How to Manage Your Seed Phrase

Your seed phrase is the most precious piece of information you've got if you want to "be your own bank" and manage your own money/digital assets without a 3rd party. But even with a robust security-focused device like the Lattice1, some of the dangers of self-custody are still present, so you should be always cautious when you work with crypto.

This article seeks to both inform you of the benefits and risks of the most common methods of backing up your seed phrase(s) and also show you some unusual backup methods. But first and foremost, this article is intended to help you think about potential faults in your current setup and point you in the right direction by offering some general advice that you can take to mitigate risk.

Quick intro to seed phrases and why you need to keep them secret and safe

If you're not sure why the random 12/18/24 words you got with your new crypto wallet are important, this is for you - you can think of the seed phrase as the master password for your wallet on the blockchain.

The seed phrase, according to BIP39, is a mnemonic code consisting of a string of words that are randomly selected from a pre-defined list of 2048 English words encoded in the standard. This string of words is then used in generating a blockchain wallet as the base from which addresses are generated through a cryptographic mathematical operation, so the seed phrase is technically the seed of your wallet, hence the name.

The most commonly used crypto wallet apps (MetaMask, Exodus, Rabby, Frame, MyCrypto, MyEtherWallet, Electrum and others) as well as hardware wallets (GridPlus, Ledger, Trezor and others) allow you to import your seed phrase to the app/device and control your blockchain wallet using the app's/device's interface - with access to your seed phrase, you have FULL access to your blockchain wallet and you can freely move its content around.

This also means that if someone else gains access to your seed phrase, they will also have FULL access to your wallet - which is, of course, undesirable. And because of this, thinking deeply about your seed phrase setup is necessary if you want to keep your peace of mind.

Multiple Seed Phrases

Using multiple seed phrases is not necessary, but it is recommended if you're not completely new to crypto. One for your daily use such as trading NFTs, DeFi, etc., and one for long-term holdings that you usually only send your profits too is a good basic setup.

If you have significant amounts of money in crypto, you may consider splitting this further - please note that the seed phrase unlocks all addresses in your wallet, so using a different address doesn't really help you with security, it just makes organizing your crypto activies easier.

Passphrases

When you generate a new BIP39 seed phrase, some wallet apps and hardware wallets let you set up a passphrase - the passphrase is a word (or a string of characters, depends if the app/device lets you use non-letter characters for setting this up) you add to the seed phrase. This elevates security, but comes at a price, as importing a seed phrase with a passphrase is supported by a smaller number of wallet apps and might be a hurdle when you need to import your seed phrase somewhere else quickly.

On the Lattice, creating a passphrase is optional and not necessary to use the device.

Please note that the passphrase is NOT a password to access your seed phrase with - using it will change the generated addresses, so if you use one when generating your wallet and then use an app that only lets you import your seed phrase, you will NOT be able to access your wallet!

Wallet apps that allow you to import a seed phrase with a passphrase include MyEtherWallet, MyCrypto and others.

Most hardware wallet manufacturers support creating a wallet with a passphrase.

Seed Phrase Backup Methods

The way you store your seed phrase is your backup method. This includes GridPlus SafeCards, paper, steel, a hardware wallet, digital backups, etc. When it comes to selecting your backup method(s), you should be aware of several important aspects of each backup method you're going to use and set your seed phrase management system up in a way that makes sense.

In addition to using seed phrase backups, you can also protect your funds in other ways, such as using multisig, which requires signatures from X/Y total wallets to approve spending your crypto, or Shamir backups - these will be addressed further down in this article.

What's important to consider with each backup method:

  • Ease of access How easy it is to obtain or read the seed phrase if you have physical access to the backup.

  • Convenience of use How quickly you can export the seedphrase and use the wallet it unlocks.

  • Reliability How easy it is to destroy the backup.

Non-Digital Backup Methods

Now, let's have a look at a couple of backup methods - and let's start with the most commonly used one, a paper backup. A paper backup is simply a piece of paper on which you've written the seed phrase. Obviously, it's very easy to read the seed phrase when you have physical access to the paper, so it's not very secure, and paper as a material will not withstand fire or water and will disintegrate over time if not stored in ideal conditions, so it's not very reliable either.

