Back To Crypto Resources

Hardware Wallet Recovery Seeds Explained

Hardware Wallet Recovery Seeds Explained

What is the recovery seed? 

When you setup a Trezor, Ledger or Keepkey hardware wallet, you will be required to write down a recovery seed. The recovery seed, also known as a recovery phrase, backup phrase or word seed is a list of 12, 18 or 24 words that store all the information needed to recover your wallet. Writing down and securing the recovery seed is the most important task in using a hardware wallet. Some users who did not adequately protect their recovery seed tragically lost all of their cryptoassets. This guide explains how the recovery seed works and the best ways to secure and utilize the recovery seed.


When will you need to use the recovery seed?         

You will need to use the recovery seed to regain access to your cryptoassets if your hardware wallet is reset, lost, stolen or damaged. All of your cryptoassets are technically not stored on the actual hardware wallet physical device. The information for each cryptoasset is stored on a collective decentralized network known as a blockchain. The sequence of words that you wrote down is the key that gives you access to your cryptoassets. The words in your recovery seed come from an industry-standardized list of 2042 words known as BIP39. This means that you can recover your cryptoassets on any BIP39 compatible wallet. For example, if you have cryptoassets on a Trezor One and the Trezor One gets lost or damaged, then you can enter in the recovery seed from the Trezor One into a Trezor Model T or a Ledger Nano S and recover all of your cryptoassets.

 The Trezor, Ledger and Keepkey hardware wallets can only store one BIP39 recovery seed at a time. If you have multiple hardware wallets with different seeds you do have the option to transfer all of your cryptoassets to one recovery seed on one wallet. There are also software wallets that allow you to enter in BIP39 recovery seeds. However, software wallets are much more vulnerable than hardware wallets, because the recovery seed is stored on a computer that is connected to the internet.         

                                                           

Never enter the recovery seed on a device connected to the internet

The most important rule with hardware wallets is to never enter your recovery seed into any device that is connected to the internet. This means never take a picture of your recovery seed, never type the recovery seed into a computer or phone, never save it in cloud storage and never upload the seed on the internet. Cryptocurrency assets are worth billions of dollars and are therefore a target for hackers. There are viruses and malware running 24/7 with the sole purpose of searching and finding sequences of 12,18 or 24 words. If one of these viruses was to find a recovery seed stored on a computer, then the hacker behind the virus would gain access to all of the cryptoassets associated with that recovery seed.

Even with antivirus software, no device connected to the internet is invulnerable to attacks. Therefore, storing your recovery seed entirely offline is an absolute necessary. Hardware wallets were invented for this exact reason. The recovery seeds of hardware wallets are both randomly generated and stored offline in the device’s secure microprocessors.

Offline storage means that if your hardware wallet is plugged into a computer infected with malware, your recovery seed and cryptoassets will remain totally secure. The offline storage of the hardware wallet will completely insulate the recovery seed from the infected device.  The recovery seed is also backed up offline by writing it down on paper. As explained earlier, this allows you to recover your assets in the event that the hardware wallet is lost, stolen or damaged.

Make sure to copy down the recovery seed correctly

 Even if only one letter of one word of your recovery seed was written down incorrectly, then you will not be able to use the recovery seed to access your cryptoassets. Fortunately, both Trezor and Ledger offer recovery seed checks so you can confirm that your recovery seed was written down 100% correctly. For instructions on how to do the recovery seed check, visit our Ledger or Trezor setup articles.           

Strategies for storing the recovery seed

The recovery seed should be written down in pen in neat handwriting. We recommend you write down the recovery seed twice and store it in two separate secure locations. For additional security some users will break the recover seed in sections and store the parts in different places. For example, if your recovery seed is 12 words, you could store three sequences of 4 words in three different locations.

Another security measure some users take is to make a steel backup of the recovery seed. You can purchase specific steel tables with tiles that allow you to assemble your recovery seed. These steel backups are resistant to fire, flooding, corrosive conditions, and impacts from accidents.


Whatever security measures you end up using, make sure that they are not overly complicated such that even you have trouble accessing your recovery seed. For many investors, a copy of a recovery seed stored in a safe and then another copy in another hidden location will be sufficient.

Certain hardware wallets generate different length word seeds

The Trezor One and Ledger Nano S generate new word seeds that are 24 words long. The Trezor Model T generates new word seeds that are 12 words long. However, all Trezor, Ledger and Keepkey hardware wallets can have previous word seeds of 12, 18 or 24 words restored on them. For example, if you use a Ledger Nano S with a 24 word seed, you can recover this word seed and all of your cryptoassets with a Trezor Model T by entering the 24 words from the Ledger Nano S seed into the Trezor Model T.


Multiple wallets can store the same recovery seed at the same time

Each hardware wallet can store only one sequence of BIP39 words at a time, but you can enter this same recovery seed into as many different BIP39 compatible hardware wallets as you like. If you enter the same recovery seed into two different hardware wallets then both of those hardware wallets will act as duplicates of one another and they will store the same cryptoasset balances and accounts. As stated in the previous example, this includes hardware wallets from different companies, so you could have a Trezor and a Ledger wallet storing the same cryptoasset accounts, balances and addresses.

Why would you want to store the same word seed on multiple hardware wallets? It is not necessary, but some investors like this option because if one hardware wallet was lost or stolen, you could immediately recover the cryptoassets from the duplicate hardware wallet, instead of having to order another hardware wallet, waiting for it to arrive and then entering in the recovery seed.

Your hardware wallet can generate an unlimited number of recovery seeds

Your hardware wallet can generate an unlimited number of recovery seeds. Every time you reset or wipe the device and then initialize the hardware wallet as a new device, a new sequence of 12, 18 or 24 words will be generated. If your recovery seed gets compromised, then you can create a new recovery seed. In this scenario, you would login to the hardware wallet with the compromised recovery seed, send your cryptoassets to another wallet or an exchange, reset the hardware wallet, create a new recovery seed, and then send your cryptoassets back to your hardware wallet with the new recovery seed.


Conclusion

We hope you now have a better understanding of how the recovery seed works and how to secure it. Many consider the hierarchical deterministic recovery seed method the best model for safeguarding cryptocurrency wallets. All of your private keys and addresses can be owned and accessed from one single word seed that is easy to store, but impossible to hack. Utilizing a hardware wallet allows you to easily create as many hierarchical deterministic wallets as you need and they are all safely isolated from any device connected to the internet. The first step to start using the recovery seed cryptographic technology is to setup your hardware wallet. If you do not already own a hardware wallet, you can purchase one here:



Leave a comment