nano-s-plus-guide.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Seed Phrase Management — BIP-39, 12 vs 24 Words, Metal Backups

Yara Schreiber Yara Schreiber
Try Tangem secure wallet →

Seed Phrase Management — BIP-39, 12 vs 24 Words, Metal Backups

Who this guide is for

This guide is written for US-based crypto holders using a hardware wallet for self-custody. If you are a beginner setting up your first device, or an intermediate holder planning long-term cold storage, you'll find practical, hands-on advice here. I believe a strong backup plan is as important as choosing a secure hardware wallet; the device protects your private keys, but the seed phrase is the master key.

If you want more on initial device setup, see the step-by-step setup guide: /setup-guide or the unboxing notes at /setup-unboxing.

How BIP-39 works (seed phrase BIP-39)

BIP-39 defines how a seed phrase (also called a recovery phrase) is generated from entropy and turned into a binary seed that wallets use to derive private keys. The words are human-readable representations of fixed-length binary data. Short version: the device generates entropy (randomness), converts that entropy to a list of words, and those words map back to the binary seed used for private keys.

A few concrete details (so you understand trade-offs): 12 words represent 128 bits of entropy (plus checksum), while 24 words represent 256 bits. Both are cryptographically strong; brute-forcing either is impractical with today’s hardware. But more words mean more entropy and a bigger safety margin.

Try Tangem secure wallet →

Note: an optional passphrase (often called the 25th word) sits outside BIP-39 and adds another secret factor. Read the dedicated guide on passphrases here: /passphrase-25th-word.

12 vs 24 words: practical trade-offs

Which should you choose: 12 or 24 words? Short answer: it depends on risk tolerance and use case.

  • 12 words (128 bits): Easier to transcribe, faster to type during recovery, and widely used by many devices. I found 12 words to be perfectly safe for small to medium holdings during my early years in crypto (2017–2019). But transcription mistakes are easier to make when rushing.

  • 24 words (256 bits): Extra entropy and a longer margin against theoretical future attacks. The downside is human: 24 words take longer to copy and raise the chance of transcription error. For large, long-term cold storage, I prefer 24 words.

Which should you pick? Ask yourself: will you likely hold large balances for many years, or will you move assets periodically? If the former, lean toward 24 words. If convenience and quick recovery are priorities, 12 words is still secure for most people.

(Quick note: if you add a passphrase, you change the game — treat it like a second secret, because losing it often means permanent loss.)

Seed phrase storage options (comparison table)

Metal backup plate placeholder

Below is a practical comparison of common seed phrase storage methods.

Method Durability Theft / Exposure Risk Recovery Complexity Best for
Paper (handwritten) Low (fire/water/tear) High (easy to copy/photo) Easy Short-term, quick setups
Metal backup plate Very high (fire/corrosion resistant) Medium (requires physical theft) Medium Long-term cold storage
slip-39 shamir backup High (depending on shares) Lower (needs threshold) Higher (shares management) High-value holdings, distributed custody
Split paper/secret splitting Medium Lower (if stored separately) Medium Family sharing / geographic redundancy
Cloud / password manager Varies Very high (online compromise) Easy Not recommended for self-custody

Seed phrase storage should match your threat model. Metal backup plate and SLIP-39 are better for long-term preservation. But expect more complexity.

SLIP-39 (Shamir) backup explained

SLIP-39 uses Shamir’s Secret Sharing to split a single seed into multiple shares. You choose an (n, t) scheme: n total shares, t needed to reconstruct. Example: 5 shares with threshold 3 means any 3 of the 5 will rebuild the seed.

Advantages: you can distribute shares geographically (home safe, bank deposit box, trusted attorney) and avoid a single point of failure. Disadvantages: not all wallets support SLIP-39; recovery requires careful handling of shares and their order (if used). In my experience, slip-39 shamir backup is excellent for estate planning but adds operational complexity.

For an alternative to splitting a single seed, consider a multi-signature (multisig) setup — see /multisig-setups.

