Skip to main content
Our Top Pick: Revolut — Best overall crypto bank for most users Open Account ↗ (affiliate)

Seed Phrase Security

How to store 12 or 24 words so you never lose them — and no one else ever finds them.

SK
Reviewed by Stephan Kulik · Last updated: · How we rank

Key takeaways

  • The seed phrase is the master key — treat it like the keys to every account you own, combined.
  • Never store it digitally: no photos, no cloud sync, no password manager for meaningful balances.
  • Metal backup (steel/titanium) protects against fire, flood, and time. $30–$120 for amounts that matter.
  • For $50K+: multisig, BIP-39 passphrase, or Shamir Secret Sharing are worth the setup cost.

The threat model

Three actual threats to a seed phrase — design your setup around these, not around the theoretical perfect.

  1. Physical loss — fire, flood, theft, moving house and losing track, death without a handover plan.
  2. Digital exposure — photo on your phone (auto-synced to iCloud), note in Apple Notes (synced), text message to yourself, password-manager breach.
  3. Coercion / physical attack — someone with a weapon asks you to hand over the seed.

Most real losses come from (2) digital exposure — it is the default failure mode because "just write it on paper" feels too analogue. Force yourself past that resistance.

What not to do

  • Take a photo. Phones back up photos to cloud by default. One photo = cloud exposure.
  • Save it in Notes / Evernote / any note-taking app that syncs.
  • Email it to yourself. Email servers are breached regularly.
  • Save it in a password manager (for amounts over ~$1K).
  • Type it into any web form, ever. Legitimate services never ask for your seed.
  • Tell customer support — any support agent who asks for your seed is scamming you.
  • Screen-share / Zoom-share with it visible, even for a moment. Recording software captures frames.

The paper-backup basics

Write the 12 or 24 words by hand on the recovery card that came with your hardware wallet, or on plain paper. Double-check each word against the BIP-39 word list (Ledger Live, Trezor Suite, and other wallet apps have a built-in verification step — use it).

Store the paper in a location that survives: (a) fire, (b) flood, (c) burglary, (d) you forgetting where you put it five years from now. Realistic options: a waterproof document safe at home, a safe-deposit box at a bank, or with a trusted family member (but tell someone it exists — heirs need to find it).

Paper is good up to about $10K. Above that, upgrade to metal.

Metal backups

Paper burns at ~230°C; a house fire reaches ~600°C. A flood with saltwater will ink-smear regular paper in hours. Metal plates are the durable answer.

  • Stamped stainless steel (Blockplate, BillFodl, Cryptotag entry): ~$30–$50. Punch or stamp the first four letters of each word (BIP-39 words are uniquely identified by their first four letters). Fireproof to ~1400°C, waterproof.
  • Laser-etched titanium (Cryptotag Zeus, Cobo Tablet Plus): ~$60–$120. Stronger, higher temperature tolerance, more elegant.
  • Screw-in word tiles (Cryptosteel Capsule Solo): ~$90. Tiles you assemble — easier to get the letters right the first time than stamping.

Passphrase (BIP-39 "25th word")

Add an extra passphrase (not from the BIP-39 list) to the seed. Wallet software combines seed + passphrase to derive a different wallet than the seed alone would. Without the passphrase, the seed opens a decoy wallet (empty or lightly funded). With it, the real wallet.

Benefits: (a) plausible deniability under coercion, (b) if someone finds the seed paper they still need the passphrase, (c) you can have multiple passphrase-derived wallets from the same seed for separation.

Risks: (a) forgetting the passphrase = permanent loss (seed alone won't recover), (b) weak passphrases (a common word, your dog's name) are crackable, (c) more operational complexity.

Good practice: use a strong, memorable passphrase you commit to memory, and keep a hint (not the passphrase) in a second location. Alternatively, store the passphrase separately from the seed in a different physical location.

Shamir Secret Sharing (Trezor)

Trezor Model T and Trezor Safe 3 support Shamir Backup (SLIP-39): split the seed into M shares, any K of which can reconstruct. Common config: 3-of-5. You store shares in five locations; any three can recover; no single location contains the full seed.

Stronger than naive splitting because any share alone gives zero information about the seed — the cryptographic structure guarantees it.

Multisig (for large balances)

Multisig requires multiple hardware wallets to sign a transaction (2-of-3 or 3-of-5). Common setup: two Ledger + one Trezor, each in a different location (home, bank safe-deposit, trusted family member). Coordinator software: Sparrow Wallet, Specter Desktop, Nunchuk, Unchained Capital for managed.

