Everything you need to know about your 12-word secret recovery phrase

You often hear people in the cryptocurrency ecosystem use terms like "seed phrase", "12-word seed", "12 word phrase", "12 words backup", "24 words backup", "mnemonic phrase", "recovery seed" etc. If you have ever wanted to learn more about these magical words, Exodus has you covered!

This article covers the most basic aspects of these magical words which ultimately control the keys of your crypto kingdom.

In this article:

What is a secret recovery phrase?

The 12-word secret recovery phrase is the master key generated by your wallet. If you have already read our article about private keys, you've learned that each wallet's receive address has its own private key which is used to make transactions and prove ownership of the funds in the address. All your private keys in Exodus are generated from and tied to the 12-word phrase.

These words help you recover your funds in case your computer crashes or anything else happens which prevents you from accessing your wallet on the computer it is installed on.

Anybody else who discovers your secret phrase can steal the funds, so it must be kept safe like your other valuables. It must not be stored in any electronic or digital form - more on this below.

How to store your Exodus 12-word secret recovery phrase

You might have heard this already - anything that is online is hackable! The same holds true for your 12-word secret recovery phrase if you decide to store it on a computer or any device that is connected to the internet.

Write down the secret phrase on a piece of paper or print them out using a secure network printer. It is always advised to have multiple copies of your secret phrase and store it in multiple locations to prevent loss from calamities like floods, earthquakes, fires, etc. For more tips on your 12-word secret recovery phrase safety, check out our article The Do's and Don'ts of 12 Word Phrases and Private Keys.

Ensure that you write down the secret phrase in the correct order without any spelling mistakes! Exodus tags each word of your secret phrase with the order in which it needs to be written down, so make sure you follow the order. Entering the secret phrase incorrectly (wrong order or spelling) will result in you not being able to access your wallet.

Following are some of the most common places where your secret phrase must not be stored: the notepad of your computer, as images on your laptop/mobile/tablet etc., file-sharing services like Dropbox, MegaBox, OneDrive, Google Drive, iCloud etc., e-mail drafts, word/excel/ppt files, password-protected files, USB drives, etc.

The threats are digital and online, so the best way to protect them is by keeping them in analog and offline storage: good, old-fashioned paper.

How is a secret recovery phrase generated?

A simple explanation of how secret phrases work is that the wallet has a list of words taken from a dictionary, with each word assigned to a number. The secret phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.

Exodus uses the English-language wordlist of the BIP39 standard which has 2048 words. If the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132, meaning 2 to the power of 132, and the phrase would have 132 bits of security. 

However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure. If you want to know how many, you can have a look here: http://bugcharmer.blogspot.com/2012/06/how-big-is-2128.html

When your 12-word phrase is converted into a seed integer, or number, for your wallet, the seed integer is used with a standard derivation algorithm, or formula, to derive, or generate, your master private key.

From this master private key, a very large number (almost infinite for all practical purposes) of private and public keys can be derived with the standard derivation formula. Given that the same master private key is used with the derivation formula, the same private and public keys will always be generated.

Also, different blockchain assets have different starting points in the derivation formula, which prevents differing assets from generating overlapping keys.

It is important to understand that the seed doesn't represent the private key, but it is used to derive your private and public keys to a series of processes described in the following Bitcoin Improvement Proposals (BIPs):

This is a rather lengthy and technical bit of reading, but below is a basic summary.

BIP32 describes how to use a master private key to generate (derive) a bunch of child private keys. These child keys are guaranteed to be 256 bit because of the process that is used to derive them.

BIP39 describes how a seed is generated. Although the 12-word seed is 128 bit, the derivation process described in BIP32 will ensure that the child keys are 256 bit, but the randomness (entropy) of those keys will be equal to 128 bit.

BIP44 describes a derivation path. In basic terms, it sets the properties that are used to derive private keys as described in BIP32. These properties, for example, can indicate what type of coin this is (BTC, BCH etc.).

What is an 18- or 24-word secret recovery phrase?

