#1 Purchase the device from a trusted source
This minimizes the risk of acquiring a counterfeit product or a device tampered with by a middleman.
#2 Never use a pre-initialized hardware wallet
Remember that new hardware wallets are always delivered empty without any seed.
Never use a pre-seeded/pre-initialized device!
The middleman may set up the device and record the seed.Then when you use it, they will steal all your funds because they already know the seed.
#3 Never use pre-selected recovery words
Never use pre-selected recovery seed words, only ones that you have generated on the device yourself.
If you receive a scratch card with 24 words, do not use them.
Anyone who knows the recovery words has complete control over the wallet and will be able to steal all your funds.
#4 Always create recovery seed backup
You need to use the recovery seed to regain access to your crypto assets if your hardware wallet is reset, lost, stolen, or damaged.
This means that the sequence of words that you wrote down is the key that gives you access to your crypto assets.
Therefore make sure you create a 100% offline backup of your recovery seed.
#5 Test your recovery seed backup to make sure it’s correct
By testing, you’ll make sure that your backups are correct, that you didn’t make any mistakes when writing your seed down, and that they will work when needed.
The recovery seed test is a one-time process and doesn’t take a long time.
#6 Never make a digital copy of your recovery seed
Do not ever store your recovery seed digitally!
Compared to physical media, digital media can be easily accessed by hackers.
Digital copies can be made without the owner noticing until it is too late.
#7 Make your backups fireproof/waterproof using a Cryptosteel
Another security measure some users take is to make a steel backup of the recovery seed.
You can purchase specific steel tables with tiles (e.g., Cryptosteel) that allow you to assemble your recovery seed.
These steel backups are resistant to fire, flooding, corrosive conditions, and impacts from accidents.
#8 Create an identical copy of your hardware wallet
If your device is lost, damaged, or stolen, having a second identical clone of your device will help you access your assets immediately without needing to order a new device.
More importantly, when creating this identical wallet using your recovery seed backup, you can make sure that your recovery seed backup is correct.
#9 Activate passphrase protection
Activate a passphrase to protect your recovery seed.
If you don’t use a passphrase, your recovery seed is all that is needed to access your coins.
You can read more about the passphrase security benefits from official Trezor and Ledger resources:
See how to choose a strong passphrase that will protect your recovery seed.
#10 Never store recovery seed together with the passphrase
The passphrase is used to protect your recovery seed.
This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well.
Therefore if you have a physical backup of your passphrase, never store it together with the recovery seed backup.
#11 Check your backups regularly
Even Elon Musk doesn’t know where he left his bitcoins!
Check your backups regularly when you reset your waiting period.
Also, Seedcret lets you set your confirmation period!
The confirmation period that you schedule for us to send a message to your trusted contact to make sure they still have the backups you gave them.
When they confirm that they have, you’ll get an email letting you know. You can also see what happened in the activity reports in your account.
#12 Create a recovery/inheritance plan for your crypto
A lot of money in crypto was lost because there was no inheritance plan in place:
Make your crypto assets recoverable so your close ones can access your crypto assets if one day you are unable to do so yourself.
You can use Google Inactive Account Manager together with Seedcret to create your recovery/inheritance plan.
Using these tools, you can create a customizable backup scenario to protect your digital assets.
#13 Setup an address monitor with notifications on balance change
You can use your “recovery seed only” wallet with a very small amount of bitcoin as your canary/decoy wallet.
Then you can set notifications on balance change on this wallet address.
Later, if someone finds your recovery seed backup and steals your coins, we’ll send you email notifications immediately after the balance change so you know your “recovery seed only” wallet have been compromised.
Once notified, you can move your funds from your main passphrase-protected wallet to a new, safe wallet.
#14 Follow the 3-2-1 backup rule
Keeping backups of everything is a good idea in general, but it’s a must when it comes to cryptocurrency.
For most use-cases, the 3-2-1 backup strategy should be followed. This means having at least three (3) total copies of your data, two (2) of which are local but on different mediums/devices, and at least one (1) copy offsite.
The two separate media means that if one is damaged in some way, the other will likely survive. For example, when you drop your hardware wallet in the drink, you can always use the recovery seed to recover your wallet on a new device.
But if your house burns down, it won’t matter how many backups you had. That’s why one copy of the backup should be stored offsite – for example, your parent’s house, a safe deposit box, or a lawyer’s or estate executor’s office.
When applying 3-2-1 backup strategy for hardware wallet backups, you can use these customizable backup scenarios for your inspiration.
#15 Be the ONLY one with access to your wallet
Don’t share both the recovery seed and passphrase with anyone.
It’s not about mistrusting your loved ones, but the more people who know both the recovery seed and the passphrase, the higher the risk it’ll get compromised—even by mistake.
On the other hand, DO NOT forget to schedule a recovery email to ensure that your trusted contacts will be able to find your crypto if you cannot access your wallet for whatever reason.