Define your threat model

Before getting too worked up about the potential risks facing your Bitcoin, take a moment to assess the most probable threats you face. It is important to understand that everyone has a different threat model, and this can change over time. 
 

Environmental risks

Environmental threats like sunlight, fire or water might damage your backup, depending on the material it was recorded on. For instance, we have reports of accidents, during which a house burned down, lost in the aftermath of hurricanes, or the recovery seed was accidentally thrown out.
 

Physical attacks

A person holding 100 Bitcoin in their Trezor will be a much more desirable target than someone holding a few million sats, but only if the amount is known. Simply being outspoken about owning Bitcoin can put you at risk, no matter how much you own.
 

It may seem trivial to talk about owning a small amount right now, but the value could increase, or a potential attacker may simply jump to their own conclusions. By keeping a low profile, you are far less likely to find yourself under threat.
 

Addressing the physical threat vector takes some discipline. A hardware wallet will stop a physical attacker from getting to your keys, but it’s best to never get into that situation. Don’t talk about how much Bitcoin you own, be careful with sharing other data, and secure your keys where only you can access them.
 

$5 wrench attack

The term "$5 wrench attack" describes a situation where an individual tries to force you to hand over your cryptocurrency assets by using threats of physical violence or death. In such scenarios, it is crucial to take steps to secure your assets and minimize the risk of losing them. This includes keeping the amount of your cryptocurrency holdings confidential and distributing your assets across multiple, separate storage locations.
 

One option for this is to use multiple hardware wallets, which are considered to be a secure method for storing cryptocurrency. Another alternative is to use a single hardware wallet but with different accounts, each with its own unique passphrase. By following these best practices, you can reduce the risk of losing all your assets in the event of an attack.

Remote attacks

The biggest threat most of us are vulnerable to is a remote attack, where an attacker will try to steal keys using malware or phishing over the internet. Physical theft is statistically much less common but still poses a risk to anyone identified as a worthwhile target.

Hardware wallets mitigate remote attacks by keeping your keys offline at all times. They also let you see exactly what you are signing, unmasking more sophisticated attacks. Starting to use a hardware wallet is the biggest security improvement you can make.
 

Writing down the recovery seed.

By now you probably know that the recovery seed is a crucial element for the security of your Trezor hardware wallet.

If your device is lost, damaged or stolen, you can use your recovery seed to restore access to your entire wallet, passwords and other data associated with it.

The process is simple; you only have to enter the words of your seed into your new Trezor device.

There is only one occasion when your Trezor will reveal your recovery seed, and that is during the backup procedure. Keep in mind that your Trezor will only show your recovery seed once.
 

When you first set up your Trezor, it will prompt you to run the backup process. Be extremely careful during this procedure, and make sure you copy the words from the device display carefully. Make sure the words are spelled correctly and are in the right order.

 

Storing a standard BIP39 recovery seed

There are two points to focus on when storing a recovery seed: it must be stored somewhere only you can access, and it should be durable. The durability issue is commonly solved by engraving the seed in a tough material, such as stainless steel or titanium, which will survive a disaster. Securing the backup is a more difficult task for the average person to manage.
 

There are pros and cons to each option for storing your seed, so consider your threat model to decide on a solution that works for you.
 

Using a home safe

Storing your seed in a hidden safe at your house is one of the only ways to control who has access to it. Seeing a safe is enough to raise the interest of any potential thief, so if using this storage method you should find a discreet place to install the safe, obscured from the view of guests, housemates or cleaners.

If there is a likelihood that your bitcoin holdings are known by others and somehow connected to your home address, this option may not be viable for you. A more flexible recovery method such as Shamir backup might be more suitable, so even if the seed in your safe were compromised your funds would remain protected.

If you have multiple wallets, it’s also possible to use them in a multisignature (Multisig) setup, where each wallet acts as one key and the seed for each can be held in different locations, meaning a compromised safe would not be so disastrous. This is more complex to set up than Shamir, but offers advantages if custody of the funds are shared by multiple people.

A hidden location on your property

While not as secure as a hidden safe, you may have a hard-to-access and discreet location on your property where you can hide your seed, such as a locked loft, or out of reach and out of sight somewhere in a locked room. There are many options, and you will need to assess the layout of your property to determine if there is any truly secure location to use.

