When a seed phrase is not enough

A seed phrase, also known as a mnemonic password, provides access to digital assets in a personal wallet and is generally resistant to hacking. Brute-force attacks using standard tools are virtually ineffective due to the 256-bit encryption protecting most mnemonic phrases.

However, even such complex combinations can be compromised, leading many inexperienced users to lose their assets. That's why mnemonic passwords require additional layers of protection.

1. Purchasing a hardware wallet

This is the simplest and most reliable method to protect digital assets. A hardware wallet is used for the cold storage of cryptocurrencies. It protects the seed phrase from phishing and other types of online attacks by utilizing a specialized security chip (Secure Element or SE), which isolates the mnemonic phrase from internet exposure.

Using hardware wallets is the only way to shield digital assets from phishing attacks and malware that may infect the user's device. Such threats most often affect hot wallets, including desktop, mobile, and browser-based wallets like MetaMask, Rabby, Phantom, Zerion, and others.

Additionally, many hardware wallets support extra security features such as:

• multisignature (multisig);
• Shamir Backup;
• passphrase.

There are numerous brands and models of hardware wallets, including Trezor One, Ledger Nano X, and Tangem 2.0.

Important: Always purchase hardware wallets from official resellers listed on manufacturers' websites. There is a risk of purchasing tampered or defective devices, which could result in asset loss.

2. Using multisignature

Multisignature (MultiSig) requires at least two mnemonic phrases to access a wallet's assets. This significantly strengthens security but complicates usability, making it more suitable for cold storage.

If only one seed phrase is leaked, access to the wallet remains impossible, thereby protecting against online threats such as phishing and malware. The most popular configuration involves three mnemonic phrases, requiring at least two out of three to access the assets. Other configurations, such as 3-of-5, are also possible.

It's essential to note that multisignature not only complicates storage and usage but also increases the risk of permanent loss. If two seed phrases are lost, recovery becomes nearly impossible.

Multisignature is supported by wallets like Trezor Model T, Ledger Nano X, Electrum, and others.

3. Adding a passphrase

A passphrase is an extension of the standard mnemonic phrase (BIP39). Users can create custom passphrases of any arbitrary length.

A passphrase can be made of standard words or any character combinations. The longer and more complex the phrase, the more difficult it is for attackers to guess, thereby increasing the overall security of digital assets.

Moreover, passphrases allow for the creation of an unlimited number of hidden wallets. Essentially, each unique passphrase combined with the main mnemonic generates a new wallet. The primary seed phrase can even serve as a decoy to divert attention, which is helpful in scenarios like theft.

Thus, passphrases not only increase security but also eliminate the need to generate a new mnemonic for each new wallet.

Passphrase functionality is supported by wallets such as Trezor, Ledger, Tangem, Bitbox, Safepal, and Electrum.

4. Two-factor authentication (2FA)

Two-factor authentication adds an extra layer of protection against unauthorized access.

Various forms of two-factor authentication (2FA) exist, including cloud-based protection. A third-party cloud service may offer multisig services, using an additional mnemonic as the second factor.

Two-factor authentication (2FA) can also be applied to protect access to wallet apps or web extensions. Hardware authenticators (U2F keys) provide secure, passwordless login for wallets and accounts.

These hardware tokens function similarly to Google Authenticator or Authy but generate codes in an isolated environment, protecting them from leaks. Currently, this is the most secure form of two-factor authentication (2FA) for accounts. However, if a U2F key is lost or damaged, access may be permanently lost. Experts recommend storing backup devices.

2FA can be enabled in wallets like Trezor Model One, ByBit Wallet, HolyTransaction, and BitGo.

5. Shamir Backup

Shamir Backup is a cryptographic method for protecting seed phrases by splitting them into multiple parts and securely encrypting each part.

Users define both the number of parts and the threshold required to restore access to digital assets. For example, splitting into five parts with a threshold of three means access can still be recovered even if two parts are lost.

Shamir Backup enhances both the security and resilience of seed phrase storage, guarding against loss or compromise. This method is supported by hardware wallets like Trezor and Keystone.