All articles

12 vs 24 Word wallet backup

When it comes to securing your cryptocurrency wallet, you might have questions about the security provided by a 12-word recovery wallet backup (formerly recovery seed) and whether a 24-word wallet backup would offer better protection.
 

In this article, we will address these concerns and help you understand the security of a 12-word wallet backup, the practical implications of using a 24-word wallet backup on the Trezor Model T or Trezor Safe 3, and the benefits of using Shamir Backup for users seeking advanced security measures.


Security of 12-Word wallet backups

A 12-word wallet backup provides 128 bits of entropy, which is more than sufficient for the security of your private keys. Bitcoin uses elliptic curve cryptography and 256-bit private keys, but the security of the elliptic curve is around half of the used bits, resulting in 128 bits for the secp256k1 curve used.
 

In practice, it is highly unlikely that an attacker could guess or brute-force a 12-word wallet backup with 128 bits of entropy in a feasible amount of time. Thus, a 12-word wallet backup offers a high level of security that is sufficient for most users, striking a balance between security and ease of use.


Trezor Model One and the 24-Word wallet backup

The Trezor Model One uses a 24-word wallet backup to enhance security during the basic recovery process on the host computer. When you enter 12 words on your computer in random order, the entropy in random order may not be sufficient to ensure a high level of security. In this case, using a 24-word wallet backup is essential.


However, if you choose not to recover your wallet on the host computer and instead enter all the words directly on the device, a 12-word wallet backup is sufficient for securing your wallet. The Trezor Safe 5, Trezor Safe 3 and Trezor Model offer this functionality. 
 

No real use case for 24-Word wallet backup on Trezor Model T and Trezor Safe 3


While a 24-word wallet backup does provide more entropy (256 bits), the practical increase in security is not as significant as it may appear. As mentioned earlier, the security of your wallet is primarily determined by the cryptography used, and you can never increase the number of steps it takes an attacker to calculate the private key from your public key.
 

Users should not feel the need to create a 24-word wallet backup on the Trezor Safe 5, Trezor Safe 3 or Trezor Model T, as a 12-word wallet backup is more than secure enough.
 

Shamir Backup: A secure alternative for splitting wallet backups


If users require more than 12 words for a wallet backup splitting scheme, they should consider Shamir Backup instead. Shamir's Secret Sharing is an algorithm that divides a secret (your wallet backup) into multiple parts and reconstructs the original secret by combining a certain number of those parts.
 

The Trezor Safe 5, Trezor Safe 3 and Trezor Model T have a 20 word Shamir Backup scheme as a default which allows users to create and store separate shares of their wallet backup if they choose. This increases the security of the wallet backup and allows for wallet recovery even if one part is lost or compromised. Users seeking additional security or who are considering splitting their wallet backups should explore Shamir Backup as a more effective solution than custom wallet backup splitting schemes or using a 24-word wallet backup. 
 

Check out our article: What is Shamir Backup? to learn more 


We also recommend watching the following video, where we explain Shamir Backup and how to use it: