XDRIPACADEMY
Sign in

Lessons·Self-custody·9 min·Beginner

Seed phrase hygiene that survives a fire

The seed phrase is the master key to everything you own. Most people back it up wrong on day one and never revisit. Here is what surviving a real failure looks like.

The seed phrase is the most valuable string of words you will ever own.

Twelve or twenty-four ordinary English words, usually. They look harmless. They look like the kind of thing you scribble on a sticky note. They are not. They reconstruct every key, on every chain, that the wallet supports, and they do it from any compatible piece of software anywhere in the world.

That property is the entire point of the seed. It is also the entire problem. A backup that is good enough to rebuild your wallet from scratch is a backup that anyone holding it can rebuild your wallet from scratch.

This lesson is about how to keep that backup alive without letting it walk away from you.

Two failure modes, not one

Most beginners worry about exactly one failure: their seed gets stolen. Real seed-phrase hygiene plans for two failures, of equal weight, and they pull in opposite directions.

  1. Theft. Someone reads, photographs, or carries away the seed.
  2. Loss. Fire, flood, dementia, divorce, a forgotten location, a single piece of paper that no longer exists.

Almost every "best practice" you read addresses one of those without acknowledging the other. Cloud backups solve loss and create theft. Hiding a single paper copy in one place solves theft and creates loss. A serious backup system handles both, knowingly.

Key takeaway

Seed-phrase hygiene is not about preventing theft. It is about preventing theft and preventing loss, at the same time, while accepting that those two pull against each other. Every choice you make is a trade.

The rules that should not be controversial

Some practices are not trade-offs. They are mistakes. Avoid these without exception.

  • No photos. A picture of the seed in your camera roll is a picture in your iCloud, your Google Photos, possibly your laptop, possibly a partner's device that syncs the same library. The seed only has to leak once.
  • No cloud documents. A seed in a Google Doc, a Dropbox file, an iCloud note, an email draft to yourself. All of those locations are reachable by an attacker who compromises the corresponding account, and account compromise is an entire industry.
  • No password managers that sync over the internet by default. Some password managers can store secure notes offline. The default for most is cloud-sync. The default is the wrong choice for a seed phrase.
  • No screenshots, ever. Screenshots end up in the same places photos do. The wallet warning on the seed-display screen is not a suggestion.
  • No typing the seed on a screen that connects to the internet, except when restoring on a trusted device. Treat keyboard input like a public broadcast, because for malware it is one.

If you have already broken any of these rules, take a breath. You have not necessarily lost the funds. You have raised the risk. The right move is to generate a new wallet, transfer the funds to it, and back the new seed up correctly. The old seed, treated as compromised, gets retired.

The trade-off rules

These are the choices where reasonable people disagree, and where your specific threat model decides the right answer.

  • Paper, metal, or both. Paper survives until it does not. A house fire, a basement flood, a curious child, twenty years of attic humidity. Metal seed plates (stamped, not engraved with ink) survive everything except being carried away. Most serious holders use metal as the primary, paper as a temporary or secondary form.
  • One location or many. A single location is easy to remember and easy to lose all at once. Multiple locations spread the risk of loss but multiply the surface for theft. Splitting the seed across locations using a method like Shamir Secret Sharing (covered in the inheritance pillar) is the formal version of this trade.
  • Tell someone or tell no one. Telling no one is the most theft-resistant choice. It is also the choice that ends in lost funds when something happens to you. There is a whole inheritance pillar that exists because most holders never solve this part.
  • Passphrase or no passphrase. Some wallets let you add a thirteenth or twenty-fifth word that you choose. The passphrase is not stored with the seed. It creates an entirely new wallet on top of the seed. Powerful, but easy to forget. If you use one, you back it up the same way you back up the seed, in a different location, with the same care.
Watch out

A passphrase you forget is identical, from the chain's perspective, to a passphrase that never existed. The funds are not lost in a recoverable way. They are gone. If you choose to use a passphrase, write it down with the same discipline you write down the seed, and verify your recovery flow before any real money is at stake.

A backup that survives a fire

A specific configuration that is reasonable for a wide range of holders. This is not the only correct answer. It is one defensible answer.

  1. Generate the seed offline. On a hardware wallet, or on a clean device disconnected from the internet, that you trust.
  2. Stamp the seed on metal. Two metal plates, identical content. Stamped, not written in ink (ink fails, stamping does not).
  3. Place the plates in two separated locations. Home safe and a relative's safe. Home safe and a bank deposit box. The exact pair is a function of your trust map. The point is that no single house fire, theft, or natural disaster reaches both.
  4. Verify the recovery, once. Before you put any meaningful funds in, take one of the plates and restore the wallet on a fresh device. Confirm the addresses match. Then put the plate back. This is the step everyone skips. Skipping it is how people discover, years later, that one of the words was wrong.
  5. Document the location, not the contents. A note for your future self, or your spouse, or your executor, that says where the plates are and how to use them. Not what they say. The pillar on inheritance covers what that note should and should not contain.

That setup survives a house fire, a hard-drive failure, a stolen laptop, a compromised email account, and most physical break-ins. It does not survive a sophisticated, targeted attack on multiple locations at once, and it does not survive you forgetting to ever tell anyone where the plates are. The inheritance pillar handles the second of those. The first is a different threat model.

Drill: grade the backup

Six places people back up seed phrases. Click each one to grade it. The grades reflect what each option costs you when something goes wrong, not how easy it was to set up.

Drill · Seed backup, graded

Six places people back up seed phrases. Click each one to grade it. The grades reflect the threat model of a real holder, not the convenience of the moment you wrote it down.

Grades reflect what each option costs you when something goes wrong, not how easy it was to set up. Easy and durable rarely overlap on this list.

The thing you actually have to internalize

The seed phrase is the entire wallet. Everything else, the device, the app, the screen you are looking at right now, is replaceable. The seed phrase is not. Every minute of effort spent on backups that survive a real disaster is worth more than every minute spent buying the latest hardware. The hardware is a way to keep the seed cold. The seed is the asset.

Key takeaway

Plan for theft and loss together, not separately. Never put the seed on anything connected to the internet. Use metal where you can, multiple locations where the risk justifies it, and a passphrase only if you can back it up with the same discipline. Verify the recovery once, before any funds are at stake. The seed is the wallet, and the wallet is everything.

Track your progress

Create a free account to mark lessons complete and unlock pillar discounts.

← All lessonsHardware vs software wallets