Back Up
Remember that anyone who gains access to your mnemonic phrase/private Key can steal all your Bitcoins, so be sure to back up responsibly. Now let's learn how to safely back up your wallet.
Mnemonic Phrase / Private Key
When we talk about backing up a wallet, we are essentially talking about backing up the mnemonic phrase (or the private key. For convenience, we will use the mnemonic phrase in the following). Most mnemonic phrases can be categorized as follows:
Plain Text
With Password
Multi-signature
Shamir's Secret Sharing, or SSS for short
Plain Text, Plain text is easy to understand. Once you have those 12 English words, you own the assets in the wallet. You can consider doing some special shuffling, or even replace one of the words with something else. Both would increase the difficulty for hackers to hack into your wallet, however, you would have a big headache if you forget about the rules. Your memory isn't bulletproof.
With Password, According to the standard, mnemonic phrases can have a password. It's still the same phrase but with the password, a different seed phrase will be obtained. The seed phrase is used to derive a series of private keys, public keys and corresponding addresses. So you should not only back up the mnemonic phrases, but also the password. Btw, private keys can also have a password and it has its own standards, such as BIP 38 for bitcoin and Keystore for ethereum.
Multi-Signature, As the name suggests, it requires signatures from multiple people to access wallets. It's very flexible as you can set your own rules. For example, if there're 3 people have the key, you can require at least two persons to sign to access the wallets. Each blockchain has its own multi-signature solution. Most well-known Bitcoin wallets support multi-signature.
SSS, Shamir's Secret Sharing, SSS breaks down the seed into multiple shares (normally, each share contains 20 words). To recover the wallet, a specified number of shares has to be collected and used. For details, refer to the industry best practices below:
https://guide.keyst.one/docs/shamir-backup https://wiki.trezor.io/Shamir_backup
Using solutions such as multi-signature and SSS will give you peace of mind and avoid single-point risks, but it could make management relatively complicated and sometimes multiple parties will be involved. There is always a compromise between convenience and security.
Encryption
Encryption is a very, very broad concept. It doesn't matter if the encryption is symmetric, asymmetric or uses other advanced technologies; as long as an encrypted message can be easily decrypted by you or your emergency handling team easily but nobody else after decades, it is good encryption.
Based on the security principle of "zero trust", when we are backing up wallets, we have to assume that any step could be hacked, including physical environments such as a safe. Keep in mind that there is no one other than yourself who can be fully trusted. In fact, sometimes you can't even trust yourself, because your memories may fade away or misplaced.
When backing up, special consideration must be given to disaster recovery. The main purpose of disaster recovery is to avoid a single point of risk. What would happen if you are gone or the environment where you store the backup is down? Therefore, for important stuff, there must be a disaster recovery person and there must be multiple backups.
Let's take a look at some basic forms of backup locations:
Cloud
Paper
Device
Brain
Cloud, Many people don't trust backup on Cloud, they think it is vulnerable to hacker attacks. At the end of the day, it is all about which side - the attacker or the defender - put in more effort, in terms of both manpower and budgets.
If you do decide to choose cloud storage, ENCRYPT your data before sending it to the cloud. I strongly recommend mastering GPG. It can be used for the "signature verification", and provides strong security of encryption and decryption in the meantime. You can learn more about GPG at:
Never lose the private key to your GPG or forget the password of the private key.
If you want to save some effort, there is another possibility but its security may be discounted. That tool is 1Password. The latest version of 1Password already supports direct storage of wallet-related data, such as mnemonic words, passwords, wallet addresses, etc., which is convenient for users. Other tools (such as Bitwarden) can achieve something similar, but they are not as convenient.
Paper, Many hardware wallets come with several high-quality paper cards on which you can write down your mnemonic phrases (in plaintext, SSS, etc.). In addition to paper, some people also use steel plates (fire-resistant, water-resistant and corrosion-resistant, of course, I have not tried those). Test it after you copy over the mnemonic phrases and if everything works, put it in a place where you feel secure, such as in a safe. Paper has a much longer lifespan than electronics.
Device, It refers to all kinds of equipment; electronics are a common type for backup, such as a computer, an iPad, an iPhone, or a hard drive, etc, depending on personal preference. We also have to think about the secure transmission between devices. Using peer-to-peer methods such as AirDrop and USB where it is difficult for a middleman to hijack the process. Electronic equipment may break down after a couple of years, so maintain the habit of checking the device at least once a year.
Brain, Relying on your memory is exciting. In fact, everyone has their own "memory palace". Memory is not mysterious and can be trained to work better. There are certain things that are indeed safer with memory. Whether to rely solely on the brain is a personal choice. But pay attention to two risks: firstly, memory fades away as time goes and could cause confusion; the other risk is that you may have an accident.
Now you are all backed up. Don't encrypt too much, otherwise you will suffer from yourself after several years. According to the security principle of "continuous verification", your encryption and backup methods, whether excessive or not, must be verified continuously, both regularly as well as randomly. The verification frequency depends on your memory and you do not have to complete the whole process. As long as the process is correct, partial verification also works.
Backup Solutions
Last updated