Hardware Wallet Recovery Seeds Explained
What is the recovery seed?
When you setup a Trezor, Ledger or Keepkey hardware wallet, you will be required to write down a recovery seed. The recovery seed, also known as a recovery phrase, backup phrase or word seed is a list of 12, 18 or 24 words that store all the information needed to recover your wallet.
Writing down and securing the recovery seed is the most important task in using a hardware wallet. Unfortunately, many users who have not adequately protected their recovery seeds have tragically lost all of their cryptoassets.
This guide explains how the recovery seed works and the best ways to secure and utilize the recovery seed.
When will you need to use the recovery seed?
You will need to use the recovery seed to regain access to your cryptoassets if your hardware wallet is reset, lost, stolen or damaged.
All of your cryptoassets are technically not stored on the actual hardware wallet physical device. The information for each cryptoasset is stored on a collective decentralized network known as a blockchain. The sequence of words that you wrote down is the key that gives you access to your cryptoassets.
The words in your recovery seed come from an industry-standardized list of 2042 words known as BIP39. This means that you can recover your cryptoassets on any BIP39 compatible wallet.
For example, if you have cryptoassets on a Trezor One and the Trezor One gets lost or damaged, then you can enter in the recovery seed from the Trezor One into a Trezor Model T or a Ledger Nano S and recover all of your cryptoassets.
Trezor, Ledger and Keepkey hardware wallets can only store one BIP39 recovery seed at a time.
If you have multiple hardware wallets with different seeds, you do have the option to transfer all of your cryptoassets to one recovery seed on one wallet. There are also software wallets that allow you to enter in BIP39 recovery seeds.
However, software wallets are much more vulnerable than hardware wallets, because the recovery seed is stored on a computer that is connected to the internet.
Never enter the recovery seed on a device connected to the internet
The most important rule with hardware wallets is to never enter your recovery seed into any device that is connected to the internet.
This means never take a picture of your recovery seed, never type the recovery seed into a computer or phone, never save it in cloud storage and never upload the seed on the internet. Cryptocurrency assets are worth billions of dollars and are therefore a target for hackers.
There are viruses and malware running 24/7 with the sole purpose of searching and finding sequences of 12,18 or 24 words. If one of these viruses was to find a recovery seed stored on a computer, then the hacker behind the virus would gain access to all of the cryptoassets associated with that recovery seed.
Even with antivirus software, no device connected to the internet is invulnerable to attacks. Therefore, storing your recovery seed entirely offline is an absolute necessary.
Hardware wallets were invented for this exact reason. The recovery seeds of hardware wallets are both randomly generated and stored offline in the device’s secure microprocessors.
Offline storage means that if your hardware wallet is plugged into a computer infected with malware, your recovery seed and cryptoassets will remain totally secure. The offline storage of the hardware wallet will completely insulate the recovery seed from the infected device.
The recovery seed is also backed up offline using either paper or a steel recovery seed backup tool (significantly more secure). As explained earlier, this allows you to recover your assets in the event that the hardware wallet is lost, stolen or damaged.
Make sure to copy down the recovery seed correctly
Even if only one letter of one word of your recovery seed is written down incorrectly, you will not be able to use it to access your cryptoassets. Fortunately, both Trezor and Ledger offer recovery seed checks so you can confirm that your recovery seed was written down 100% correctly.
For instructions on how to do the recovery seed check, see our our Ledger or Trezor setup articles.
Strategies for storing the recovery seed
If you must use paper (not recommended), your recovery seed should be written down in pen in neat handwriting. We recommend you write down the recovery seed twice and store it in two separate secure locations.
For additional security, some users will break the recovery seed into sections and store the parts in different places. For example, if your recovery seed is 12 words, you could store three sequences of 4 words in three different locations.
A far stronger option for protecting your recovery seed is to record your seed on a stainless steel recovery seed backup tool, and lock that tool in a safe place. These steel tables with laser engraved tiles are specifically designed for you to record your recovery seed in a physically indestructible manner.
These devices, such as the American designed Billfodl backup tool, are resistant to fire, flooding, corrosive conditions, and impacts from accidents, protecting your recovery seed from most imaginable worst case scenarios that would lead to total loss of your cryptoassets.
Whatever security measures you end up using, make sure that they are not overly complicated such that even you have trouble accessing your recovery seed. For most investors, making a copy of your recovery seed stored in a safe on a steel backup device, and then another copy in a separate hidden location is sufficient.
Certain hardware wallets generate different length word seeds
The Trezor One and Ledger Nano S generate new word seeds that are 24 words long. The Trezor Model T generates new word seeds that are 12 words long. However, all Trezor, Ledger and Keepkey hardware wallets can have previous word seeds of 12, 18 or 24 words restored on them.
For example, if you use a Ledger Nano X with a 24 word seed, you can recover this word seed and all of your cryptoassets with a Trezor Model T by entering the 24 words from the Ledger Nano X seed into the Trezor Model T.
Multiple wallets can store the same recovery seed at the same time
Each hardware wallet can store only one sequence of BIP39 words at a time, but you can enter this same recovery seed into as many different BIP39 compatible hardware wallets as you like to access your funds from that wallet. If you enter the same recovery seed into two different hardware wallets, then both of those hardware wallets will act as duplicates of one another and they will store the same cryptoasset balances and accounts.
As stated in the previous example, this includes hardware wallets from different companies, so you could have a Trezor and a Ledger wallet storing the same cryptoasset accounts, balances and addresses.
Why would you want to store the same word seed on multiple hardware wallets?
It is not required, but most investors go with this option because if one hardware wallet is lost or stolen, they can immediately recover the cryptoassets from the duplicate hardware wallet, instead of having to order another hardware wallet and waiting for it to arrive (creating a time gap where a thief could send your funds off of your stolen or lost wallet).
Your hardware wallet can generate an unlimited number of recovery seeds
Your hardware wallet can generate an unlimited number of recovery seeds. Every time you reset or wipe the device and then initialize the hardware wallet as a new device, a new sequence of 12, 18 or 24 words will be generated. If your recovery seed gets compromised, then you can create a new recovery seed. In this scenario, you would login to the hardware wallet with the compromised recovery seed, send your cryptoassets to another wallet or an exchange, reset the hardware wallet, create a new recovery seed, and then send your cryptoassets back to your hardware wallet with the new recovery seed.
Additionally, multiple hardware wallets with the same recovery seed would allow you to access the same crypto funds in multiple locations. For example, you could have one wallet at your office and one at home, enabling you to make transactions from different locations with the same wallet.
Finally, many investors like to spread their assets across multiple hardware wallets with different recovery seeds and addresses. This helps diversify against risk of loss for large holdings.
We hope you now have a better understanding of how the recovery seed works and how to secure it. Many consider the hierarchical deterministic recovery seed method the best model for safeguarding cryptocurrency wallets.
All of your private keys and addresses can be owned and accessed from one single word seed that is easy to store, but impossible to hack.
Utilizing a hardware wallet allows you to easily create as many hierarchical deterministic wallets as you need and they are all safely isolated from any device connected to the internet.
The first step to start using the recovery seed cryptographic technology is to setup your hardware wallet. If you do not already own a hardware wallet, you can purchase one here.
Once you have a wallet, make sure your recovery seed is backed up properly; the best option is via steel backup device.