A better option are stainless steel backups - the simplest is a steel plate with your seed phrase etched on it, but you can also have a steel backup in the form of a card or a capsule. With steel, you get the best reliability as it can withstand your standard house fire, won't corrode when exposed to water or most acids and can generally last for decades. But, it also suffers from the same problem as paper backups do - once you have access to the plate, you also have full access to the seed phrase.

Splitting the seed phrase

Both steel and paper backups are instant-access backup methods, but you can mitigate the risk of your seed phrase getting exposed by splitting the seed phrase into two or more parts. If you have a 24-word seed phrase, backing it up on two (three) steel plates, each with 12 (8) words, significantly elevates the security of your seed phrase.

However, this also comes with a loss of convenience, because splitting the seed phrase only makes sense if each backup with the partial seed phrase is stored in a different location, so if you need quick access to that wallet, you may not be able to recover all the plates in time.

Shamir

An even better alternative to splitting the seed phrase is using a Shamir Backup Seed - this is not possible to do with a BIP39 seed phrase and is defined by a different standard called SLIP39, but it's definitely something to take a look at and consider for very valuable wallets - it's basically a seed that is generated with a multisig, where the seed is split into multiple fragments and you can control the wallet with e.g. 3 out of 5 fragments.

Smart contract multisig

Right now, the Lattice does not support Shamir, but you can substitute it with using an Ethereum multisig service such as the Safe account abstraction stack. Safe allows you to build a robust security solution on top of multiple BIP39 seed phrases, using customizable rules to set up programmable smart accounts.

You can also get creative and e.g. make a steel puzzle box that will only reveal the seed phrase if you solve the puzzle (which only you know how to solve), this will help with both the ease of access issue and the convenience issue, but is costly, takes a long time to design and create and will most likely not be a viable option for most crypto users - but we thought it was worth mentioning.

Digital Backup Methods

These are methods of backing up your seed phrase that require some kind of technology or a device. This includes GridPlus SafeCards, hardware wallets in general, computers, data drives (HDD/SSD), USB flash drives, etc. All these different digital backup methods have their benefits and drawbacks, and some of them are generally a better option than others, but they all share the inescapable attribute of technology, and that is the problem of longevity over time, or reliability.

Electronics can melt in a fire, SafeCards chips can scratch, computers and hard drives can be wiped when magnetic field is applied to them, water will most likely damage and corrode the internals of devices, and so on. However, if set up and managed correctly, a digital backup can have the right balance of good accessibility and robust security, so they definitely should be used in your setup (ideally combined with a metal backup - just in case the technology breaks down, but this is not necessary if your setup is well designed).

The use of a PIN or a password is a recurring theme of digital backups that are worth considering and an absolutely necessary feature of anything you decide to use to store your seed phrase on - NEVER store your 24 words locally on your computer or especially on an online cloud service - this includes your password manager! Don't use one to store a seed phrase, unless you split it, but even then we still recommend against doing this.

Now, let's have a look at the best digital backup methods.

SafeCards

GridPlus SafeCards were created to make using multiple wallets with one device very easy and also as a convenient method of backing up your wallet(s). When used with the Lattice hardware wallet, they are the best digital backup option, because all you have to do to access your wallet is inserting the card and unlocking it - the PIN adds the needed layer of protection that solves the problem of instant-access backup methods like paper or steel (if the seed phrase is not split), while losing none of the convenience and quickness of access to the seed phrase in emergency situations, which can't be provided by paper or steel when the seed phrase is split into multiple distributed parts.

Safecards are a robust solution even in case your Lattice breaks as you can still extract the seed hash (or the actual seed phrase if your cards were purchased in 2023+) using a generic USB card reader (such as this one) and the SafeCard CLI app.

Can I only use SafeCards to backup my seed phrase and nothing else?

Good question. Yes, you can, but if you want to go down that route, you should have at least 3 copies of each wallet you want to store this way, and the 3+ cards should all be kept in different locations. If you want to have SafeCards as a long-term backup solution, we recommend you download the code for the SafeCard CLI linked above and also store at least some of the cards in weatherproof storage boxes, ideally wrapped in foil, completely isolated from the outside world. One of the locations used to store your SafeCards should be a commercial facility intended for this purpose, such as a bank safe.