Threshold at which multisig becomes worth the complexity: somewhere between $50K and $250K, depending on risk tolerance and operational competence. Below that, hardware wallet + metal backup + passphrase is usually the right stop.

Inheritance / dead-man switch

Seed-phrase security that your family cannot unwind after you die is not security — it is loss. Options:

  • Sealed letter with an executor / attorney that includes the location of the backup + the passphrase.
  • Multisig with one key held by a trusted party + their explicit instructions for what to do.
  • Crypto-specific inheritance services (Casa Covenant, Unchained Inheritance) for $250K+ estates.

See our dedicated guide: Crypto inheritance planning.

Decision tree

  • < $1K: Software wallet + strong password + recovery phrase written on paper in your home.
  • $1K–$10K: Hardware wallet + paper backup in a fireproof document box.
  • $10K–$50K: Hardware wallet + metal backup + optional BIP-39 passphrase.
  • $50K–$250K: Hardware wallet + metal backup + BIP-39 passphrase + geographically separated second copy, OR Shamir Backup on Trezor.
  • $250K+: Multisig (2-of-3 or 3-of-5) across multiple hardware devices and locations. Inheritance plan in writing.

Related reading

Frequently asked questions

What is a seed phrase, really? +
A seed phrase (aka "recovery phrase", "mnemonic") is a human-readable encoding of the master private key that controls every account in your crypto wallet. It is typically 12 or 24 words from the BIP-39 word list (2048 English words). Given the seed phrase, anyone can reconstruct your wallet on any device — full access to every coin, every account derived from it. It is the single most sensitive secret in your crypto setup.
Is a password manager (1Password, Bitwarden) safe for seed phrases? +
For small amounts (under ~$1K) that you are OK accepting cloud-sync risk on, yes. For meaningful balances (>$5K), no. A password manager adds cloud-side exposure — if your master password is ever compromised, or the vendor is breached, the seed phrase is exposed. Hardware-only storage (paper or metal, in a physical location) is materially more secure for amounts you cannot afford to lose.
What about taking a photo of the seed phrase? +
Do not. Phones upload photos to cloud backup by default (iCloud, Google Photos), so the seed phrase ends up in a cloud account protected only by your iCloud / Google password — a far lower bar than a hardware wallet's security model. Screen-capture the seed for five seconds and you have effectively published it.
How much should a metal backup cost? +
$30–$120 for the common options. At the low end, stamped stainless-steel plates (Blockplate, BillFodl entry). Mid-range: laser-etched titanium (Cryptotag Zeus, Cobo Tablet Plus) — more durable, fireproof, corrosion-resistant. High-end: SAFE-tier steel or titanium with screw-in word tiles (Cryptosteel Capsule). For $5K+ balances the cost is trivial; for $500K+ balances consider two geographically separated backups.
Should I split my seed phrase across multiple locations? +
Usually not without a formal technique. Naive splitting (words 1–12 here, 13–24 there) provides less security than you think — an attacker who finds half has materially reduced your key space. If you want to split, use a proper cryptographic splitting scheme: Shamir's Secret Sharing (SSS) on supported wallets (Trezor Shamir Backup), or a BIP-39 passphrase held separately from the seed words (see next question).
What is a BIP-39 passphrase and should I use one? +
A BIP-39 passphrase (sometimes called a "25th word") is an extra string you combine with your seed phrase to derive a different wallet. Without the passphrase, the seed phrase opens a decoy wallet (empty or lightly-funded); with the passphrase, it opens your real wallet. This gives plausible deniability under coercion and separates the two secrets. Tradeoffs: one more thing to remember (forgetting = permanent loss), and weak passphrases (a dictionary word) are crackable.
What is multisig and when is it worth the complexity? +
Multisig requires multiple signatures (say, 2 of 3 keys) to authorize a transaction. No single seed phrase compromise = loss of funds. For $50K+ long-term storage, multisig via Sparrow / Specter / Nunchuk + multiple hardware wallets is standard. For $500K+ it is near-mandatory. Tradeoffs: setup complexity, coordination friction for every spend, and operational risk from losing one share (mitigated by the N-of-M threshold).
What are the three real threats to seed phrases? +
(1) Physical loss — fire, flood, theft, you moving and not remembering where you put it. (2) Digital exposure — any photo, cloud sync, screen capture, email attachment, password manager breach. (3) Coercion / $5 wrench attack — someone forces you to reveal it. Real-world losses come overwhelmingly from (2) digital exposure; plan your setup to make (1) and (3) your actual threat model.
esc
↑↓ navigate ↵ open esc close