The safety of the recovery phrase is way more important than keeping the hardware wallet safe, according to executives at Ledger and Trezor.
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss.
Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all.
There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys.
A private key is a cryptographic string of letters and numbers that allows users to access crypto assets as well as to complete transactions and receive crypto.
Most crypto wallets usually provide a private key in the mnemonic form of a recovery phrase, which contains a human-readable backup allowing users to recover private keys. The mnemonic form is typically enabled through BIP39, the most common standard used for generating seed phrases for crypto wallets.
Also referred to as a seed phrase, a BIP39 recovery phrase is basically a password consisting of 12 or 24 random words that are used to recover a cryptocurrency wallet. Crypto wallet platforms typically generate a seed phrase at the very beginning of setting up a wallet, instructing users to write it down on paper.
According to executives at major hardware crypto wallet firms Ledger and Trezor, the safety of the recovery phrase is way more important than keeping the hardware wallet safe.
Keeping a private key safe is a guiding principle for the crypto community, embodied in the phrase: “Not your keys, not your coins.” The principle means that users are not really in control of their coins if they don’t own their private keys.
Both Ledger and Trezor wallets allow users to recover access to their wallets through a seed phrase by simply using another hardware wallet.
“A user could recover their wallet and funds on any of the other new Ledger wallets. Alternatively, they could also recover on a Trezor, SafePal or another hardware wallet device,” Ledger chief technology officer Charles Guillemet told Cointelegraph.
Users can also turn to software wallets to access their funds in case the hardware wallet was lost, stolen or destroyed. “If you lost your Trezor, but you still have your recovery seed, you can recover your funds through many hardware wallets and software wallets in the market,” Trezor chief information security officer Jan Andraščík said.
According to the Ledger and Trezor executives, the list of compatible software wallets includes platforms such as Electrum, Exodus, MetaMask, Samourai, Wasabi, Spot and others.
As the safety of the recovery phrase is the top priority in maintaining access to a crypto wallet, one may be wondering how to best protect the seed phrase.
“Preserving the seed is one of the most crucial topics in Bitcoin security,” Andraščík told Cointelegraph. He pointed out three main threats when it comes to BIP39 passwords: those caused by the user themselves, any type of natural or human-made disasters, or theft.
Loss of a recovery phase is very common: A wallet user could accidentally throw it out or just not understand the importance of it at the very beginning of setting up the wallet.
Users could also choose the wrong place to keep their recovery phrase, with one common mistake of simply putting the phrase online. Crypto wallet users should never digitize their seed phrases in order to avoid unfortunate events such as hacking, Ledger’s Guillemet said, adding:
“It is paramount for users to secure the recovery phrase. It should be stored in a safe place and should not be digitized — in other words, don’t put your words in an email or a text file and don’t take photos.”
As such, most crypto wallets recommend their users simply write the seed phrase down on a piece of paper and store it in a safe place.
In order to ensure reliable protection for the recovery phrase, one may go further than just writing it down on paper.
Ledger and Trezor executives provide a number of recommendations for crypto wallet users to boost the protection of their seed phrases, including using fire-proof storing capsules or steel plates to engrave the recovery phrase.
Other sophisticated methods to protect a seed phrase also include distributing backups between several groups of people and locations such as family, a safe box at the bank, or a secret spot in the garden. One such method is known as Shamir Backup, allowing users to distribute their private keys into several parts that, together, are needed to recover the wallet.
While hardware wallet providers do their best to help users recover their assets in case they lose their wallets, there’s still nothing much they can do about losing a recovery phrase.
That is because the private key is designed to be held solely by the user of a noncustodial wallet, Trezor’s Andraščík said. He noted that the principle of noncustody and its security implications are completely against the idea of having some kind of “backup,” adding:
“If anyone has an opportunity to recover your Bitcoin, it means they have access to your Bitcoin, and you need to trust that these actors will always treat you with goodwill. We are getting rid of the need to trust, and rather, we encourage them to verify.”
“Ledger is also working to improve the user experience generally, removing the pain points without compromising security. That said, self-custody remains the DNA of blockchain and the DNA of Ledger. Users always remain in control,” Guillemet stated.