Dogecoin developer warns about seed phrase security

Introduction

Everyone in the crypto space that uses a non-custodial wallet have a security issue to deal with - how to store their seed phrase. There are many ways to do this that are incorrect and many crypto users are doing it the wrong way. Whether it is for your phantom wallet or Metamask or other self-custody wallets, how safe your funds are is determined by how secure your seed phrase is stored. Because many are simply messing around with their seed phrase, a top dogecoin guy decided to repeat this warning about Seed phrase security.

The warning comes from Mishaboar who is respected within the dogecoin community as a top dev. He noted some popular wrong ways that crypto users have adopted to store their seed phrases and recommends industry best-practices for giving your seed phrase the highest security possible.

So in this article, I want to share his words with us and discuss why his recommendations are just as relevant as the assets in your crypto bag. For the interest of readers that are new in the space, I will also explain what a seed phrase is. To begin, below is the warning from Mishaboar:

Dear #Dogecoin:

Too many are keeping a backup of their wallet’s seed phrase into online password managers like LastPass.
Don’t do it. These centralized password services are an abomination. Store your seed phrase offline, in different safe locations.
And if you ever stored your seed phrase in one of these services, consider it as compromised and move your crypto to a new wallet. source

Seed phrase - understanding what it is

When you download a non-custodial wallet and create a wallet in it, you are given a set of words which are used to recover the wallet in case you are not able to access them again from that device. For example, the device might be lost, stolen or got damaged. In that case, you are not able to access the wallet in it. In that case, you need a way to reopen or access the wallet from another device and that is only possible if you have backed up your seed phrase.

A seed phrase is usually a group of words. The number of words that make up the seed phrase vary from wallet to wallet. While most standard non-custodial wallets have seed phrases with 12 words, others do have 8 or 24-word long seed phrases. Whatever the length is, your seed phrase helps restore the crypto wallet and allows the user to create a new private key.

It is very important to keep a seed phrase safe because it gives access to valuable digital assets stored in the wallet. Basically, only the wallet owner should have exclusive access to the seed phrase. If a seed phrase gets compromised, then the funds in a wallet are at risk of getting tampered with.

Now you want to appreciate why the warning to keep private keys very safe is super important. Now the question is: How do you keep the seed phrase safest? Lets start with the wrong ways to do it.

Common mistakes when saving your seed phrase

From the warning statement above by Mishaboar, you can easily see at least one wrong way - a popular one too - to back up your seed phrase. Putting them in online password managers. That would never be a good recommendation at all.

The problem with online password managers is that someone at the backend is seeing all the passwords submitted. It defeats the very purpose of non-custody which implies that only the only should be in possession of the seed phrase or password. The password manager stores your passwords on a centralized server and the admins in charge can see the passwords or in this case seed phrase.

In essence, submitting a seed phrase to an online service to keep them safe is endangering the very safety of that seed phrase. If the admins choose to become bad eggs, they can simply install your wallet in another device and use the seed phrase to access your funds. Even if the password manager admins maintain their integrity and choose not to tamper with the phrase, something else could happen.

Hackers target centralized web servers and try to break into them. The aim is to steal the confidential or sensitive data stored in them. Unfortunately, they have succeeded in doing that and users become victims. Now if your online password manager was compromised because of a hacking event, your seed phrase sitting in such servers could get stolen. So that is another reason not to save a seed phrase in password managers.

There are other wrong ways to save seed phrases and other passwords. Generally, any saving method that involves the internet should be avoided. This is because even the toughest internet service or location is susceptible to intrusion. It it is equally wrong to backup a seed phrase or any password in your email, social media account such as Whatsapp, cloud server, or other internet facilities.

Just as Mishaboar warned above, if your seed phrase is already saved in online location such as a password manager, consider it already compromised. Its best to immediately create a new wallet and transfer your cryptos to it. Then generate a new seed phrase and save it properly.

