In this guide, you’ll see how to protect your hardware wallet backups against misused when lost or stolen.
Next, you’ll learn how to make your crypto assets inheritable so that you won’t leave your close ones with nothing.
Then you’ll set up a “canary wallet” with notifications on balance change to get notified in case your recovery seed is compromised so you can move your funds out from the main passphrase protected wallet.
This “canary wallet” also acts as plausible deniability which can safeguard you in conditions where you could be forced either by criminals or by the authorities to give up access to your wallet.
Finally, you’ll get geographical freedom and be able to access your recovery seed backup from everywhere.
You might find the last two especially handy on border or airport security check when traveling to dangerous countries.
Here is how you can do it.
Step #1: Keep Your Recovery Seed 100% Offline
Keep your recovery seed offline and never make a digital copy of it.
When storing significant amounts consider buying a Cryptosteel or other “indestructible” metal seed storage to protect your recovery seed backups against fire or flood.
Step #2: Enable Passphrase To Protect Your Seed
Activate passphrase to protect your recovery seed. If you don’t use a passphrase, your recovery seed is all that is needed to access your coins.
You can read more about the passphrase security benefits from official Trezor and Ledger resources:
Step #3: Backup 1st Passphrase Part Offline
Download First-Part-Form template and write down your 1st passphrase part on it.
Then create multiple 1st passphrase part backups in case some are destroyed or lost – one for yourself, other backups handover to your trusted/next of kin contacts.
Step #4: Schedule Recovery Email Containing 2nd Passphrase Part
Both services work as a dead man switch – if you don’t reset your waiting period for some time, your trusted contacts will receive the recovery email you previously prepared for them.
With already having First Part Form containing 1st passphrase part and knowing where the recovery seed is stored (or leaving it in estate/lawyer office or deposit box), your next of kin will be able to access your digital assets one day you can’t.
Another benefit of having a recovery/inheritance plan in place is that it might actually help you in case of an accident or unexpected memory loss. Then, at least someone will know how to help you access your assets.
Tip 1: In case you’d missed the recovery email due to a technical issue on your email provider side, or you deleted the email by mistake, you’ll be able to resend recovery email again
Tip 2: If you’re worried that your recovery email will be accidentally triggered (for example because you forget reset waiting period) you can store half of your recovery seed (without the passphrase) in your security deposit box and write it down into last will and use your will executor as a validator
Step #5: Check Your Backups Regularly
Schedule reminders to make sure to check your recovery seed and passphrase backups regularly.
Schedule also reminders for your trusted contacts to remind them to make sure they still have their First Part Form in a safe place. Once they confirm this, you’ll be able to see it in your activity report.
Step #6: Make Sure To Follow Security Best Practices
Keep Your Recovery Seed ALWAYS Offline
Write the recovery words by hand on a paper to keep them 100% offline. Do not type them into a computer or photograph them to be printed. Do not take any digital copy of the seed.
However, if you want to get geographical freedom and have access to your recovery seed even from another country, you can protect your recovery seed with a randomized list.
Then you’ll be able to access your seed from anywhere, no matter where you are.
Choose a Strong Passphrase
See how to choose a strong passphrase which will protect your recovery seed well.
Store Recovery Seed And Passphrase Backups Separated
Never store your passphrase parts together with your recovery seed.
As the passphrase protects the recovery seed, they need to be stored in different places.
Ideally, also keep your 1st and 2nd passphrase parts separated.
Follow The 3-2-1 Backup Rule
Keeping backups of everything is a good idea in general, but it’s a must when it comes to cryptocurrency.
For most use-cases, the 3-2-1 backup strategy should be followed – it means having at least 3 total copies of your data, 2 of which are local but on different mediums/devices, and at least 1 copy offsite.
The two separate media means that if one is damaged in some way, the other is likely not. For example when you drop your hardware wallet in the drink, you can always use the recovery seed to recover your wallet on a new device.
