The best ways to protect the seed phrases of your Bitcoin wallets

How to avoid someone stealing your Bitcoin after physical access to your seed phrase.

Even if you have the best hardware wallet, you have a single point of insecurity: the seed phrase. Anyone with physical access could use it and gain complete control of your funds!

So, here we introduce 4 ideas you can use:

• Shamir Backup & Seed XOR split your seed phrases into multiple parts, that you need to store in different locations.
• Passphrase lets you create a password needed in combination with the seed phrase to access your funds. So you can locate your seed phrase in one place and your passphrase in another different location.
• Multi-sig allows having multiple devices that need to sign each transaction. In this case, you will have at least one seed phrase per device, so you can store them in different locations.

Shamir Backup

Shamir’s secret sharing (SSS) is a cryptographic technique formulated in 1979 by the Israeli cryptographer Adi Shamir. The essence of Shamir’s scheme lies in the ability to back up, share and recover a secret by breaking up the secret into multiple shares that are individually useless and leak no information about the secret or the scheme setup.

You can choose how many recovery shares you want to generate, and decide how many of them you want to use for recovery. Individual shares do not leak any information about the shared secret, as long as the number of compromised shares does not reach the required threshold. For example, if you use a 3-of-5 scheme and 2 of your shares get compromised, the attacker has no chance to reconstruct your wallet and cause trouble.

Applying Shamir’s secret sharing to your seed phrase is a good idea because it increases your security and also gives you the ability to better support inheritance planning.

Here you will find all the hardware wallets supporting Shamir Backup. It is not common to find this feature on software wallets. For those cases, you could use this tool: https://iancoleman.io/shamir/. Use it carefully, this tool has been designed to be used offline.

Seed XOR

Seed XOR is a technique that consists of storing secrets in two, three, or four parts that look and behave just like the original secret. One 24-word seed phrase becomes two or more parts that are also BIP-39 compatible seeds phrases. These should be backed up in your preferred method, metal or otherwise. These parts can be individually loaded with honeypot funds as each one is 24 words, with the 24th being the checksum and will work as such in any normal BIP-39 compatible wallet.

The Coldcard Mk4 & Coldcard Q hardware wallets implements this kind of split.

Passphrase

Passphrase is an optional feature of some wallets that allow users to create hidden wallets. Passphrases serve as a function of second-factor protection of the recovery seed and are an ultimate protection against attacks involving physical access to the device or the recovery seed.

Passphrase — the ultimate protection for your accounts

There is no such thing as an “incorrect passphrase” and you can create an unlimited number of wallets. This can be quickly turned to your benefit when you decide to redistribute your balances to give you a “cover”.

Consider leaving some pocket change, funds you would use for smaller everyday purchases, on your unprotected account (just the PIN, no passphrase). Then, move a moderate chunk of your savings under a passphrase of your choosing. Lastly, you can move the greater part of your balance to a completely different passphrase.

In a situation where you are physically threatened by burglars, border security agents, or pretty much anyone else, you can now safely give up your PIN number (which can be changed anyway). If the assailants keep you under duress and demand a passphrase, you can give out the one with the lesser amount.

So, if you have a passphrase enabled, you can locate your seed phrase in one place and your passphrase in another different location.

Multi-sig

Bitcoin multi-sig allows having up to 15 possible signers to approve any transaction.

When using multi-sig, you will have at least one seed phrase per signer, so you can store them in multiple locations.

Here you have some hardware wallets that support multi-sig on Bitcoin (PSBTs):

Hardware Wallets with Bitcoin Multi-sig (PSBTs) support

Which is the best option?

All the alternatives presented here are excellent options to increase your security. According to the kind of wallet you use, you can pick one or a combination of them. The recommendation is to use Shamir or Seed XOR + Multiple Passphrases.

If you are a more advanced user, you could use Multisig.

Here there is an article explaining why Multisig is better than Shamir:

Shamir’s Secret Sharing shortcomings

If you want to learn more about this topic, I recommend this useful guide:

The ultimate guide to storing your bitcoin seed phrase backups — Unchained Capital

Visit our Website

With so many hardware wallets on the market, it can be challenging to choose the right one for your needs. That’s where our Hardware Wallet Comparison TheBitcoinHole.com website comes in. You will find the most comprehensive and honest resource for comparing the features of the top hardware wallets.

Support Us

There are different ways to support our work:

• With Bitcoin Lightning using Alby.
• With PayPal or a credit card using Ko-fi.

Related Articles

If you enjoyed this article, you might get value out of these as well!

Bitcoin Self-Custody Best Practices

Bitcoin Inheritance Planning

How to set up a Bitcoin Node with Umbrel on a Raspberry Pi 5