Manual backup / Recovery phrase
Manual backup of the recovery phrase has been the most common private key management scheme by far since its proposal with BIP39 in 2013. If you have used any non-custodial bitcoin application you are likely to have experienced the onboarding requirements of manual backups.
When creating a new wallet, you will be asked to manually backup a 12 or 24 word recovery phrase to a safe place. Often, as the next step it will ask you to verify that you did save it by having you input the phrase in the correct order.
This scheme is suitable for users who are already familiar with bitcoin and procedures for secure offline backups of their recovery phrase. It is not suited for complete beginners. When told to store the backup in a safe way offline, bitcoin-beginners in reality often take a screenshot, write it down in plain text somewhere on their mobile device, computer or a piece of paper on the fridge, or simply don’t back it up at all. This has the risk of achieving the opposite of what we want - high risk of self-inflicted loss and low to medium security in terms of third party theft.
How it works #
The wallet application will generate a 12 or 24 word phrase (seed / recovery phrase) from which all the wallet’s keys can be derived. This means the user can have access to the wallet from any compatible wallet application with the phrase, even if they lose the device or software.
This can be an effective way to reduce the risk of loss from theft if the backup is offline in a safe place, but puts more of the burden on the individual user. The security and risk will only be as good as how they backup the recovery phrase.
Safe backups can be made fairly simple, take a look at our Bitcoin backups guide as a good starting point.
- Manual backups done well can provide very high security
- Good interoperability
- Requires significant effort from users to achieve safe backups
- High onboarding friction
Best practice #
When to use
- When target audience is likely to be knowledgeable and implement good manual backup schemes
- When storing medium amounts
- When risk of loss from theft is higher than self-inflicted loss
When not to use
- When users are new to bitcoin and unlikely to implement good manual backups
- For use-cases with small amounts
- When onboarding is likely to happen outside of users’ homes
- 12 or 24 word phrase
- Additional user authentication (biometrics use, pin or password)
- Cloud backup options
- Explain what a recovery phrase is, and provide a guide how to do safe offline backups BEFORE the user is exposed to the phrase or can start using the wallet
Products that use this scheme Most bitcoin wallets, including;
Next, let’s look at external signing devices.