What is a wallet recovery phrase?

Tens of millions of people use browser-based crypto wallets. How can recovery phrases be used to recover, transfer, or safeguard funds?

Password input field with green lock icon.

When you lose your crypto wallet, misplace the device you’ve used to buy crypto, or forget the password to log into wallet browser extension, a recovery phrase is the only way to recover your wallet and crypto. If you forget it or lose it, everything in that wallet will be gone forever, unrecoverable due to the necessary cryptography to sign transactions. A recovery phrase is the one thing that allows you to access all of your cryptocurrencies and NFTs in your wallet, and it can even enable you to transfer them securely to a new wallet.In this article, we’ll give a refresher on wallets and how they work, what recovery phrases are and how they are derived cryptographically, and how and why to keep yours safe and secure.

A quick rundown on wallets

When a user purchases cryptocurrencies through an exchange like Coinbase, Gemini, or Binance, the cryptocurrencies are deposited into a wallet managed by the exchange - known as a “custodial wallet” because the exchange takes custody of the private keys. Importantly, the wallet given to a user by a marketplace doesn’t allow users to directly access their private keys, which are the ultimate proof of ownership on the blockchain. Instead, access to the private keys must go through the marketplace, which manages key storage and all other necessary operations for the wallet.There are two main types of wallets that require a user to manage their own private keys: Hot wallets and cold wallets. Much like when you buy cryptocurrency from a marketplace like Coinbase or Gemini, a hot wallet stores your private key online (generally encrypted with your password), and only requires a password to access. This makes hot wallets significantly easier to compromise, drain, or exploit. These wallets generally use a password as a cryptographic “master key” to decrypt the private keys associated with the wallet, such as MetaMask or Phantom. A hot wallet that lives off of an exchange still provides individuals more direct ownership over their crypto than the wallet a marketplace grants a user. However, if a user has a lot of money stored in cryptocurrencies, they should look into using a cold wallet.A cold wallet is the safest and most ideal way to store large amounts of crypto for long periods of time. A cold wallet, or hardware wallet, creates and stores your private key offline. They are much safer than hot wallets both because they are physical, in either the form of a USB stick or another offline device, and because they are never connected to the internet, therefore making them less likely to be compromised. The private keys associated with the account never leave the physical device, such as a Trezor or Ledger hardware wallet.However, tens of millions of people now use self-custody software wallets on the internet. These wallets are built as browser extensions, such as Keplr and MetaMask, downloaded as apps (such as Rainbow on iOS), or used across multiple devices. With these wallets comes significant responsibility of caring for your own private keys, or managing a recovery mnemonic phrase that can be used to recover your account in case you forget this master password or lose your devices.

What is a recovery phrase?

A wallet recovery phrase (or “seed phrase”) is the mnemonic representation of a private key, a random number that can be used to access a user’s crypto wallet. A user would need to use a recovery phrase if they lost their hardware wallet, or forgot their password on their software or mobile wallet. A recovery phrase alone can be used to access an entire library of funds, such as an Ethereum wallet that stores many different tokens, NFTs, and other assets. Put simply, a recovery phrase is the “master password” to a user’s wallet.Recovery phrases were implemented after Bitcoin Improvement Proposal 39 (BIP39), which established the standard for “deterministic wallets.” Not only did this enable users to access all of their private keys with just one recovery phrase, it also made major wallets intercompatible, allowing users to switch wallets when necessary. Ultimately, this is possible because wallet addresses are simply public keys with corresponding private keys that can be used to sign transactions, manage funds, or move funds to other wallets.

How does a recovery phrase work?

A recovery phrase becomes necessary if a user loses their wallet or forgets their password. A recovery phrase is a randomly generated group of 12 to 20 words (from this list of 2,048 approved words, defined initially in the BIP39 word list proposal) that is created when a user sets up their wallet for the first time. When entered correctly, this phrase allows a user to access all of the private key in a wallet and even allows a user to move funds into a new wallet.An example of a recovery phrase could be: sad, table, vacant, yard, zebra, lab, jacket, fabric, dad, bag, oak, quit. Developers created recovery phrases mnemonically to limit human error, provide redundancy, and choose words that are phonetically different. After all, 12 to 20 words is much easier to enter than a 256-bit number, but still provides the same level of security as these words can be transformed deterministically back into a number. And, because of the number of variations possible in this format, it is nearly impossible for someone to guess your recovery phrase.

Is a recovery phrase the same as a private key?

Recovery phrases are similar to private keys, but not exactly the same. Private keys are used as access keys for individual addresses or accounts within a wallet. For example, if a user has multiple cryptocurrencies in their wallet, that user will have multiple private keys in their wallet to prove ownership of each form of cryptocurrency on the blockchain.On the other hand, a recovery phrase is the private key that lets a user access their wallet as a whole. This means that instead of having to write down all of their private keys to their various forms of cryptocurrencies, the recovery phrase instead serves as a proof of ownership or way to verify that the user is the owner of everything in the wallet itself. Another key difference is that private keys exist as encrypted strings of numbers that are difficult to enter manually, whereas recovery phrases are randomly generated lists of words from these numbers, designed for humans to be able to enter with significantly less error.

Where should a user store their recovery phrase?

Users should never store their seed phrase on the internet. This would make it possible for hackers to access after compromising another account, such as a cloud storage provider or an email address. Instead, users should store their recovery phrase in a safe place. Writing it down on a piece of paper is a reasonable idea, but it must be kept in a safe place (as opposed to taped to a computer or a desk drawer). Alternatively, keeping a recovery phrase in a secure location (such as a safe-deposit box, or even a password manager) might be an even more safe method of storage, particularly if a significant amount of funds are stored on the wallet. Users can attempt to memorize the phrase, but again, it is good to keep something physical, as this could be the only way to access a your funds.

Conclusion

A wallet recovery phrase is a mnemonic phrase that can be used to recover the private keys and funds stored in a crypto wallet. Given that, it’s critical to store the recovery phrase in a safe location, or to use a hardware wallet where private keys never leave a physical device. Good security and recoverability practices with a recovery phrase can make a significant difference in keeping an individual’s crypto safe, accessible, and secure.