Everything you need to know about your secret 12-word recovery phrase
You often hear people in the cryptocurrency ecosystem use terms like "seed phrase", "12-word seed", "12 word phrase", "12 words backup", "24 words backup", "mnemonic phrase", "recovery seed" etc. If you have ever wanted to learn more about these magical words, Exodus has you covered!
This article covers the most basic aspects of these magical words which ultimately control the keys of your crypto kingdom.
In this Article:
- What is a secret recovery phrase?
- How to store your secret Exodus 12-word recovery phrase
- How is a secret recovery phrase generated?
- Where does Exodus store the secret 12-word recovery phrase?
- Using the secret 12-word recovery phrase
- Security of your wallet
- How do I view my Secret Recovery phrase
What is a secret recovery phrase?
The secret 12-word recovery phrase is the master key generated by your wallet. If you have already read our article about private keys, you've learned that each wallet's receive address has its own private key which is used to make transactions and prove ownership of the funds in the address. All your private keys in Exodus are generated from and tied to the secret 12-word recovery phrase.
These words help you recover your funds in case your computer crashes or anything else happens which prevents you from accessing your wallet on the computer it is installed on.
Anybody else who discovers your secret phrase can steal the funds, so it must be kept safe like your other valuables. It must not be stored in any electronic or digital form - more on this below.
How to store your secret Exodus 12-word recovery phrase
You might have heard this already - anything that is online is hackable! The same holds true for your secret 12-word recovery phrase if you decide to store it on a computer or any device that is connected to the internet.
Write down the secret phrase on a piece of paper or print them out using a secure network printer. It is always advised to have multiple copies of your secret phrase and store it in multiple locations to prevent loss from calamities like floods, earthquake, fire, etc. For more tips on your secret 12-word recovery phrase safety, check out our article The Do's and Don'ts of 12 Word Phrases and Private Keys.
Ensure that you write down the secret phrase in the correct order without any spelling mistakes! Exodus tags each word of your secret phrase with the order in which it needs to be written down, so make sure you follow the order. Entering the secret phrase incorrectly (wrong order or spelling) will result in you not being able to access your wallet.
Following are some of the most common places where your secret phrase must not be stored: the notepad of your computer, as images on your laptop/mobile/tablet etc., file-sharing services like Dropbox, MegaBox, OneDrive, Google Drive, iCloud etc., e-mail drafts, word/excel/ppt files, password-protected files, USB drives, etc.
The threats are digital and online, so the best way to protect them is by keeping them in analog and offline storage: good, old-fashioned paper.
How is a secret recovery phrase generated?
A simple explanation of how secret phrases work is that the wallet has a list of words taken from a dictionary, with each word assigned to a number. The secret phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.
Exodus uses the English-language wordlist of the BIP39 standard which has 2048 words. If the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132, meaning 2 to the power of 132, and the phrase would have 132 bits of security.
However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure. If you want to know how many, you can have a look here: http://bugcharmer.blogspot.com/2012/06/how-big-is-2128.html
When your secret 12-word recovery phrase is converted into a seed integer, or number, for your wallet, the seed integer is used with a standard derivation algorithm, or formula, to derive, or generate, your master private key.
From this master private key, a very large number (almost infinite for all practical purposes) of private and public keys can be derived with the standard derivation formula. Given that the same master private key is used with the derivation formula, the same private and public keys will always be generated.
Also, different blockchain assets have different starting points in the derivation formula, which prevents differing assets from generating overlapping keys.
It is important to understand that the seed doesn't represent the private key, but it is used to derive your private and public keys to a series of processes described in the following Bitcoin Improvement Proposals (BIPs):
This is a rather lengthy and technical bit of reading, but below is a basic summary.
BIP32 describes how to use a master private key to generate (derive) a bunch of child private keys. These child keys are guaranteed to be 256 bit because of the process that is used to derive them.
BIP39 describes how a seed is generated. Although the 12-word seed is 128 bit, the derivation process described in BIP32 will ensure that the child keys are 256 bit, but the randomness (entropy) of those keys will be equal to 128 bit.
BIP44 describes a derivation path. In basic terms, it sets the properties that are used to derive private keys as described in BIP32. These properties, for example, can indicate what type of coin this is (BTC, BCH etc.).
Where does Exodus store the secret 12-word recovery phrase?
Your secret 12-word Recovery phrase is stored in an encrypted manner on the computer you install Exodus on. We do not store your secret phrase on our servers, nor do we have any access to it. This is done in the true spirit of cryptocurrency that gives full control of the funds to the owner of the Private Keys. As Andreas Antonopoulos' famous quote goes: "Your keys, your bitcoin. Not your keys, not your bitcoin".
Also, by doing this, we protect you in the event of a hack on our servers. The hacker wouldn't find any information that gives access to your wallet and funds.
However, this means that you are solely responsible to ensure the safety and security of these words; if you ever forget your password and lose the secret phrase, your funds are irretrievable! We cannot help you by recreating your recovery phrase or resetting your password as we do not store anything on our end.
Using the secret 12-word Recovery phrase
The average user would never need to use their secret 12-word recovery phrase, unless their computer gives up and hence the wallet requires restoration on another computer. These days, however, there are hundreds forks/airdrops of every token out there—more often than not these forked/airdropped tokens are worthless but do require the user to enter their secret phrase or private keys on another wallet to claim them. Doing this is a security risk as your 12-word secret phrase may be compromised as soon as you expose them anywhere online—you never know who is lurking around, even an insecure internet router/WiFi password can cause loss of all your digital funds stored inside Exodus.
If you have to absolutely access the forked/airdropped tokens it is recommended to create an additional wallet where your funds can be stored until the fork/airdrop date. This way you can move your funds back to the original wallet while being able to use the new (temporary) wallet's secret 12-word recovery phrase or private keys to access the airdropped/forked tokens.
Security of your wallet
The online world can be a dangerous place and simply keeping your secret phrase safe is not always enough. Malware-infected computers can render your wallet vulnerable and susceptible to theft! Our article How do I keep my money safe? dives deep into keeping your computer safe and offers tips for safe online browsing.
How do I view my secret recovery phrase?
- Open Exodus and enter your password.
- Click the Settings icon in the top right-hand corner of your Exodus wallet.
- Click on the Backup tab at the top of your wallet then click on View Secret Phrase.
- A warning will display and you will need to confirm you want to see your 12-word Secret Phrase. Confirm that you understand the risks and have checked your surroundings then when you are ready, click the checkbox and the Show Secret Phrase button.
Do not reveal the 12 words if you are in a public location, on public WiFi, or if there is a chance anyone can see your screen.
- Open your Profile by tapping the person silhouette icon in the lower right corner of your screen. Then tap Security.
- Tap Backup.
- Make sure nothing and no one is around to see your secret phrase. Tap View Secret Phrase if you are ready and able to write your secret 12-words down on a piece of paper and store them in a secure and private location.
Please note: We recommend to write down your secret phrase on more than 1 piece of paper and keep the copies in separate secure locations prevent a single point loss from events like fires, loss, etc.
- These 12 words are your secret master seed that generates all your wallet’s addresses and private keys. It is incredibly important for you to keep your secret phrase safe. If you would like to know more about your secret phrase click here.
- Do not store your 12-word secret phrase in any digital format, hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.
- Leave your finger on the Press and Hold to Reveal button to see your 12-word secret phrase.
Do not store your 12-word secret phrase in any digital format, Do not take a screenshot of your secret 12-word recovery phrase. Hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.