Crypto wallets are how we store and manage crypto assets and NFTs—and connect to decenetralized applications (DApps). These wallets—and the assets they hold—are often the target of various kinds of fraud and outright theft. (And self-custody wallets have no centralized authority that manages access.) For these reasons, a different, more robust method of identification is required to manage access to crypto wallets.
All crypto wallets use a standard username / password combination for day-to-day access. But in cases of lost password, stolen wallet, asset import, or syncing between wallets, something beyond a password or even multi-factor authentication is required.
For these cases, you’ll use a recovery phrase.
In this short article, we’ll define what a recovery phrase is, why and when they’re used, and how best to store them.
What is a recovery phrase and how does it work?
A recovery phrase (or “seed phrase”) is basically a human-readable form of your wallet’s private key—the unique, secret passcode used to authenticate and encrypt your wallet access. This phrase allows you to sign transactions and claim ownership of your wallet addresses, recover your wallet if it gets lost or damaged (in case of hardware wallets), or if the device you use to access your wallet gets lost, stolen, or becomes otherwise inaccessible.
- You will only see this phrase once during account setup and it’s important to keep it safe. Store it securely offline, like by writing it down on a piece of paper and locking it in a safe place. Don’t keep a digital copy on your device—that means don’t take a screenshot, write it in your Notes app, or add it to a password manager, for example.
- The ordering of the words in a recovery phrase matters. It must be typed in the exact order in which you receive it.*
A recovery phrase is generally a list of 12 to 24 words randomly generated by your crypto wallet, and given in a specific order.
Note: The ordering of the words in a recovery phrase matters. It must be typed in the exact order in which you receive it.
Why do crypto wallets use recovery phrases?
Recovery phrases have several benefits over traditional passwords:
- They’re generated by the wallet app, not the user, so there’s no password reuse
- They’re random, so they’re much harder to crack, even by powerful computers
- They’re not recorded by the company that makes or hosts the wallet, so there’s no central database that holds these sensitive phrases
Recovery phrases are more secure than human-generated passwords
Most people have poor password hygiene. This means they use very simple passwords (e.g. Mypassword), reuse passwords between apps, or use very subtle variations of the same password (e.g. Mypassword, Mypassword_1, etc.). This puts people at risk, because once one of their passwords has been cracked, it’s easy for hackers to access other apps or accounts that belong to a user.
To counter this, crypto wallets randomly generate a unique recovery phrase for a user, to be used when:
- Signing transactions and claiming ownership of a wallet address
- Recovering a wallet if it gets lost or damaged (in case of hardware wallets)
- If the device you use to access your wallet gets lost, stolen, or becomes otherwise inaccessible (in case of software wallets)
These recovery phrases have a level of randomness that makes it nearly impossible to crack.
The importance of keeping your recovery phrase safe
Despite all the benefits to account security, there is one major risk: Recovery phrases are non-recoverable, unlike passwords (which can be reset through a standardized reset flow).
This means if you lose the recovery phrase you’re given upon creating your wallet, you’re locked out of your wallet (and any assets stored in it) forever. The company who makes your wallet cannot recover it for you. There is technically no possible way for them to see it, as it’s not stored on their servers.
Note: Be sure to save your recovery phrase someplace safe, and that you’ll always have access to.
What’s the safest way to store a recovery phrase?
However you choose to store your recovery phrase, you should consider these two things:
- The phrase should be safe from other people
- The phrase should be in a reliable location you’ll always have access to
Some people write their recovery phrase down on a piece of paper and store it in a safe deposit box. Some users write down multiple physical copies of their recovery phrase, and store them in different secure locations. Some even go so far as to etch it on a piece of metal, and bury it.
Whatever way you choose, be sure it follows the two principles above: It’s safe from others, and in a reliable location you’ll always have access to.
Key points to remember about recovery phrases
Recovery phrases protect you, your wallet, and your crypto assets from loss or theft. They’re much safer than traditional passwords, and used in all self-custody crypto wallets (like Brave Wallet). But their chief benefit—resilience to cracking and theft—can also be a major headache for users who lose this phrase.
Here are the most important things to remember about a recovery phrase:
- It’s generated by the wallet app to ensure randomness and security
- You’ll only see it once during account setup, so write it down immediately
- The order of the words matters
- It should be stored someplace safe and reliable
- It’s non-recoverable—if you lose it, you’re locked out of your wallet forever