SafeCards are a powerful tool for active crypto users as they allow you to easily switch between multiple wallets with one device and in our experience, they are very reliable, but you have to realize that your credit/debit card issuer replaces your card every 2-4 years due to the possibility of the card chip wearing out. This will most likely not happen to the two+ additional SafeCards you will have if you want to go SafeCards-only as they will not be in regular use, but combining the cards with a steel backup is a good option for very valuable wallets.

The PIN to your SafeCard(s) should never be written down on the SafeCard itself and/or stored anywhere near it. Ideally, you'd just remember it, but in case you need someone else to gain access to your crypto in the future or under certain conditions, no access to a PIN complicates this. So, the best solution is to have the PIN distributed (cut into 2+ parts) and stored in different locations (just like steel) or with your family with instructions on how to operate SafeCards.

Also, every one of your SafeCards should have a different PIN, of course.

Encrypted hard drives

Another secure way you can digitally store your seed phrase is an encrypted hard drive on which your seed phrase is stored in a password-protected file. Encryption is key here - you can use free open-source software like VeraCrypt to encrypt your hard drive and protect your data. This will prevent any attacker from reaching your secure info even with physical access to the hard drive, but please note that an encrypted hard drive can still be destroyed quite easily. To store the seed phrase, you can create a simple sheet/doc file and protect it with a password to add a layer of security.

When you want to access your seed phrase, it's highly recommended to only connect to this hard drive with an always-offline computer to prevent any attacks via the Internet, or at least make sure the computer is offline at the time. In that case, the ideal way to connect to the hard drive is to boot your computer up with a Linux USB via the BIOS.

Other digital backup methods include computers, phones, USB flash drives, etc. - but we recommend against using them as there are more possible attack vectors and it's easier to extract your seed phrase from standard consumer products like that. However, if you insist on using a backup like this, just make sure you can encrypt the data storage chip where your seed phrase will be and you should be okay.

Example Setups

Example 1: Johnny

Johnny got into crypto very recently. He read that he should use a hardware wallet on Twitter, so he decided to buy a Lattice. Until then, he had all his digital assets stored on Coinbase. Johnny generated a new wallet, wrote the seed phrase down on paper, and also created one SafeCard backup. He sent all of his crypto from Coinbase to his new wallet, now safely stored on the Lattice. He put his paper backup and SafeCard in a sock drawer and completely forgot about them. One day, Johnny's house burned down - very unlucky. In the rubble, Johnny found two pieces of melted plastic - one used to be his Lattice, and the other his SafeCard backup. Not a trace of his paper backup could be found.

Johnny has lost all of his crypto and is now ripping his hair out - don't be like Johnny.

In this example of a bad setup, we wanted to highlight a common case of listening to the crypto community's advice of getting a hardware wallet (which is 100% sound!), but then making the mistake of not thinking of all possible attack vectors/disaster scenarios that could happen to your wallet/seed phrase backups.

This example should serve as a reminder that once you decide to exclude all 3rd parties, you're on your own when it comes to managing your funds, and you can only hold yourself accountable if you lose them.

Getting a hardware wallet is definitely a step in the right direction, a hardware wallet is a very powerful tool, but like it is with all other tools, you have to know what you're doing.

Use the tool, don't be one.

Example 2: Neil

Neil is a passionate NFT guy - he loves his jpegs very much, and he decided to get a Lattice to protect them. Neil actively uses two wallets - one for minting and quick trades and one for his long-term holdings. This played a major role in his decision to get the Lattice, as he wanted to be able to switch between the two wallets on one device quickly if needed.

His first wallet (let's call it the mint wallet) is stored on the built-in Lattice wallet and Neil also created one SafeCard backup of it. He keeps this SafeCard in a fireproof sealed security box in his house.

His second wallet (we will call it the vault) is much more valuable than the mint wallet and Neil stores it primarily on SafeCards. Neil bought a couple of SafeCard packs and now has 3 SafeCard backups of this wallet. He keeps one on his desk, right next to his Lattice for quick access to this wallet, another in the same security box as his mint wallet SafeCard, and the third one in his parents' house in a different ZIP code. In addition to this, Neil also has 2 steel plates, each engraved with 12 words of his 24-word seed phrase - one in his house, and the other in his parents' house again.