And if your house burns down, it won’t matter how many backups you had. That’s why one copy of the backup should be stored offsite – for example, your parent’s house, deposit box or a lawyer’s or estate executor’s office.
When applying 3-2-1 backup strategy for hardware wallet backups, you can use these medium/storage options for your inspiration:
Monitor Your Canary/Decoy Wallet
Put a small amount of bitcoin (< $200) on your recovery seed only wallet while keeping the true bulk of value on the passphrase protected wallet.
Then monitor your “canary wallet” on balance change.
We’ll offer notifications on balance change feature soon.
Keep Checking Your Backups REGULARLY
Remember that security is more a process that a product.
Therefore schedule regular reminders to keep checking your backups regularly.
Be The ONLY One Having Access To Your Wallet
Don’t share both the recovery seed and passphrase with anyone.
It’s not about you’re not trusting your loved ones but the more people know both the recovery seed and passphrase the higher risk it’ll get compromised even not intentionally, by mistake.
On the other hand, DO NOT forget to schedule a recovery email to ensure that your trusted contacts will be able to access your assets within the recovery process one day you can’t.
Have A Second Clone Of Your Hardware Wallet
Having a second identical clone of your device will help you access your assets immediately without a need to order and wait for a new device.
More importantly, after creating this second wallet using your recovery seed backup, you can be double sure that your recovery seed backup is correct.
Purchase Hardware Wallet From a Trusted Source
There are scammers trying to sell you a fake device and steal your funds.
Therefore always order your device from a trusted source.
Never Use A Pre-initialized Hardware Wallet
There are scammers trying to sell you a device already pre-initialized with their recovery seed they know to steal your funds.
Therefore always initialize a new device and generate a new recovery seed only you know.
Never Use a Pre-selected Set Of Recovery Words
Never accept pre-selected recovery words. Always initialize a hardware wallet from a clean slate with on-device generation of new random recovery words. Anyone that knows the recovery words has complete control over the wallet.
Step #7: Relax And Enjoy Benefits
Your Recovery Seed Is Protected Even If Lost Or Stolen
As you protected the recovery seed with a strong passphrase, it’s safe even if someone finds or steal it. Without the passphrase, nobody won’t be able to access your funds.
You Won’t Lose Your Assets Neither In Case Of Accident Or Memory Loss
With the recovery/inheritance plan in place, your trusted contact will know how to help you access your assets in case you can’t due to an accident or memory loss.
You Won’t Leave Your Loved Ones With Nothing
Losing a loved one is already a huge loss by itself. Don’t add even more troubles for your close ones by leaving them with no assets.
Your Recovery Seed Only Wallet Is Your Canary/Decoy Wallet
The recovery seed only wallet is your canary/decoy wallet.
You can store a very small amount of bitcoin into this wallet and set notifications on balance change (we’ll offer soon). If the balance alters, you know your recovery seed words have been compromised.
It’s also your $5 wrench buffer (often called plausible deniability feature), which really would most likely be border control or attempted civil forfeiture.
You’ll Have Access To Your Recovery Seed Even From Anywhere
When protecting your recovery seed with a randomized list you’ll be able to access your seed from anywhere, no matter where you are.
How It Works In Practice – Simple Demo With Example
Original (full) PIN and Passphrase
1st Parts Written Down In First Part Form
We wrote down PIN 1st part and Passphrase 1st part into the First Part Form.
Then we handed over the form to John and Emma in sealed envelope.
2nd Parts Stored In Recovery Email
PIN 2nd part and Passphrase 2nd part are stored in the email:
If we don’t reset the waiting period in the next 3 months, the recovery emails will be sent.
Having both the First Part Form (containing the 1st parts) and recovery email (containing the 2nd parts), Emma and John will be able to access our digital assets following the recovery process.
Hardware Wallet Recovery Seed
Stored offline, written on a paper.
You can use Recovery Seed Form if needed.