Bitcoin security tips
Keeping your recovery seed safe will ensure access to your funds no matter what happens.
Published in · 9 min read · Sep 1, 2021
Hardware wallets are the only thing you need to secure your Bitcoin, but that doesn’t mean they are a single point of failure should yours get lost, damaged or stolen. In this guide, we’ll cover how to make sure that a broken hardware wallet doesn’t spell the end of your hodl. Thanks to industry-wide backup standards which SatoshiLabs helped create, you should never need to fear losing your funds.
Remember, your Trezor holds the keys to your cryptocurrencies, not the coins themselves. The coins persist on the network and you need access to the keys to move them. As long as you have your 12 or 24 word recovery seed backed up in physical form, you can always regenerate your keys, even if your Trezor is out of service.
Contents:
- Protect your seed above all else
- Keeping your hardware wallet safe
- How to destroy a hardware wallet
- Recovering funds from a broken hardware wallet
- Making secure backups
- Disaster-proof your Bitcoin
- Secure your crypto inheritance
While no-one wants to lose or damage their Trezor, your coins can always be recovered as long as your seed is kept safe. Even if you decide not to buy a new device, you will be able to recover your funds thanks to the BIP39 recovery seed standard, an industry standard that SatoshiLabs helped create to allow your seed to be loaded into any compatible wallet.
This means you can recover your funds using hardware, software or browser-based wallets without being locked to one manufacturer.
Protecting your seed is the most important step in securing your assets. It must never be digitized or come into contact with a network. The best way to store your seed is to stamp your words in metal or another hard-wearing physical material and then place it in a secure location that only you have access to. You can verify that the seed has been backed up correctly by performing a dry-run recovery — this will prompt you to confirm certain parts of the seed without revealing the whole thing.
What is a seed, anyway?
A seed, often referred to as a recovery seed, mnemonic seed or seed backup, is simply a human-readable representation of a big random number. This number is practically impossible to guess because it is so large, and it is used to calculate all the public and private keys that you access using your wallet.
Seeds are the foundation of wallets and are used to calculate all the keys and addresses you use to manage cryptocurrencies. A seed created using the BIP39 standard can be recovered to any other wallet that also supports the standard, so your coins, transactions and addresses can still be accessed even if the company that created the wallet no longer exists.
How about storing your recovery seed with the safety of aerospace grade stainless steel?
Yes. With the launch of the Trezor Keep Metal, we have created a backup solution that ensures the safety of your recovery seed under any conditions. Think waterproof, resistant to acid, alkali & chemical corrosion, extreme-temperature resistant. The Trezor Keep Metal makes wallet backup a breeze, thanks to its simple four-letter entry system, reducing the risk of misreading your recovery seed.
The best way to protect your assets is to keep your Trezor hardware wallet in good condition. With proper care and handling, a Trezor device should last many years of regular use. Here we’ll cover some tips for keeping your Trezor in working order.
Store it safely and securely
Trezor hardware wallets provide you with an easy way to access your crypto without the risks of using a mobile or software wallet. By generating and storing your seed offline, Trezor wallets ensure that there is no way for an attacker to steal your keys over a remote connection. Being careless with where you leave the device itself, however, raises different security risks.
When not in use, it is best to keep hardware wallets in a physically secure location such as a home safe. This not only prevents flatmates or burglars from getting their hands on your device, but it can add another layer of protection from the environment. Even though Trezors are pretty durable, fire, flood and dirt can all affect usability of your device so a secure storage place will keep your device working better for longer.
Get a protective case
SatoshiLabs sell specially-made protective cases for Trezor hardware wallets, made from high-grade silicone. These are ideal for protecting your device if you tend to use it every day, preventing buildup of dust and grease and insulating the device from knocks, scratches and other damage. Paired with a Trezor lanyard and PanzerGlass screen protector (available only for the Trezor Model T), you can be more confident in using your device on-the-go without worrying about losing access to your coins.
Use multiple devices
The seed that is stored on your Trezor can be loaded into other devices and be used simultaneously. To make sure you can access to your funds no matter what happens, you can use the same seed on multiple devices and store them separately. This way, even if your Trezor is stolen you will be able to quickly move funds to a new, safe address secured by a different seed.
Trezors don’t float. Nor do they like extreme temperatures, humidity, salt, dirt, or any of the other elements that degrade electronics. Treat your Trezor with the same care you’d give to your smartphone or other devices.
Both Trezor models are built slightly differently and therefore have different tolerances. The Trezor Model One is particularly robust due to being made of fewer components while the Trezor Model T is a bit more vulnerable to damage because the touchscreen is exposed.