Exodus will only generate a 12-word secret recovery phrase to back up your wallet. However, other wallets might generate 18-word or 24-word secret recovery phrases. For example, the Trezor Model T automatically generates a 12-word phrase, while the Trezor One creates a 24-word phrase.

Although 12-, 18-, or 24-word secret recovery phrases all provide excellent security, some platforms choose a 24-word phrase because it provides 256-bit security rather than the 128-bit offered by the 12-word phrase. If you want to dive into the math, you could start with this video about 256-bit security or this article about cryptographic algorithms.

Also, keep in mind that different wallets use different derivation paths. Exodus and Trezor both use the BIP39 standard. However, other wallets like Electrum use an older incompatible standard. This means that a 12-word phrase from an Electrum wallet can't be used with Exodus or Trezor.

Where does Exodus store the 12-word secret recovery phrase?

Your 12-word phrase is stored in an encrypted manner on the computer you install Exodus on. We do not store your secret phrase on our servers, nor do we have any access to it. This is done in the true spirit of cryptocurrency that gives full control of the funds to the owner of the Private Keys. As Andreas Antonopoulos' famous quote goes: "Your keys, your bitcoin. Not your keys, not your bitcoin".

Also, by doing this, we protect you in the event of a hack on our servers. The hacker wouldn't find any information that gives access to your wallet and funds.

However, this means that you are solely responsible to ensure the safety and security of these words; if you ever forget your password and lose the secret phrase, your funds are irretrievable! We cannot help you by recreating your recovery phrase or resetting your password as we do not store anything on our end.

Using the 12-word secret recovery phrase

The average user would never need to use their 12-word phrase, unless their computer gives up and hence the wallet requires restoration on another computer. These days, however, there are hundreds forks/airdrops of every token out there—more often than not these forked/airdropped tokens are worthless but do require the user to enter their secret phrase or private keys on another wallet to claim them. Doing this is a security risk as your 12-word phrase may be compromised as soon as you expose them anywhere online—you never know who is lurking around, even an insecure internet router/WiFi password can cause loss of all your digital funds stored inside Exodus.

If you have to absolutely access the forked/airdropped tokens it is recommended to create an additional wallet where your funds can be stored until the fork/airdrop date. This way you can move your funds back to the original wallet while being able to use the new (temporary) wallet's 12-word secret recovery phrase or private keys to access the airdropped/forked tokens.

Security of your wallet

The online world can be a dangerous place and simply keeping your secret phrase safe is not always enough. Malware-infected computers can render your wallet vulnerable and susceptible to theft! Our article How do I keep my money safe? dives deep into keeping your computer safe and offers tips for safe online browsing.

How do I view my secret recovery phrase?

On Desktop:

Open Exodus and enter your password. 
Click the Settings icon in the top right-hand corner of your Exodus wallet.

Click on the Backup tab at the top of your wallet then click on View Secret Phrase.

A warning will display and you will need to confirm you want to see your 12-word Secret Phrase. Confirm that you understand the risks and have checked your surroundings then when you are ready, click the checkbox and the Show Secret Phrase button.

Do not reveal the 12 words if you are in a public location, on public WiFi, or if there is a chance anyone can see your screen.

On Mobile:

Open your Exodus wallet on your mobile device, then tap the dashboard icon in the bottom right, then tap Security.

Tap Backup.

Make sure nothing and no one is around to see your secret phrase. Tap View Secret Phrase if you are ready and able to write your secret 12-words down on a piece of paper and store them in a secure and private location.

Please note: We recommend writing down your secret phrase on more than 1 piece of paper and keep the copies in separate secure locations to prevent a single point loss from events like fires, loss, etc.

  • These 12 words are your secret master seed that generates all your wallet’s addresses and private keys. It is incredibly important for you to keep your secret phrase safe. If you would like to know more about your secret phrase click here.
  • Do not store your 12-word secret phrase in any digital format, hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.
Leave your finger on the Press and Hold to Reveal button to see your 12-word phrase.

Do not store your 12-word secret phrase in any digital format, Do not take a screenshot of your 12-word phrase. Hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.