The Do’s and Don’ts of 12-Word Phrases and Private Keys

What are they and how can I keep them safe?

Disclaimer: The following article does not cover computer security practices or how to protect oneself from the most common threats and vulnerabilities found online. Exodus is a software wallet that connects to the internet and stores your digital assets on your computer. There are alternatives that keep your digital assets off of your computer and provide greater security than Exodus, such as hardware wallets.

When you download an Exodus wallet, it is your personal wallet. No one at Exodus has any control over it nor access to your funds. This is not so different in terms of ownership from the wallet in your back pocket or the purse over your shoulder. Our team of developers may have created and designed your wallet, but you own it. You are in 100% control of your funds.

Since you are in full control of your digital (crypto) assets, that sort of makes you a bank, for just yourself that is. If you’re going to be your own bank, you also have to be your own security guard.

While Exodus is designed with high-security standards, the truth is your wallet is only as safe as the computer it resides on and the security practices you follow. Have you ever seen a bank without physical and virtual security?

The fact is, there’s a responsibility that comes along with managing your own assets.

Private Keys

We all want to protect our money from theft. Since your funds are stored at addresses that live on the blockchain, it’s sort of like storing your money in online digital safes.

Like any safe, you need a combination or a pin code to access what’s inside. This is where your private key comes in. Like a safe’s combination, your private key unlocks your address giving you access to the funds stored there. Anyone with the address can make deposits into it, but only the person with the private key can make withdrawals.

Anytime you send an asset — like Ethereum — from A to B, your Ethereum private key is being used to unlock your ‘digital safe’ in order to manage your funds. It doesn’t really matter if someone finds your online digital safe because, without the private key, the contents of the safe are protected by 256 bits of cryptographic encryption!

Private keys aren’t as short and easy to memorize as a safe’s combination or pin. They’re designed to be long, complex, and impossible to guess. Every single one of your addresses has its own private key. That’s a lot to memorize! Especially when a private key looks like this:

Your Exodus wallet manages and encrypts your private keys on your computer. Create a unique password for your wallet that is not used anywhere else. The super-secret password that you create unlocks your wallet and allows you to use your private keys to confirm sent transactions without ever needing to expose, copy, or memorize them.

It’s important to note that a public address is derived from its respective private key. Anyone who has the private key, will by default have access to the associated address. Your private keys need protection.

Private key: Don’ts

There is little reason to export your private keys from Exodus since your 12-word phrase acts as the master key. Don’t touch them. Exodus encrypts them in a hidden folder on your computer, and they are best left alone.

If you absolutely must export your private keys, please be very careful and export them on a computer that you know is secure. Once you are done using them, delete the exported file and securely empty the recycle bin.

Today’s crypto landscape is full of airdrops and forked coins. One of the most common ways thieves can get you to give up your private keys is by posing as a legitimate wallet or website promising access to ‘free money’. Once thieves have your private key, they can access all the funds stored at the associated address.

Always be skeptical and NEVER import your private keys into any website or wallet without first verifying its legitimacy.

12-word phrase

When you go through the backup process in Exodus, you are given a set of 12 words as one of your restore methods.

This is how your Exodus wallet will display your 12-word phrase.

If you were to lose access to your wallet for whatever reason — a stolen computer, a failed hard drive, or accidental deletion — your 12-word phrase would restore access to your wallet. This 12-word phrase is the master seed — your private keys all rolled up into one, easily managed format. All of your private keys and addresses are derived from it. The 12-words are just as useful to you as to anyone else who can get their hands on them. They must be kept safe and remain a secret.

12-word phrase: Do’s and don’ts

Triple-check to make sure they are copied exactly as they appear in your Exodus wallet. They must be written in the correct order (the numbers denote the order), without any spelling errors, and no capital letters. What a nightmare it would be if after writing them down and keeping them safe for years, they do not work because of a misspelled word or because the sequence is wrong.

You never know if the ink will fade or if you will end up misplacing a copy. Keep both copies in separate physical locations.

If you print them from a printer that isn’t yours, you risk leaving a trail of the file in the printer’s memory. Ever print something from a shared office printer, and there are other people’s documents that get mixed up in there? These are often documents that get stuck in the printing queue and print later. It happens!

This could be a personal safe, a safety deposit box, or a secret compartment under your grandmother’s kitchenette. Hide your 12-words under the biggest mountain you can find wherever you think they will be safe from theft, loss, and potential damage from a fire, flooding, etc. You can even preserve them in steel for ultimate protection from the elements.

If you store them on your computer, they may be vulnerable to theft if you inadvertently download something malicious or become a victim of a hack.

Some customers have mentioned taking a picture of their 12-words with their mobile phone. While it may be true that mobile phones are quite personal and features like faceID or fingerprint technology make them pretty safe in case they are stolen, they are increasingly becoming a target for hackers. Modern mobile phones are basically handheld computers which makes them susceptible to many of the same vulnerabilities of desktop computers.

If you want the certainty and accuracy that a photo may provide, print the photo on a home printer or take a polaroid. Do not take a photo that later needs to be developed or printed at a business as this would expose your 12-word phrase and put your funds at risk.

Each of us has to strike our own balance between convenience and security, but there can be no compromise when it comes to being cautious about how and where we store our 12-word phrase or what we do with our private keys. Carelessness can be costly.

Want to learn more about how private keys work? Got 4 minutes? Watch this video! https://www.youtube.com/watch?v=67uW07QDHxE

Great article that explains private keys a lot more in-depth: https://bitzuma.com/posts/six-things-bitcoin-users-should-know-about-private-keys/

Key Questions

What other useful or creative ways have you discovered to copy and save your 12-word phrase? Why do you prefer this method?

Please reserve the Medium comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to: support@exodus.io