Keeping a seed phrase safe - best practices

Here are the two recommendations from Mishaboar and they are in line with industry best practices:

Have multiple back-ups: Since your seed phrase is the most important thing to keep your funds safe, you need more than one backup. This is because just one back up could fail and it becomes impossible to recover your funds. It is recommended that you have multiple copies of your seed phrase securely backed up in different locations. You must be sure that only you have access to those different locations where the seed phrase is kept.
All backups must be offline: There must be no internet connection at all for the device where the seed phrase is backed up. It must never have internet access forever. That is assuming you want to back up in a hard drive, memory sticks or on a computer. Here is what Mishaboar says about this:

It is fine to store it on ALWAYS offline devices, the problem is that the PC you use to type in the phrases should be 100% clean, which is very difficult to verify nowadays, also for experienced tech people. source

Even if the PC is offline while you type in the seed phrase, trojans have call home functionality which would send the data they logged while they were offline. source

One way to do it might be to get something like a fresh raspberry pi, install a fresh and safe OS, disable all wifi connections, use it to type your seed phrase in a file stored in the USB drive, and then wipe out completely the SD card, maybe even destroy it. source

Apart from using a device that is always offline to store your seed phrase, you can still write it down on a clean sheet of paper and store the file securely anywhere you deem ultimately safe.

The bottom line

Do not compromise the security of your most precious digital assets. Always stay safe. Back up your seed phrase or any passwords securely offline. That way, you avoid becoming the next victim of digital assets loss or compromise.

Note: Thumbnail is from pixabay

Posted Using InLeo Alpha

Sort:

Trending

[-]

beauty197 last month

Wow I never knew seed phrase saved on password Messenger can be compromised, tho because I always know that it's not safe to store my keys or seed phrase online I write them down and keep them safe offline.

But I think the major reason why people save online is to have it handy whenever they need it

What can be done if seed phrase is compromised?

0.27 VYB

1 vote

fokusnow last month

Its best to save them offline as you already did. Anywhere online is dangerous.

If a seed phrase is compromised, then you need to move your assets out of that wallet as fast as you can. That is assuming the funds have not been taken away by the second person with the seed phrase.

0.01 VYB

That's can be disasterious because hackers are not playing

0.00 VYB

You are right! Hackers continue to find ways to steal. So you have to stay ahead and remain safe.

ngobaby last month

I completely agree that storing seed phrases in online password managers is risky. Centralized servers can be hacked, and administrators might see your seed phrase, putting your funds at risk. The safest way to store a seed phrase is offline. Write it down on paper and keep it in a secure place, like a safe.

2 votes

You are absolutely right. Remember to create copies of the seed phrase so that you do not rely on just one backup. Anything can happen if you have just one backup.

rafzat last month

Hmm
I think the best thing in my little knowledge is to write down the seed phrase
That’s what I usually do

Yes, but have more than just one copy of the written seed phrase saved in different safe locations. With just one copy, unexpected events like fire outbreak could lead to loss. But with 2 or 3 copies of the key backed up in different safe places, its easy not to loose the wallet.

empressjay last month

Hackers are getting smarter by the day, previously we used to think storing things like this some online is the best but here we are. It is better safe than sorry. I wrote mine down in a lot of places I alone gain access to, I don't want stories that touch the heart.

hivebuzz last month

Congratulations @fokusnow! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

You got more than 15500 replies.
Your next target is to reach 16000 replies.

_{You can view your badges on your board and compare yourself to others in the Ranking}
_{If you no longer want to receive notifications, reply to this comment with the word STOP}

Check out our last posts:

	Our Hive Power Delegations to the May PUM Winners
	Feedback from the June Hive Power Up Day
	Hive Power Up Month Challenge - May 2024 Winners List

theringmaster last month

Absolutely good friend, having multiple backups ensures redundancy and security. It's really all about safeguarding those precious assets in the ever-evolving digital landscape. I loved this blog

Exactly, keeping them safe the right way. Dont back up keys or passwords online. Its never safe.

Wow ok good friend I'll take that advice 🥰😍😍

india-leo last month

This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.

Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.

_{100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited.}