This guide is written for US-based crypto holders using a hardware wallet for self-custody. If you are a beginner setting up your first device, or an intermediate holder planning long-term cold storage, you'll find practical, hands-on advice here. I believe a strong backup plan is as important as choosing a secure hardware wallet; the device protects your private keys, but the seed phrase is the master key.
If you want more on initial device setup, see the step-by-step setup guide: /setup-guide or the unboxing notes at /setup-unboxing.
BIP-39 defines how a seed phrase (also called a recovery phrase) is generated from entropy and turned into a binary seed that wallets use to derive private keys. The words are human-readable representations of fixed-length binary data. Short version: the device generates entropy (randomness), converts that entropy to a list of words, and those words map back to the binary seed used for private keys.
A few concrete details (so you understand trade-offs): 12 words represent 128 bits of entropy (plus checksum), while 24 words represent 256 bits. Both are cryptographically strong; brute-forcing either is impractical with today’s hardware. But more words mean more entropy and a bigger safety margin.
Note: an optional passphrase (often called the 25th word) sits outside BIP-39 and adds another secret factor. Read the dedicated guide on passphrases here: /passphrase-25th-word.
Which should you choose: 12 or 24 words? Short answer: it depends on risk tolerance and use case.
12 words (128 bits): Easier to transcribe, faster to type during recovery, and widely used by many devices. I found 12 words to be perfectly safe for small to medium holdings during my early years in crypto (2017–2019). But transcription mistakes are easier to make when rushing.
24 words (256 bits): Extra entropy and a longer margin against theoretical future attacks. The downside is human: 24 words take longer to copy and raise the chance of transcription error. For large, long-term cold storage, I prefer 24 words.
Which should you pick? Ask yourself: will you likely hold large balances for many years, or will you move assets periodically? If the former, lean toward 24 words. If convenience and quick recovery are priorities, 12 words is still secure for most people.
(Quick note: if you add a passphrase, you change the game — treat it like a second secret, because losing it often means permanent loss.)
Below is a practical comparison of common seed phrase storage methods.
| Method | Durability | Theft / Exposure Risk | Recovery Complexity | Best for |
|---|---|---|---|---|
| Paper (handwritten) | Low (fire/water/tear) | High (easy to copy/photo) | Easy | Short-term, quick setups |
| Metal backup plate | Very high (fire/corrosion resistant) | Medium (requires physical theft) | Medium | Long-term cold storage |
| slip-39 shamir backup | High (depending on shares) | Lower (needs threshold) | Higher (shares management) | High-value holdings, distributed custody |
| Split paper/secret splitting | Medium | Lower (if stored separately) | Medium | Family sharing / geographic redundancy |
| Cloud / password manager | Varies | Very high (online compromise) | Easy | Not recommended for self-custody |
Seed phrase storage should match your threat model. Metal backup plate and SLIP-39 are better for long-term preservation. But expect more complexity.
SLIP-39 uses Shamir’s Secret Sharing to split a single seed into multiple shares. You choose an (n, t) scheme: n total shares, t needed to reconstruct. Example: 5 shares with threshold 3 means any 3 of the 5 will rebuild the seed.
Advantages: you can distribute shares geographically (home safe, bank deposit box, trusted attorney) and avoid a single point of failure. Disadvantages: not all wallets support SLIP-39; recovery requires careful handling of shares and their order (if used). In my experience, slip-39 shamir backup is excellent for estate planning but adds operational complexity.
For an alternative to splitting a single seed, consider a multi-signature (multisig) setup — see /multisig-setups.
And yes, test restores before moving large balances.
But the most frequent human error is transcription mistakes. Slow down when you write the words.
Multisig spreads the signing authority across keys and reduces single-point-of-failure risk. For example, a 2-of-3 multisig means an attacker needs two keys to move funds. Multisig setups require wallet compatibility; check /multisig-setups for workflow examples.
Passphrases (the so-called 25th word) add a hidden layer: without the passphrase, the seed restores a different account. That provides plausible deniability but increases the chance of permanent loss if the passphrase is forgotten. Read more here: /passphrase-25th-word.
For inheritance, consider legal backup plans and professional advice: /legal-backup-considerations. I’ve seen cases where a clear, secured recovery plan saved heirs months of struggle.
Testing is non-negotiable. Restore the seed to a spare device or trusted software wallet and verify derived addresses match. Send a tiny test transfer to confirm the full flow. If you used a metal backup plate, verify legibility under different lighting and after simulated corrosion (salt spray or rubbing) if you want to be thorough.
What I've found: small test transactions and a full restore test expose transcription or encoding mistakes far faster than waiting until you need to recover under pressure.
Q: Can I recover my crypto if the device breaks?
A: Yes, as long as you have the seed phrase (and passphrase if used). See /recover-from-seed and /device-loss-recovery.
Q: What happens if the company that made my device goes bankrupt?
A: Your private keys live in the seed phrase, not with the company. You can usually recover on any compatible wallet (but check for proprietary formats). See /lost-device-company-bankrupt and /supported-coins-compatibility.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth increases attack surface compared with air-gapped or USB connections. For maximum safety, prefer a wired or air-gapped signing workflow. Read more at /usb-otg-bluetooth.
Q: Which is better: metal backup plate or SLIP-39?
A: They solve different problems. A metal plate protects against physical damage; SLIP-39 protects against single-location loss. Many high-value holders combine both.
Q: What if I forget my passphrase?
A: If the passphrase is lost, funds protected by it are effectively unrecoverable. Plan legal and operational controls carefully (see /legal-backup-considerations).
Seed phrase management is where security meets practicality. Both 12 and 24-word BIP-39 seeds are secure; your choice should reflect how long and how much you plan to hold. For long-term or high-value storage, use durable metal backup plates, consider slip-39 shamir backup for distributed custody, and always test restores.
If you haven't already, follow the step-by-step setup and test flow: /nano-s-setup-step-by-step and review recovery practices at /recover-from-seed. For a deeper look at storage strategies, see /cold-storage-strategies and /seed-backup-security.
Need a checklist to print and follow during setup? Grab the printable checklist in the setup guide and run through it slowly. Small care now prevents painful recoveries later.
And if you want help choosing which backup mix fits your threat model, check the multisig and legal planning pages linked above — or ask here and I’ll walk you through a scenario.