Backup Stack Guide to Storing Bitcoin Securely
Table of contents
- Store seed phrase with backup stack
– Step 1: Write down the seed phrase
– Step 2: Keep the seed phrase out of sight
– Optional Step 2.5: Enclose wallet information
– Step 3: In the security bag - Particularly good wallet configurations
– Single signature with passphrase
– 2/3 Multi Signature without Passphrase - video
Store Seephrase with Backup Stack
Needed
- Seaphrase
- Backup Stack
Step 1: Write down the seed phrase
Write down the Bitcoin seed phrase (also called recovery words) on the TerraSlate paper.
24 seed words
If you have 24 seed words, half is written on one side and the other half on the other side
Seed QR
If you have 12 seed words and have purchased the Seed QR template, you can copy the Seed QR onto the back.
How it works
Step 2: Keep the seed phrase out of sight
Now the seed phrase can be stored in the privacy envelope. To do so, remove the white foil and seal the envelope.
(Optional Step 2.5: Attach wallet information)
For more complex wallets with, for example, unusual address formats, derivation paths, or especially important for multi-signature wallets, you should/can include additional information about your wallet and also place it in the security bag.
Wallet features or wallet descriptor
For example, you can write down specific wallet features on a piece of paper and attach it to the backup stack
Or you can directly export all wallet information as a wallet descriptor, print it, and include it in the backup stack. (Highly recommended for a multi-signature wallet.)
The wallet descriptor can be used with software wallets such as the Sparrow Wallet export.
Uncle Jim Wallet PDF
Alternatively, an Uncle Jim Wallet PDF can be placed on the back so that the Bitcoin addresses of the wallet and the descriptor can be viewed and scanned without opening the security bag. However, this wallet PDF can only be used with Spectre Desktop be created.
Step 3: In the security bag
The envelope can now be placed in the security bag.
Then the security bag should be appropriately labeled. I recommend labeling the security bag and the tear-off strip with the wallet's name, date, and signature.
Alternatively, only the tear-off strip can be labeled to keep potential finders of the security bag, including its contents (backup stacks), in the dark. The security bag can then be sealed and the tear-off strip torn off.
The tear-off strip now contains all information, as well as the security number, with which possible manipulation of the security bag can be detected.
Storage security bag
The security bag should be kept in a safe place.
e.g. good hiding place, safe, bank deposit box
Storage tear-off strips
The tear-off strip should be stored in a different location and does not need to be stored so securely.
e.g. folder, drawer, box, digital as photo
Particularly good wallet configurations
Single signature with passphrase
Here, you have a seed phrase and an additional passphrase. Each should be written down at least twice offline and stored in different secure locations. I recommend this wallet configuration for most people because it's very secure but not complex.
Needed
- 3-4x Backup Stack
- Hardware Wallet (e.g. Specter DIY)
Step 1: Create a seed phrase
The seed phrase should be stored securely with a hardware wallet and possibly created with real life randomness 12 or 24 seed words are possible here. I recommend 12 seed words, as they are just as secure but easier to type. They also work with the Backup Stack seed QR template.
Step 2: Add passphrase
Next, you should create a passphrase. I recommend one that's easy to remember, but still contains at least ten characters, including lowercase letters, uppercase letters, and numbers.
Step 3: Seed phrase in the backup stack
The seed phrase should be written down twice, packed into a backup stack, and then stored safely in two different locations. The security number of the security bag should be kept separately in each case. (See procedure above). For fire protection or natural disasters, a steel wallet be taken into consideration.
Step 4: Store the passphrase
The passphrase should also be stored in multiple locations. One option is to memorize the passphrase extremely well and then store it in another secure location. Alternatively, the passphrase can be stored in two different secure locations. A good way to detect, just as with the Bitcoin seed phrase, if someone gains unauthorized access to the seed phrase is to put it in a backup stack.
Alternatively, it can be hidden or written in the password booklet or password manager. In this case, the security aspect mentioned above is not present, but not quite as many secure places are necessary.
How to act in case of problems
1. A seed phrase is destroyed by a natural disaster
2. Thief gets seedphrase access
If the seed phrase is compromised or the security bag is damaged or tampered with, a potential thief has access to your seed phrase. Since they don't have the passphrase, they can't move your Bitcoin.
Solution: With the second seed and passphrase, you still have control over your Bitcoin. Create a new wallet with your hardware wallet using a new seed phrase and the old seed phrase, and send your Bitcoin to the new wallet. If the "safe location" is no longer secure, you should change it.
This means that even if the potential thief gets hold of your passphrase later, he cannot move your Bitcoin.
3. Thief gets passphrase access
If you notice that a potential thief has access to your passphrase, you should act in a similar way to how you would if the thief had access to your seed phrase.
Solution: Create a new wallet with your hardware wallet using your old seed phrase and a new passphrase. If the "safe location" is no longer secure, you should change it.
2/3 Multi Signature without Passphrase
Here you have three seed phrases, two of which are always required to sign a Bitcoin transaction. Each seed phrase should be stored in a different, secure location.
Needed
- 3x Backup Stack
- a pure signing device like the Specter DIY or any three hardware wallets
Step 1: Create seed phrases
Create three seed phrases using your signing device alone, which you then write down on TerraSlate paper. Alternatively, you can use three complete hardware wallets. This option is more expensive but offers additional security. Using wallets from different manufacturers allows you to bypass the single point of failure that a single device could represent thanks to the multi-signature configuration.
Step 2: Keep passphrases safe
Write down each seed phrase once and store it in a backup stack in several secure locations. It's important to keep the security numbers of the bags separate to detect tampering. For additional protection against fire or natural disasters, consider a steel wallet. In most cases, three different seeds are sufficient. However, if you have enough secure locations, you can create another backup of your seed phrase and store it in another secure location.
Step 3: Store Wallet Desktop
To restore a multi-signature with only two of the three seed phrases, the wallet descriptor is required. To have this handy in case of an emergency, it should be printed out and included with every backup (stack).
Furthermore, it can also be saved digitally in a password manager, for example.
How to act in case of problems
1. A seed phrase is destroyed by a natural disaster
2. Thief gets seedphrase access
If the seed phrase is stolen or the security bag is damaged or tampered with, a potential thief has access to one of your three seed phrases. Since they don't yet have two of your Bitcoin seed phrases, they can't move your funds.
Solution: The Bitcoin can still be moved with the two remaining seeds. Since one seed phrase has been corrupted, you should create a new 2/3 multi-signature wallet. You can continue using the two remaining seeds, so you only need to create one new seed. Then you can send the funds to the new wallet.
