The web3 space will provide users with new experiences, but in doing so, people must be mindful that they need to protect the access to assets held in their public keys. This is because these can be used to move funds and interact with any web3 application.
What this requires is that everyone takes measures to implement a safe and authorized way to access their mnemonic phrase — the phrase required to access your private keys.
Seed Phrase Location
Section contents:
- The importance of restricting the whereabouts of the seed phrase
- Possible scenarios and consequences of disclosing the location
- A potential exception of disclosing the location
Never, should any person share their mnemonic/seed phrase with anyone else.
The rationale behind the above statement is that, because your seed phrase can grant access to the assets on your wallet, you should NEVER share it with anyone.
It is also extremely important that the whereabouts or location of a person’s seed phrase are never disclosed. By whereabouts, we mean where you’ve stored the seed phrase — this could be on a piece of paper, or on an offline password manager.
The location of a person’s seed phrase and its contents must always be kept secret. If not, well, let’s just say bad things will happen. .
Imagine telling a friend, who occasionally gossips, the location of your seed phrase while boasting that you have accumulated wealth in crypto and NFTs. Then this friend mistakenly leaks this information to another person (a friend of a friend), who might decide to act on this crucial piece of information.Voila!! Your funds are gone.
This is exactly why no one should ever share your seed phrase with anyone.
However, there are some users that disclose the location of their seed phrase to a trusted party. The rationale behind this is to manage risk. Since the trusted third party could help aid in retrieving the seed phrase in the event that the user is unable to access it, or even the passing away of the user, a trusted third-party could be an exception to the rule.
This of course has the caveat that the person who is entrusted with this information acts in good faith and has enough moral character to maintain the utmost confidentiality.
Seed Phrase Storage Risks
Section contents:
- Malware
- Cloud risk
- Unauthorized access
As a general rule of thumb, everyone should refrain from storing their mnemonic/seed phrases in their devices, be it phone, computer, or tablet. There are many reasons why these should never be stored in devices and these encompass the risks of malware attacks, cloud risk, and the risk of unauthorized access.
Malware, which can be defined as an umbrella of different software that has malicious intent, has a variety of different types of these softwares that can be used to attack people and put them in a situation where they lose ownership or control of their assets.
Some of the most notorious malware that exists today is that of Spyware, where this software invades your device and obtains all information in it. Your seed phrase included.
Another malware that also extracts information, is that of a Keylogger which tracks all of a user’s keystrokes. If you have this malware on your device, chances are that it must have copied your passwords and seed phrases as you typed them.
Then there’s Rootkits, which are designed to secretly access a person’s device without them knowing. By consequence, they can be used to execute commands, and compromise a user’s assets by accessing files where they might have stored their mnemonic phrases, passwords, and other sensitive data.
Lastly, but not limited to, is the malware named Ransomware, that is designed to block access to files in your device by encrypting them and holding them for “ransom” until a user makes a payment as per instructions given (providing payment does not guarantee that these files will be decrypted by the attacker).
An additional risk associated with storing seed phrases in a device is if you stored it on a cloud service. Since this information is now stored on different servers, they carry the risk of these being at the mercy of a cyberattack.
Aside from the above risks which can be described as direct, there is also the possibility that a person’s device might fall into the hands of an unauthorized party who physically gains access to the device.
For example, someone who you’ve invited home decides to act in ill faith and uses your computer that you left unlocked (along with accessing any files). Or, equally as bad as the previous example, the physical theft of any of your devices where your mnemonic phrases are stored. There is always a chance — depending on your security measures — of a culprit gaining access to this and depleting the entirety of your digital assets.
Storing the Seed Phrase in a Location and Managing Risks
Section contents:
- Physical location
- Materials used to record the seed phrase
- Possible DIY (Do it Yourself)
- Security measures
- Managing risks
Having a secure location where to store your seed phrase is another measure for safeguarding it.
Any place where a person keeps their seed phrase should be treated in the same level of importance as how their most prized possessions are stored. Jewelry, expensive family heirlooms, and other items, for example, would usually be stored in an unnoticeable place so as to not draw attention. As a bit of an extra, you could even opt for a safe that is fire resistant and is also both difficult to find and difficult to move out of the physical premise. In order words, hard to steal.
When writing or engraving your seed phrase, always be mindful of the material used to store these words, for example, paper does not do well with fire, water, and mold. Metals can also be susceptible to the elements since some of them can rust and in some instances even melt or warp depending on the metal’s melting point.
Being mindful of a material’s risks in the environment where it is in will allow the user to manage their risk accordingly.
For instance, picking a material that is humidity and fungus resistant might be a better option in a place that is very humid since this is an inherent risk. Same goes for locations that are known to have heavy storms or hurricanes.
There are also general risks in the environment such as fires that may require considering metals such as steel, which is fire-resistant. There’s also the risk of corrosion which steel also addresses effectively compared to other metals.
Paper is also a material that is widely used, however, it does have risks that are not well managed against the elements. Fire can burn it to a crisp, and it can also be easily smudged with the same ink that is used to write on it. These points make paper a less than ideal method for storing the mnemonic phrase.
Some manufacturers in the cryptocurrency space also provide services that engrave seed phrases, but in doing so also raise concern given the level of compromise.
The most secure way of storing your seed phrase is to do it yourself (DIY). You can either order a tiny and thin enough sheet of metal with great attributes, as previously mentioned, that need only be engraved with the respective 12 or 24 word seed phrase.
This might be too difficult and cumbersome for many people, however, it is a best practice recommendation. While it is not convenient, it is definitely safer than any other method given the level of privacy and material involved.
An additional best practice element that everyone should have is encasing the seed phrase in a location that both resists environmental risks as well as having a layer of protection from unauthorized access. A safe, for example, is what comes to mind when anyone thinks of where valuable items should be stored. One that is fire and water resistant and has enough security features would be the basic option for storing the “keys” to your assets.
As opposed to a lockbox held at a bank where many people have stored valuables such as mnemonic phrases, having a safe located in a hidden or inconspicuous part of your home might be preferred over a custodial lockbox. Why so? This is because of reports that third parties sometimes access these lockboxes without owner’s permission.
If a person chooses to use a safe or similar encasing, he or she should be aware of having sufficient security measures in place to protect all contents inside. It’s worthy to note, also, that adding too many layers of security might pose the risk of losing access to the contents. And so, it is recommended that users manage risks in a reasonable manner to avoid being stuck unable to access their funds.
Another risk associated with not having your assets stored in a location that you own or control is if this location happens to suddenly have construction crews work in that location. A possible result is the destruction of that location or even theft of your devices.
One strategy that users might employ is that of making copies of their seed phrase and cutting it up or dividing it into different pieces, and then storing each part in separate and secure locations. This method would minimize the risk of the entire seed phrase being compromised. When coupled with making copies, this would also lessen the risk of the seed phrase being lost due to having a “backup part” of it in another location.
If this is to be done, the user should also be mindful of maintaining the correct order of the parts in order to access his or her assets. This method is known as the Shamir backup.
Conclusion
When generating your seed phrase, careful thought must be placed on all risks associated with losing access to your seed phrase, or having an unauthorized party access it. Best practices, at the core, require using risk management principles that take into account environmental hazards, security risks, and possible unexpected risks that may happen in life.
This, and staying vigilant, will protect you from the pains of getting your funds drained on a hack.
