy answer – a passphrase stored separately from the seed words.
Hard answer – a multisignature wallet.
A passphrase is an extra word that you can add to your seed. The seed words are limited to a protocol-agreed set of 2048 words (the BIP 39 protocol word list, see GitHub). But the passphrase can be ANYTHING, and quite long (I don’t believe there is a realistic limit, but some hardware wallets, eg Trezor, will only process a string up to 50 characters long).
The wallet you get (wallet = unique collection of addresses) is a product not only of your seed words but the passphrase too. So an attacker can find the seed, but without the passphrase, they’ll make the wrong wallet. Keep the passphrase in multiple separated locations (and not stored with the seed). Because you know where your seeds are kept (and so should your heirs), YOU can regenerate the wallet, but the attacker won’t (unless they torture you for the passphrase information – one reason you don’t divulge how many bitcoin you have!)
Have a decoy wallet. The wallet you create can be a 12-word seed plus a strong passphrase (something personal to you that you won’t forget), and you can have a decoy wallet to give your attacker (can save your life) which is the SAME seed, but no passphrase. Make sure you keep some bitcoin in it to give away in a torture/blackmail/extortion situation.
If you divulge your bitcoin stack, you can’t deny the existence of your real wallet. Big mistake. You shouldn’t even tell the people that you trust anything about your bitcoin stack. Because they can make mistakes, they can slip up, and the more trusted people you tell, the more chance of accidental exposure, and the harder it is for you to keep track of who knows what.
Then, if you are in a physical duress situation, will you know at that time, with a gun to your head, if the information has leaked? Will you take the chance and lie to the attacker?
DON’T REVEAL YOUR STACK SIZE.
Now that you have done the restoring AND put your written seed words in multiple separated locations, and backed up the passphrase, you can begin to load the wallet with bitcoin.
Some things to consider in addition…
1. You don’t need to back your seed up to metal, even though it’s a cool thing to do and I don’t discourage it – it will cost you more. Given that the seed is duplicated, making it fireproof is overkill.
2. Run a node, for Satoshi’s sake. There are good reasons for this.
3. Consider multisignature wallets – only once you are quite skilled, it’s not for the beginner, and making mistakes can cause total loss. But that doesn’t mean you shouldn’t learn or practice with small amounts.
4. Consider making your own seed on an air-gapped computer (you can build a desktop with parts using no WiFi components or Bluetooth, or you can build one with a Raspberry Pi Zero v1.3 – it’s way cheaper but out of stock worldwide currently). This eliminates the trust in the HWW to create your key. When using the air-gapped computer, you must also check the seed (using 2 or more software wallets), the xPubs, and that the resulting addresses all match.
You can then put the seed into a HWW. I have guides for various popular brands.
The HWW is then acting as a digital safe holding your seed (locked with a PIN). It prevents the seed from leaking into the computer.
Passphrases with hardware wallets:
Always think of a Bitcoin wallet as a unique collection of addresses produced by a seed phrase and a passphrase. When there is no passphrase, consider the wallet made with a “seed plus empty passphrase”.
Most HWWs keep the seed phrase in “permanent” memory and the passphrase in “temporary” memory – this means that the seed doesn’t disappear when you turn it off.
When the device is turned on, it uses the seed phrase to calculate the addresses – the addresses (and public/private keys) are derived from the seed. The passphrase however is not saved to the device (except Ledger).
When you turn the HWW on, the seed phrase without the passphrase is used to calculate the wallet. You can then apply a passphrase (some HWWs require you to “enable” passphrase functionality in the settings menu on their desktop software).
When a new wallet is calculated, the device forgets the original wallet with no passphrase. You can then transact with the new wallet. When you turn off the device, the wallet is dropped from memory. The next time you turn it on, you’ll get the “seed + empty passphrase” wallet. You’ll have to apply your password again to access the other wallet. You can apply as many different passphrases as you want. In this way, with a single seed, you can have virtually limitless wallets.
You just can’t access all the different wallets you create (from variations of the passphrase) simultaneously, as the device holds one wallet in the temporary memory at a time. For example, you might have a watching Electrum wallet made with the hardware wallet without a passphrase. If you then apply a passphrase to your hardware wallet, when you connect it to the computer and try to access the original watching wallet, it won’t recognise the device as its own. You’ll have to switch off the device and reconnect, this time without applying the passphrase.
Hopefully, this has helped you get a better understanding of the basics of securing your Bitcoin seed. Next, you might like to make a dummy wallet and practice making transactions. When you’re comfortable, you can load up the wallet with your stack.
You could also learn more about extended vs regular public/private keys, or how to use your seed and passphrase with a hardware wallet.
Static Lightning Address: firstname.lastname@example.org
On-chain or Lightning