Step-by-step: How to backup a hardware wallet seed phrase

  1. Prepare: verify device authenticity and latest firmware before creating a seed (see /firmware-updates-bootloader and /supply-chain-authenticity).
  2. Generate on-device: let the hardware wallet generate the seed phrase. Do not import generated words from a computer. Hardware wallets use a secure element to hold private keys and produce entropy.
  3. Record the seed: write the words clearly on paper first, then transfer to a metal backup plate if using one. Read each word aloud as you write. I always verify twice.
  4. Verify: most devices ask you to confirm a subset of words during setup — do that. Then test a full restore on a spare device or a trusted software wallet (with minimal funds) — see /recover-from-seed.
  5. Distribute: store backups in separated locations (home safe, bank, trusted person). For SLIP-39, place shares in distinct locations.
  6. Do not: photograph seeds, store them in cloud storage, email them, or keep them next to your device. Those are common paths to theft.

And yes, test restores before moving large balances.

Common mistakes and how to avoid them

  • Buying a device from an unofficial seller (supply-chain risk). See /buying-safely-resellers.
  • Photographing the seed phrase (instant compromise).
  • Storing seed and passphrase together (defeats the purpose).
  • Skipping test restores — I once saw a metal plate with an engraving error that only surfaced during restore testing.
  • Relying on single-location storage (fire or theft can destroy or take everything).

But the most frequent human error is transcription mistakes. Slow down when you write the words.

Multisig, passphrases, and inheritance planning

Multisig spreads the signing authority across keys and reduces single-point-of-failure risk. For example, a 2-of-3 multisig means an attacker needs two keys to move funds. Multisig setups require wallet compatibility; check /multisig-setups for workflow examples.

Passphrases (the so-called 25th word) add a hidden layer: without the passphrase, the seed restores a different account. That provides plausible deniability but increases the chance of permanent loss if the passphrase is forgotten. Read more here: /passphrase-25th-word.

For inheritance, consider legal backup plans and professional advice: /legal-backup-considerations. I’ve seen cases where a clear, secured recovery plan saved heirs months of struggle.

Testing your backup (don't skip this)

Testing is non-negotiable. Restore the seed to a spare device or trusted software wallet and verify derived addresses match. Send a tiny test transfer to confirm the full flow. If you used a metal backup plate, verify legibility under different lighting and after simulated corrosion (salt spray or rubbing) if you want to be thorough.

What I've found: small test transactions and a full restore test expose transcription or encoding mistakes far faster than waiting until you need to recover under pressure.

FAQ

Q: Can I recover my crypto if the device breaks?

A: Yes, as long as you have the seed phrase (and passphrase if used). See /recover-from-seed and /device-loss-recovery.

Q: What happens if the company that made my device goes bankrupt?

A: Your private keys live in the seed phrase, not with the company. You can usually recover on any compatible wallet (but check for proprietary formats). See /lost-device-company-bankrupt and /supported-coins-compatibility.

Q: Is Bluetooth safe for a hardware wallet?

A: Bluetooth increases attack surface compared with air-gapped or USB connections. For maximum safety, prefer a wired or air-gapped signing workflow. Read more at /usb-otg-bluetooth.

Q: Which is better: metal backup plate or SLIP-39?

A: They solve different problems. A metal plate protects against physical damage; SLIP-39 protects against single-location loss. Many high-value holders combine both.

Q: What if I forget my passphrase?

A: If the passphrase is lost, funds protected by it are effectively unrecoverable. Plan legal and operational controls carefully (see /legal-backup-considerations).

Conclusion and next steps

Seed phrase management is where security meets practicality. Both 12 and 24-word BIP-39 seeds are secure; your choice should reflect how long and how much you plan to hold. For long-term or high-value storage, use durable metal backup plates, consider slip-39 shamir backup for distributed custody, and always test restores.

If you haven't already, follow the step-by-step setup and test flow: /nano-s-setup-step-by-step and review recovery practices at /recover-from-seed. For a deeper look at storage strategies, see /cold-storage-strategies and /seed-backup-security.

Need a checklist to print and follow during setup? Grab the printable checklist in the setup guide and run through it slowly. Small care now prevents painful recoveries later.

And if you want help choosing which backup mix fits your threat model, check the multisig and legal planning pages linked above — or ask here and I’ll walk you through a scenario.

Try Tangem secure wallet →