Cryptocurrency allows you to put control of your money into your own hands without having to rely on any third-party services or institutions. This power is something we value deeply at MyCrypto, but how can you make sure you keep that control?
Whether you are using a hardware wallet such as Ledger or Trezor, a browser extension like MetaMask, a mobile app such as Trust Wallet, or are only accessing your funds offline on an air-gapped device, you’re the boss.
With this power comes great responsibility; you are the sole person responsible for your funds. If you lose your wallet, no other party will be able to recover your funds, precious NFTs, or whatever other crypto goodness you might have. So what are your options to make sure your wallet is properly backed up?
With a Hardware Wallet or Secret Recovery Phrase...
A hardware wallet is the safest way to store and interact with your crypto, the main principle being that the device provides complete isolation between your private keys and your computer or phone.
When initially setting up your hardware wallet, it asks you to write down a list of 24 words, also known as your secret recovery phrase (previously referred to as a mnemonic phrase or a seed phrase). In the event your hardware device breaks or gets lost, you can always use this phrase to recover the accounts and funds associated with your hardware device. If you'd like to read a more technical explanation of these phrases, read our deep dive into cryptography and mnemonic phrases.
Typically, you will always interact with your hardware device itself and never the secret recovery phrase. 99% of the time, you will never lose this device, have the device stolen, drop it in a toilet, burn it in a fire, or anything else regrettable.
But…
If any of the above does happen, you'll want to use your secret recovery phrase to get access to your funds again. This phrase gives anyone who has access to it full control to any accounts and funds associated with it, meaning that it's even more sensitive than your hardware device itself, as that at least requires a PIN to be entered first.
Where you keep your recovery seed is up to you, but here are some pointers to keep in mind:
- In order to mitigate damage caused by a large-scale disaster (fire, flood, tornado), it's best to keep the device and phrase separate (for example, NOT together in your desk drawer).
- In order to reduce the likelihood of the phrase being stolen, the phrase shouldn't ever be stored on an electronic device, such as a computer or phone—including by taking photos of it. Nor should the device or recovery phrase be kept in an area where they're at an increased risk of being stolen.
- In order to prevent loss, both should be kept somewhere safe and separate, where neither will be accidentally thrown away or lost.
An ideal location would be somewhere that's safe from water, fire, or robbery. This can be a trusted family members’ safe, a storage unit, safety deposit box, or buried in your friend's yard - it's all going to depend on your situation. If you're leaving it with someone else, ensure that they understand it's very valuable to you but only to you. You could say it's an important document for work that you absolutely cannot lose or a password backup to an online diary.
A paper recovery phrase is fragile. One way to help prevent your recovery phrase from being destroyed by the elements (especially water and fire) is by assembling a metal copy of it. There are various companies out there that create these kits specifically for cryptocurrency recovery phrases, like Trezor’s Cryptotag Zeus, but these options can be quite expensive, so you may want to consider doing a DIY solution!
Additional Passphrase
Many hardware wallets allow you to enter a passphrase for an additional security layer. This differs from a PIN that you enter when accessing your device, as the passphrase effectively acts as a password for an entire set of new accounts.
While still using the same recovery phrase, you can use a passphrase that only you know. If you only ever interact with the accounts that you can access with said passphrase, someone else who gets access to your recovery phrase will simply see a bunch of empty accounts, as they won't know the additional passphrase required to access the others.
Every passphrase is valid but will result in other accounts being shown, so there is no "wrong" password. It is meant to protect you from the “wrench attack,” and enables you to create a decoy wallet which has the same recovery phrase but uses a different password. If someone forces you to give them access to your wallets, you could provide the decoy passphrase, and keep the real passphrase (with all your funds) a secret.
With Private Keys And Keystore Files...
If you're unable to get a hardware wallet - which we still absolutely recommend getting - the best alternative would be to create an air-gapped machine, meaning not connected to the internet. It's possible to use MyCrypto fully offline and create transactions while offline by using the MyCrypto Desktop App. Private keys and keystore files are often seen as the least secure and most vulnerable wallet options, due to how they have no built-in security functions and are the most easily lost. We've unfortunately encountered countless situations in which users lost their funds by entering their sensitive details into phishing websites that impersonate blockchain-related applications.
Creating an air-gapped machine requires setting up a computer that has no connection to the internet at all and that you don't use for anything besides interacting with your cryptocurrency. By using the MyCrypto Desktop Application, you can generate new accounts and create transactions on the offline computer, and then copy the signed transaction to a computer that is connected to the internet in order to broadcast it to the Ethereum network.
As private keys consist of a string of 64 characters, it's possible to write these down on a piece of paper, similar to a secret recovery phrase used with hardware wallets or wallet applications.
A keystore file is nothing more than a private key encrypted by a password. While not possible to write down on a piece of paper, it is possible to store this file on a USB flash drive. Just make sure that you never connect this flash drive to an internet-connected computer, but only on your air-gapped machine.
You're In Control
Putting the power in people's hands is one of our main goals at MyCrypto. Being in full control, and practically being your own bank, brings additional responsibilities to make sure your funds are stored and backed up safely.
We're always trying to spread the word about the importance of security in the Ethereum and cryptocurrency space. If you'd like to be kept up to date, consider following us on Twitter, and subscribing to our newsletter!