Securing your funds is one of the most essential skills of a hodler. We’ve seen time after time that big custodial exchanges aren’t immune from getting hacked (Mt. Gox, anyone?), and thus it’s critical to your financial sovereignty that you control your funds. As they say: Not your keys, not your crypto.
With that freedom, comes a lot of responsibility.
That responsibility extends from two main threats: theft and catastrophic loss. Luckily, KeepKey has built a beautiful hardware wallet, designed specifically to help you protect your keys from unauthorized use. With its simple, safe, and secure design, you’ll have the confidence you need to be sure your private keys are protected and in your hands.
But what happens when they aren’t secure? Have you protected your keys from fire, flood, or other natural disasters? Given that your seed phrase is your money, backups are critical. A good recovery strategy doesn’t have to be complicated, but it does require these steps at a minimum:
- Backup early
- Backup often
- Backup offsite
- Backup securely
- And most importantly, test your recovery strategy
With recovery seeds, we highly recommend not storing them electronically, even if you encrypt them. That’s because an air gap is much harder to bridge, and prevents offline attacks. The best backup is a physical one, stored securely. We recommend storing the first four letters of each of the words in your recovery sentence on a Steely, or a Cryptosteel. Place the configured Steely in a tamper-evident bag, and store it in a safe. This is your primary backup. This protects you if something unfortunate — or the worst — happens, and your wallet gets wiped during an update or it gets lost or damaged. With this backup, you can restore your seed onto another device without much time or friction, and be on your merry way.
The next step to backing up your seed is to store it somewhere “offsite.” For different people, this may mean different things. For example, you may want to initialize a second KeepKey with the same seed and hand it to a friend for safekeeping. If they don’t know your pin, they won’t be able to take your funds, but you’ll be protected from disasters (think house fires, floods, etc.). Redundancy is key here. For the paranoid and security conscious, store this one in a tamper-evident bag as well. Be sure to test this second device every few months, since flash isn’t designed for long-term storage.
The problem with relying entirely on electronic backups is that flash isn’t reliable for long term storage. Most flash isn’t designed to store things longer than 5–10 years. For something so critical to accessing your money, you want to be damn sure you can recover it if something goes wrong, and that’s where physical backups come in.
On that note, some folks may decide they’re comfortable with storing a second physical backup (Steely, Cryptosteel, or hand-written on paper) in a safe deposit box at a bank. We only recommend doing this if you use BIP39 Passphrases a.k.a. a “25th word” with your seed. That way you’re protected, even if the bank screws up and opens the wrong deposit box.
How you decide to store your keys is up to you. Ultimately, that’s the only thing that makes them yours.