One day, Neil's house also burned down and Neil's Lattice was destroyed in the fire. Luckily, but both the security box with his SafeCards and the steel plate with one half of his seed phrase were found relatively unscathed. Neil got a new Lattice very shortly and was able to resume working with both of his wallets, but while he was waiting for his new device to arrive, he missed out on a couple of opportunities and couldn't close an open position, so he lost a little bit of money.

Neil's setup is an example of a good, albeit not excellent, setup. Neil managed to protect both of his wallets from the fire, but luck also played a role in this scenario - if the fireproof box he kept his SafeCards in wasn't as fireproof as advertised, he would have lost access to his mint wallet (because he only kept copies of that one on the Lattice and on one SafeCard at the same location - his house).

What's important to also think about in your setup is how many wallets you're using, for what purpose and how much you have on them or plan to have on them. Neil was 100% right in putting more effort into backing up the most valuable wallet - his vault. However, this doesn't mean that you should skip backing up your less valuable wallets altogether.

Also, Neil could have bought an emergency USB card reader in case his Lattice stopped working and he still had access to his SafeCards - he would be able to obtain his seed phrase that way and use the wallet he needed quick access to.

Example 3: Chad

Chad is an OG. If you've ever been on crypto Twitter, you've most likely seen his profile picture. Chad does a little bit of everything; on-chain trading, NFTs, DeFi, etc. He's a member of multiple DAOs and also serves as one of the treasurers for some of them (he has access to a wallet that can be used to sign one out of X multisig signatures). He uses multiple wallets and also manages significant crypto holdings for his friends and family.

Chad manages three kinds of wallets, the first two are similar to Neil's setup; wallets that he needs quick access to (mint wallets and trading wallets), and wallets that he usually just sends some profits to when his trades go well or uses them to store valuable NFTs he's not planning on selling - long-term holdings, vaults. The third type of wallet Chad uses are the ones needed for multisig required to control a DAO's treasury - these need to be well protected, but should also be accessible quickly in case of an emergency.

Chad's mint and trading wallets are stored on the built-in wallet chips of a couple of Lattices on his desk, some smaller hardware wallets for when he travels (kept in a safebox), multiple SafeCards, an encrypted hard drive and also multiple steel capsules (each with 8 or 1/3 of the seed phrase). These "quick-access" wallets were generated using the BIP39 standard, but Chad also added a passphrase to all of them. The multisig wallets he's managing are also set up this way. Chad also sent a small amount of crypto to the wallets unlocked by the seed phrases without the passphrase in case someone attacks him in person and uses force to make him give his wallets up (a $5 wrench attack). The passphrase needed to unlock the valuable wallets is stored in multiple places (places where he does NOT have hardware wallets loaded with the correct seed phrases!), the most notable being Chad's head - he just remembers it. Chad owns multiple high-end USB card readers.

His wallets intended for long-term holding and his NFT vaults were created with a Shamir Backup Seed and split into 5 fragments (out of which 3 are needed to access the wallet). Each fragment is stored in a steel capsule and in a different location - bank vaults, vaults in some of Chad's properties, Chad's parents' house, trusted friends' houses, etc. Chad set these wallets up with the intention of not being able to access them unless he gathers fragments from multiple locations.

We don't really need to make up a catastrophic scenario for Chad, because his setup is so good that whatever happens, he will still be able to access all of his wallets. Manage your seed phrases like Chad.

Chad's example is obviously blown out of proportions for most users, but we wanted to show a couple of core ideas you should work with if you want to design a very secure seed phrase management system:

  • Each wallet you're using should have a defined purpose and should be used for this purpose only and nothing else

  • At least 2, ideally 3+ backup methods for each wallet you're using, at least one of them non-digital (ideally steel), and if you're a Lattice user, multiple SafeCard copies

  • Split seed phrases, distributed backups (different locations)

  • Using a passphrase for BIP39 seed phrases

  • Sending some expendable funds on the wallet unlocked by your BIP39 seed phrase without the passphrase in case of a $5 wrench attack - a "dummy" wallet

  • Using a Shamir Backup Seed for very valuable wallets that you don't need instant or regular access to, with some of the fragments ideally stored in a bank vault

  • If you're planning on only keeping SafeCards at home and other backup methods elsewhere, make sure to buy a USB card reader in case your Lattice breaks down and you need quick access to your wallets

If you're unsure about your setup and you'd like us to help you, feel free to reach out to us:

Last updated