Trezor devices will last for years under normal conditions, so take care not to leave them anywhere they might get wet or overheat. As mentioned above, you can always purchase accessories such as a screen protector or silicone case to minimize the risk of accidental damage.
Trezor hardware wallets should not be taken on boating trips. If they are dropped overboard, they will sink and fill with water, making them permanently unusable. If you plan to take a boat trip, make sure your seed is kept secure at home so there’s no risk of permanently losing access to all your coins and not being able to account for them.
If your device has been destroyed or lost, you will need your recovery seed and somewhere to load it, such as a new Trezor hardware wallet. Once you have both of them physically in your hands, you can start the recovery process. Using Trezor Suite, this is made very easy, though the specifics are slightly different for each Trezor model
Trezor Suite will recognize your new device and take you through the onboarding process. Once firmware has been installed, you will be asked whether to create a new backup or to recover from an existing one. Choose a recovery method and state how many words are used by your recovery seed, then follow the steps shown in Trezor Suite. While the methods differ slightly depending on your preference and device, they are all secure.
You will be prompted to enter your recovery words either using your computer or solely using your device. Always confirm the recovery prompts using the Trezor and never enter seed words directly into a computer without first being prompted to do so by your Trezor. Be aware that some words may look similar to others, so if you encounter any errors it may be due to a typo. Once you have finished entering the seed words, your keys will be recovered and all your funds should reappear in Suite. If they don’t, you may have set a passphrase.
Having a backup of your keys is the only way to ensure that future you will be able to access them, no matter what happens. When you set up your Trezor for the first time, you will be prompted to create a backup. This step is not optional: if you skip it, it will not be safe to transfer coins to an address created by your device.
To create a secure backup, simply follow the instructions presented to you in Trezor Suite and on your Trezor device. The process is simple: you will be shown a list of words in a specific order, which you should copy by hand onto paper or another physical medium. Never create a digital copy. Once they have been written down you will need to verify that they were copied correctly before you will be able to use the device.
While you must keep your Trezor secure, the PIN will offer some protection from anyone who happens to find it. That is not the case for your seed. Always keep your seed under lock and key — anyone who finds your seed can simply load it into a compatible wallet and take control of your funds, unless you also use a passphrase.
While a BIP39 recovery seed will provide a lifeline if you lose your wallet, it is also vulnerable to the environment and can be easily lost or destroyed if not treated carefully. Improving on BIP39, SatoshiLabs created another standard which can be used on the Trezor Model T: Shamir backup (SLIP39), also referred to as Advanced backup in Trezor Suite.
Shamir backup mitigates the risk of losing one’s recovery seed by securely splitting it into multiple shares. Each share created by this process is unique, and must be combined with other shares until a certain threshold number (set by the user) is reached. Only then can the wallet be recovered.
There are many advantages to using Shamir backup. First, as mentioned, is that it can prevent loss or damage of the seed: by storing shares in different places they are each exposed to different risks, meaning there is a good chance you will always have enough in usable condition to meet the threshold to recover your wallet, even if some are destroyed, lost or stolen.
Secondly, Shamir backup offers much more flexibility over how you manage your funds. When creating a Shamir backup, you can generate up to 16 unique shares and require any number of them as a recovery threshold. This lets you tailor the recovery process to your needs.
In general, it is better to keep this simple. The recommended setup is a 3-of-5 scheme, where five shares are generated and three are used for recovery. This way you can tolerate loss or destruction of two shares and will still be able to recover your coins. For even more resilience, consider the Shamir HODL pack, which comes with five steel capsules on which to store each share.
One of the questions most overlooked by crypto hodlers is “What will happen to your bitcoin if you die?”. It is an important — if uncomfortable — question to ask, but one which a good backup strategy can provide the answer for.
From a security perspective, it may seem contradictory to think about giving access to your wallet to other people, but there is actually no need to compromise security if approached correctly.
There are a number of ways to ensure your loved ones will be able to access your holdings after you pass. Shamir backup is particularly useful in this case, as you can arrange for the location of shares to be passed on to your next of kin through different channels without ever compromising the location of a threshold number at once. For example, you may deposit one share with your heir, one in a bank vault that will be transferred to them upon your passing, and then provide instructions for locating the third in your will.
Another option is to use what’s known as a dead man’s switch. This is used to describe any mechanism that triggers if not interacted with for a certain time period. Using Locktime, a Bitcoin feature included in Trezor Suite, you can schedule a transaction six months or one year into the future, and then renew it if you are still alive by the time the transaction is due to be sent.