Seed Phrase Museum
Est. 2013
Preservation Manual

The Proper Care of
Seed Phrases

For those who choose to manage seed phrase security, these guidelines represent the minimum standard of care. Even with meticulous implementation, fundamental vulnerabilities remain.

Important Disclaimer

Even with perfect execution of all guidelines below, seed phrases remain vulnerable to physical theft, natural disasters, human error, and single-point-of-failure risks. These represent mitigation, not elimination, of inherent security weaknesses.

Essential Protocols

Storage Guidelines

Each protocol must be implemented completely. Partial implementation creates false confidence while maintaining vulnerability.

Metal Backups

Use titanium, stainless steel, or brass plates with stamped or etched words. Avoid paper, lamination, ink, or any material vulnerable to environmental damage.

  • Choose materials rated for 1400°C minimum fire resistance
  • Use only corrosion-proof metals that won't degrade over decades
  • Stamp or deep-etch words — never use ink or surface markings
  • Test readability after simulating disaster conditions

Geographic Distribution

Store backups across multiple locations in different disaster zones, jurisdictions, and access control systems to prevent single-point failure.

  • Maintain at least 3 geographically separated storage sites
  • Choose locations with different risk profiles (flood vs fire zones)
  • Distribute across varying legal jurisdictions when possible
  • Document location access procedures for emergencies

Environmental Protection

Fireproof and waterproof containers rated for extreme conditions beyond typical residential safes.

  • Select safes rated for 1700°F for minimum 2 hours
  • Verify waterproof certification with tested depth ratings
  • Bolt safes to foundation or embed in concrete
  • Inspect seal integrity regularly for degradation

Inheritance Planning

Clear, legally documented succession plans ensuring heirs can access funds without compromising current security.

  • Create legal documentation establishing digital asset ownership
  • Provide detailed recovery instructions for your executor
  • Consider time-locked or condition-based release mechanisms
  • Engage estate planning professionals for high-value holdings

Password Separation

If encrypting seed phrases, ensure passwords are managed with equal or greater security rigor.

  • Use a reputable password manager with encrypted backups
  • Never reuse the password protecting your seed phrase
  • Document password recovery procedures separately
  • Test password retrieval regularly to verify access

Decoy Wallets

Maintain small-balance wallets accessible under duress to satisfy attackers without total loss.

  • Keep enough balance to appear legitimate under pressure
  • Store decoy seed phrases separately from primary holdings
  • Ensure simple recovery process for emergency situations
  • Never mention the existence of larger holdings

Operational Security

Privacy discipline to prevent becoming a target for physical or social engineering attacks.

  • Never discuss holdings publicly or on social media
  • Avoid visible wealth indicators tied to cryptocurrency
  • Use pseudonyms for community participation
  • Compartmentalize identity across platforms

Recovery Testing

Regular verification that backups are readable and functional without exposing seed phrases to digital systems.

  • Conduct annual recovery drills using test wallets
  • Verify metal backup readability and word accuracy
  • Test password retrieval from all secure storage locations
  • Document any issues and remediate immediately
Persistent Risks

Unavoidable Vulnerabilities

These attack vectors persist regardless of implementation quality. No amount of careful storage can fully eliminate these risks.

Catastrophic Disasters

Fires, floods, or earthquakes affecting multiple storage locations simultaneously remain possible despite geographic distribution.

Human Error

Transcription mistakes, illegible stamping, or incorrect word order can render backups permanently useless despite perfect storage.

Physical Coercion

Targeted attacks with physical threats can force disclosure regardless of storage sophistication. Decoys provide limited protection.

Inheritance Complexity

Even with documentation, heirs may struggle with technical procedures, legal access, or coordinating across storage sites.

Emergency Procedures

Response Protocols

Disaster recovery requires split-second decisions under stress with incomplete information and high stakes.

?

Can you physically access your primary backup location?

Yes, I can access it

Check if the backup is readable and intact:

If readable and intact → Proceed to recovery verification
If damaged or illegible → Activate secondary backup location
No, I cannot access it

Can you access your secondary backup within 72 hours?

If yes → Begin travel and retrieval procedure immediately
If no → Activate emergency recovery protocol (if configured)

Is the disaster event still ongoing?

Event has concluded
  1. 1.Assess physical damage to all known backup locations
  2. 2.Prioritize backup retrieval by proximity and accessibility
  3. 3.Test backup readability before attempting wallet recovery
Disaster still ongoing
  1. 1.Do NOT attempt to retrieve backups during active disaster
  2. 2.Monitor the situation for safe access windows
  3. 3.Document known damage for insurance and recovery planning
?

Do you have documented recovery procedures?

Yes, I have documentation

Your recovery documentation should include:

  • Backup location addresses & access instructions
  • Decryption passwords (if backups are encrypted)
  • BIP39 word list reference for verification
  • Wallet derivation path & account structure
  • Test recovery procedure with known results
  • Emergency contact list for custodians/executors
Critical Risk: No documentation

Recovery without written procedures dramatically increases the risk of human error, incorrect word order, forgotten derivation paths, or incomplete backup retrieval. Success rates drop significantly. Create documentation immediately.

Important Context

This decision tree represents a simplified disaster recovery scenario. Real-world events involve coordination across multiple stakeholders, legal considerations for safety deposit box access, time-sensitive asset movement, and psychological stress under crisis conditions. Even with perfect documentation, seed phrase recovery remains operationally complex and inherently risky for individual holders.

Annual Requirement

Recovery Testing

Recovery testing must be performed annually to verify backups remain readable and procedures remain executable. Failure to test creates false confidence that can prove catastrophic.

Critical: Never enter your production seed phrase into any internet-connected device during testing. Use an air-gapped computer or dedicated hardware wallet. One mistake during testing can compromise your entire holding.

Comparative Analysis

Seed Phrase vs. Multi-Party Computation (MPC)

Single Point of Failure
Seed Phrase

One lost word = total loss

Bron MPC

Distributed across multiple parties

Physical Vulnerability
Seed Phrase

Destroyed by fire, flood, or disaster

Bron MPC

No physical backup to lose or destroy

Theft Resistance
Seed Phrase

Complete access if compromised

Bron MPC

Multi-party approval required

Human Error Risk
Seed Phrase

Transcription mistakes are permanent

Bron MPC

User biometrics for signing

Inheritance
Seed Phrase

Difficult to transfer securely

Bron MPC

Structured recovery protocols

Coercion Resistance
Seed Phrase

One person can be forced to disclose

Bron MPC

Multiple parties must be compromised

Modern cryptographic custody for the next generation
Learn About Bron

How Safe Is Your Crypto?

Identify gaps across all eight security domains covered in this guide.

Take the Quiz