Manual backup / Recovery phrase
Manual backup of the recovery phrase has been the most common private key management scheme by far since its proposal with BIP39 in 2013. If you have used any non-custodial bitcoin application, you are likely to have experienced the onboarding requirements of manual backups.
When creating a new wallet, users will be asked to manually write down a backup of a 12 or 24 word recovery phrase to a safe place. Often, as the next step, it will ask you to verify that you did save it by having you input the recovery phrase in the correct order. Additionally, some wallets may use a passphrase that can be defined by the user.
This scheme is suitable for users who are already familiar with bitcoin and procedures for secure offline backups of their recovery phrase. It is not suited for complete beginners. When told to store the backup safely offline, bitcoin-beginners in reality often take a screenshot, write it down in plain text somewhere on their mobile device, computer, or a piece of paper on the fridge, or simply don’t back it up at all. Manual backups have the risk of achieving the opposite of what we want—a high risk of self-inflicted loss, and low to medium-security in terms of third-party theft.
How it works #
The wallet application will generate a 12 or 24 word recovery phrase from which all the wallet’s keys can be derived. This means the user can have access to the wallet from any compatible wallet application with the recovery phrase, even if they lose the device or software.
This can be an effective way to reduce the risk of loss from theft if the backup is offline in a safe place, but puts more of the burden on the individual user. The security and risk will only be as good as how they backup the recovery phrase.
Safe backups can be made fairly simple. Take a look at our bitcoin backups guide as a good starting point.
Pros
- Manual backups done well can provide very high security
- Good interoperability
Cons
- Requires significant effort from users to achieve safe backups
- High onboarding friction
Best practice #
When to use #
- When the target audience is likely to be knowledgeable and implement good manual backup schemes
- When storing medium amounts
- When the risk of loss from theft is higher than the risk of self-inflicted loss
When not to use #
- When users are new to bitcoin and unlikely to implement good manual backups
- For use-cases with small amounts
- When onboarding is likely to happen outside of users’ homes
Do’s #
- Explain what a recovery phrase is, and provide guidance on how to do safe offline backups BEFORE the user is exposed to the recovery phrase
- Consider supporting recovery phrases in multiple languages for better global accessibility
Products that use this scheme #
Most bitcoin wallets, including:
Next, let’s look at external signers.