 

Burying your recovery seed

Storing your recovery seed underground is often referenced as an option, but there are several reasons it may be a bad idea. Many materials will degrade faster in a damp, acidic environment, so precautions have to be taken to transcribe the seed to a durable material and to limit exposure to dirt and humidity.
 

Another issue when burying a seed outdoors is choosing a good location. You should be in control of who can access the land, and must take steps to prevent it from being uncovered accidentally, and to make sure you will remember where you left it.

 

Limitations of a recovery seed

While BIP39 recovery seeds made it much easier to secure Bitcoin offline, they are still not ideal since they must be heavily protected and are a single point of failure that could lead to a loss of funds. You can take precautions against this by using passphrases to create hidden wallets. Assets in hidden wallets can only be accessed with the recovery seed and a passphrase, which can be memorized or stored in a different location than the recovery seed.
 

SatoshiLabs also created a new standard called Shamir backup that improves upon BIP39 and lets you securely generate multiple lists of words that must be combined in order to restore access to the funds. Using Shamir backup, there is redundancy that allows one or several lists to be lost or stolen without security being affected. This makes it simpler and safer for the average person to protect their seed, even without access to highly secure storage solutions.

 

Using Shamir backup

Recovery seeds are widely used but can be problematic to secure. Shamir backup makes it easy to safely store a backup of your keys across multiple locations, lessening the risk of losing access to your Bitcoin through theft or damage.
 

Shamir backup, also known as SLIP39, is a feature available on the Trezor Model T that lets you create up to 16 shares, where each share is a list of 20 words. You then choose a threshold, which sets how many shares are needed to recover the keys. With these two options, you can customize your setup in many ways to suit your threat model.

There are two configurations of Shamir backup that are most commonly used, known as two-of-three and three-of-five. The naming of these systems is formatted as 'threshold-of-total' shares, so the first scheme is three shares in total and a threshold of two shares needed for recovery. Three-of-five means five shares in total and any three needed for recovery.
 

It is best not to overcomplicate a Shamir backup. Unless you have a specific use case that needs any other configuration, it is best to stick with two-of-three or three-of-five setup. A two-of-three setup offers redundancy where one share can be lost, destroyed or stolen, while three-of-five allows two shares to be lost without affecting your funds.
 

Using Shamir backup means less paranoia and more practical physical security. While it’s good practice to keep shares locked away, with Shamir backup you can distribute your shares between your home, a relative’s house, your office, and so on; even if one location is compromised it does not impact your ability to recover your funds.

 

Limitations of Shamir backup

Shamir backup is a more robust solution than a BIP39 recovery seed, but it is not as widely supported as BIP39. That means to recover a wallet using Shamir backup you will need to use another Trezor Model T or one of the other third-party wallets that support the standard.
 

Shamir backup is open source, meaning we gave this standard to the community so anyone can use it, and we believe support of SLIP39 will continue to grow. Should Trezor cease to exist, there are open tools available to recover Shamir backups.
 

It’s also easy to be complacent with Shamir backup, but you should still hide your shares securely to prevent someone from covertly tracking them down, and regularly check on the state of your shares in case they get damaged. While you may be able to lose several shares without endangering your funds, you must always have enough to meet the recovery threshold.

 

Choosing the right material for your backups

Paper backups, where you write down your recovery seed in pen or pencil, are susceptible to disasters such as fire or flood. As covered above, a BIP39 recovery seed is a single point of failure, meaning if it gets destroyed and you lose your Trezor, you will never be able to recover your funds. Anyone using a 12 or 24-word recovery seed will benefit from engraving or punching their seed into a metal backup, to offset the risk of disaster.
 

If you use a Shamir backup, the redundancy allowing for shares to be lost or damaged means a metal backup might not offer significantly more protection. Depending on how you distribute the shares, you may choose to invest in several metal backups where there is a higher risk of the share becoming damaged, for example if buried or kept somewhere that may not be possible to access for a long time.

 

Types of physical backups

Physical seed storage solutions come in many forms and materials. The most common types are paper and metal. For a thorough guide to the many metal backups available for purchase, check out Jameson Lopp’s Metal Seed Storage Reviews, where storage solutions from different brands are put through a gauntlet of endurance tests.

Metal backups can also be put together using equipment from a hardware store, such as stainless steel bolts and nails. Engraving tools can be used too, but it is important that the seed is engraved or punched in the metal in a way that it will be readable even if the metal is heavily deformed or heat-damaged.