Securing Your Bitcoin using the
SEED SECURITY ARSENAL
#BackupDay 2023
SEED SECURITY ARSENAL
#BackupDay 2023
Congratulations on owning bitcoin! Now, let's ensure the safety of your seed—the key to your digital treasure.
Remember, there's no one-size-fits-all solution; think of this guide as an arsenal.
Here are some ideas to fortify your seed security:
The foundation: Secure Your Secret in Steel
You should definitely use a secure steel backup system for your recovery seed words and similar secrets.
I recommend getting a Cryptosteel Capsule (or a Cryptosteel Cassette) as long-term and long-lasting storage solution.
Use coupon code "TEACH_ME_BITCOIN_SON_CS10" for a 10% discount.
Remember, "Two is one, and one is none."
Singlesig with Passphrases: Layers of Defense
Elevate your security with singlesig paired with passphrases.
A passphrase acts as an additional layer of defense, making it even more challenging for unauthorized access.
The main benefit is, it protects your unencrypted seed. In other words:
The seed can't be used without the passphrase, if found.
Note that a seed + passphase works like a "2-of-2 multisig".
If you lose your passphase, all coins are locked!
Seed XOR: Plausible Deniability
Seed XOR, a strategy that transforms a single seed into parts, each behaving like the original.
Back up these parts using your preferred method—whether it's a Cryptosteel or another secure option.
These seed parts can even function as normal BIP-39 compatible wallets.
A powerful addition to your security arsenal that can be implemented using a Coldcard or even by hand!
Using 'Seed XOR' feels magical for some of us.
Trusted Peers as Backup: Share the Load
Expand your security circle by sharing parts of your seed with trusted peers or family members.
It's like having a safety net—multiple locations safeguarding your access to Bitcoin.
Just don't do it with unencrypted seeds.
Works great with Seed XOR and for other multisig quorums.
Multisig: Power in Numbers
Embrace the power of multisig. Instead of relying on a single private key, multisig involves multiple keys to authorize transactions.
This added layer of complexity makes your bitcoin more resilient to threats.
Make sure to have all pulic keys at hand at all time, and the minimal amount of private keys (seed) required to control your bitcoin.
We will release a short multisig guide in early 2024.
Avoid getting out of "Bitcoin practice"
No, fees aren't low right now.
Yes, if you can sign your transaction, you are in control of your coins.
No, you don't have to broadcast the signed transaction.
Yes, you shoud practice more.
Test your backups from time to time.
Password Manager
This is how to securely store and backup the master password of your password manager.
I use KeePass to store my usernames, passwords, and links to the login pages for each service. You can also use it for wallet descriptors, public keys, and other non private key material.
Use a "self hosted" password manager, or run it locally.
Just like in football, one wins better together.
Need help moving your bitcoin off an exchange?
This guide has you covered to get started!
Consider redundancy – a second hardware wallet or another backup method for added assurance.
Remember, securing your seed is an ongoing process.
Continuously evaluate and update your strategies as the security landscape evolves.
Please join our mailing list, follow us on Twitter and tell a friend.