General information on mnemonic phrases, private keys, and wallet types
One of the fundamental concepts that everyone has to grasp in web3, is that of mnemonic phrases or seed phrases. In the context of the web3, these are a combination of different words that are used to access a unique set of private keys in a particular blockchain network.
When someone wants to own and control their crypto assets, they need to have their own public key, public address, and wallet address. The only way to ensure that that person is the only one who controls the funds held in a wallet is to generate the private keys.
To do so, requires that the person has a randomly generated mnemonic phrase/seed phrase. These are usually 12 words or 24 words long and will be used to access the private keys which are used to unlock all assets and funds within an address in a particular blockchain network.
For example:
never gonna give you up never gonna let you down never gonna run around and desert you never gonna make you cry never gonna say goodbye never gonna tell a lie and hurt you
*The example above does not contain valid words since they do not belong to a predefined wordlist of 2048 words*
Once these 12 or 24 words are used to generate the private keys, a public address is then in turn, generated.
This public address is that is used to both send and receive assets and funds is will be publicly listed on the blockchain with its respective transactions.
The key significance of having a private key, is that the user needs to have access to them in order to send funds out of the respective address. Otherwise, no one can send funds out of it or sign any transaction.
As such, it is of paramount importance that everyone in the web3 space protects and safeguards both their mnemonic phrases and private keys.
There are a variety of ways of ensuring that access to a given address is secured, such as writing down the seed phrase in a piece of paper in the same sequence how it was generated and used to access the private keys and storing them in a secure physical location and never in a device that is connected to the internet.
Again, there are security aspects to safeguarding these mnemonic phrases which a user has to access and might include having to put this piece of paper in a fire and water resistant lock box as an additional layer of security.
Users must also be mindful that a very high level of security may also be detrimental to its intended purpose since it might lead to an unforeseen scenario where the seed phrase may be irretrievable, for example, if someone separates their 12-word phrase into 6 pieces which are then stored in multiple random locations only to have one of these locations subject to a disaster and hence make the given segment of the phrase unrecoverable, which by consequence would make access to the private keys impossible.
A basic golden rule in the web3 space is that of never under any circumstance, must a user give or share their seed phase with someone else, no exceptions. This is because when someone else has your seed phrase, this person can also access all assets and funds held within your address and therefore, can easily drain the entirety of your assets. There is also no business or technical purpose for doing so other than using your address to sign transactions and move assets and funds out.
There are different wallets that users can use to store their assets. And while there are many brands of wallets that have different features, we can divide these into several categories as follows:
Hot wallets, are those that are connected to the internet such as brower wallets like Metamask and Polkadot.js and are widely used due to their convenience and interoperability with applications and websites, but are always at risk of being compromised by way of malware or by connecting to a website where attackers lure victims who connect their browser wallets in order to drain their funds.
Cold wallets, on the other hand, are never connected to the internet, and therefore are more secure since the private keys remain hidden from the internet. Some examples of these include paper wallets which have their public and private keys printed on a piece of paper in the form of a QR code, and hardware wallets such as Ledger or Trezor which have good security features.
Both wallet types have their pros and cons. For example, paper wallets might get smudged or have coffee spilt over, and hardware wallets might become inaccesible due to the user forgetting pieces of their security layer needed to access them such as forgetting the pin number. In addition, these cold storage wallets are also subject to physical theft, and in some instances, users may be a target of a violent act if a culprit is aware that such an item is in the possession of a user.
In conclusion, generating a mnemonic phrase is the first step in order to have a public address that can be used to engage in the web3 in a variety of forms. But doing so requires careful thought on how to safeguard this critical piece of information and always being cognizant that there are actors that are constantly seeking vectors of attack where they can steal funds from users.
Special credit to maarmapa for the infographics
