What’s a recovery phrase, and why do I need one?
Crypto wallets are where we store and manage cryptocurrencies and NFTs, and offer a way to access Web3 apps (or DApps). These wallets—and the assets they hold—are often the target of various kinds of fraud and outright theft. They also have no centralized authority managing access: Distributed ledgers require the agreement of everyone in the block chain to validate transactions and identity. For all these reasons, a different, more robust method of identification is required to manage access.
All wallets use a standard username / password combination for day-to-day access. But in cases of lost password, stolen wallet, asset import, or syncing between wallets, something beyond a password or even multi-factor authentication is required.
For these cases, you’ll use a recovery phrase.
In this short article, we’ll define what a recovery phrase is, why and when they’re used, and how best to store them.
What is a recovery phrase?
A recovery phrase (or “seed phrase”) is basically a human-readable form of your wallet’s private key—the unique, secret passcode used to authenticate and encrypt your wallet access. This phrase allows you to sign transactions and claim ownership of your wallet addresses, recover your wallet if it gets lost or damaged (in case of hardware wallets), or if the device you use to access your wallet gets lost, stolen, or becomes otherwise inaccessible.
Not that you’ll see this phrase only once, during account setup, and never again. So you must be sure to write it down, take a screenshot, add it to a password manager, or find some other way to keep it safe.
A recovery phrase is generally a list of 12 to 24 words randomly generated by your crypto wallet, and given in a specific order.
- The ordering of the words in a recovery phrase matters. It must be typed in the exact order in which you receive it.
- You’ll only see this phrase once during account setup, and never again. Be sure to write it down immediately before finishing wallet onboarding.
Why do wallets use recovery phrases?
Recovery phrases have several benefits over traditional passwords:
They’re generated by the wallet app, not the user, so there’s no password reuse
They’re random, so they’re much harder to crack, even by powerful computers
They’re not recorded by the company that makes or hosts the wallet, so there’s essentially zero risk of hacking
But, despite these benefits to account security, there is one major risk: Recovery phrases are non-recoverable, so if you forget the phrase, you’re locked out of your wallet (and any assets stored in it) forever.
Most people have poor password hygiene. This means they use very simple passwords (e.g. Mypassword), reuse passwords between apps, or use very subtle variations of the same password (e.g. Mypassword, Mypassword_1, etc). This puts people at risk, because once one of their passwords has been cracked, it’s easy for hackers to access all of the other apps on a user’s device.
To counter this, crypto wallets will randomly generate a unique recovery phrase for a user, to be used when: signing transactions and claiming ownership of a wallet address; recovering a wallet if it gets lost or damaged (in case of hardware wallets), or if the device you use to access your wallet gets lost, stolen, or becomes otherwise inaccessible (in case of software wallets). These recovery phrases have a level of randomness that makes it nearly impossible to crack.
Unlike passwords (which can be reset through a standardized reset flow), recovery phrases are non-recoverable. This means if you lose the recovery phrase you’re given upon creating your wallet, you’re locked out forever. The company who makes your wallet cannot recover it for you. There is technically no possible way for them to see it, as it’s not stored on their servers.
Readers note: Be sure to save your recovery phrase someplace safe, and that you’ll always have access to.
How should I store my recovery phrase?
However you choose to store your recovery phrase, you should consider these two things:
The phrase should be safe from other people
The phrase should be in a reliable location you’ll always have access to
Some people write their recovery phrase down on a piece of paper and store it in a safe deposit box. Others use a password manager like 1Password. Some even go so far as to etch it on a piece of metal, and bury it. Whatever way you choose, be sure it follows the two principles above: It’s safe from others, and in a reliable location you’ll always have access to.
Recovery phrases protect you, your wallet, and your crypto assets from loss or theft. They are much safer than traditional passwords, and are used in nearly all crypto wallets (and even some Web3 DApps). But their chief benefit—resilience to cracking and theft—can also be a major headache for users who lose this phrase.
Here are the most important things to remember about a recovery phrase:
It’s generated by the wallet app to ensure randomness and security
You’ll only see it once during account setup, so write it down immediately
The order of the words matters
It should be stored someplace safe and reliable
It’s non-recoverable—if you lose it, you’re locked out of your wallet forever
Ready to Brave the new internet?
Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.Download Brave