Everything you need to know about your 12-word secret recovery phrase

You often hear people in the cryptocurrency ecosystem use terms like "seed phrase", "12-word seed", "12 word phrase", "12 words backup", "24 words backup", "mnemonic phrase", "recovery seed" etc. If you have ever wanted to learn more about these magical words, Exodus has you covered!

This article covers the most basic aspects of these magical words which ultimately control the keys of your crypto kingdom.


In this article:


What is a secret recovery phrase?

The 12-word secret recovery phrase is the master key generated by your wallet. If you have already read our article about private keys, you've learned that each wallet's receive address has its own private key which is used to make transactions and prove ownership of the funds in the address. All your private keys in Exodus are generated from and tied to the 12-word phrase.

These words help you recover your funds in case your computer crashes or anything else happens which prevents you from accessing your wallet on the computer it is installed on.

Please note: Anybody else who discovers your secret phrase can steal the funds, so it must be kept safe like your other valuables. It must not be stored in any electronic or digital form - more on this below.


How to store your Exodus 12-word secret recovery phrase

You might have heard this already - anything that is online is hackable! The same holds true for your 12-word secret recovery phrase if you decide to store it on a computer or any device that is connected to the internet.

Please note: Write down the secret phrase on a piece of paper or print them out using a secure network printer. It is always advised to have multiple copies of your secret phrase and store it in multiple locations to prevent loss from calamities like floods, earthquakes, fires, etc. For more tips on your 12-word secret recovery phrase safety, check out our article: The Do's and Don'ts of 12 Word Phrases and Private Keys.

Please note: Ensure that you write down the secret phrase in the correct order without any spelling mistakes! Exodus tags each word of your secret phrase with the order in which it needs to be written down, so make sure you follow the order. Entering the secret phrase incorrectly (wrong order or spelling) will result in you not being able to access your wallet.

Following are some of the most common places where your secret phrase must not be stored: the notepad of your computer, as images on your laptop/mobile/tablet etc., file-sharing services like Dropbox, MegaBox, OneDrive, Google Drive, iCloud etc., e-mail drafts, word/excel/ppt files, password-protected files, USB drives, etc.

The threats are digital and online, so the best way to protect them is by keeping them in analog and offline storage: good old-fashioned paper.


How is a secret recovery phrase generated?

A simple explanation of how secret phrases work is that the wallet has a list of words taken from a dictionary, with each word assigned to a number. The secret phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.

Exodus uses the English-language wordlist of the BIP39 standard which has 2048 words. If the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132, meaning 2 to the power of 132, and the phrase would have 132 bits of security. 

However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure. If you want to learn more about how big 2^128 is, you can have a look here: http://bugcharmer.blogspot.com/2012/06/how-big-is-2128.html

When your 12-word phrase is converted into a seed integer or number for your wallet, the seed integer is used with a standard derivation algorithm, or formula, to derive and generate your master private key.

From this master private key, a very large number (almost infinite for all practical purposes) of private and public keys can be derived with the standard derivation formula. Given that the same master private key is used with the derivation formula, the same private and public keys will always be generated.

Also, different blockchain assets have different starting points in the derivation formula, which prevents differing assets from generating overlapping keys.

It is important to understand that the seed doesn't represent the private key, but it is used to derive your private and public keys to a series of processes described in the following Bitcoin Improvement Proposals (BIPs):

This is a rather lengthy and technical bit of reading, but below is a basic summary.

BIP32: Describes how to use a master private key to generate (derive) a bunch of child private keys. These child keys are guaranteed to be 256-bit because of the process that is used to derive them.

BIP39: Describes how a seed is generated. Although the 12-word seed is 128-bit, the derivation process described in BIP32 will ensure that the child keys are 256-bit, but the randomness (entropy) of those keys will be equal to 128-bit.

BIP44: Describes a derivation path. In basic terms, it sets the properties that are used to derive private keys as described in BIP32. These properties, for example, can indicate what type of coin this is (BTC, BCH etc.).


What is an 18- or 24-word secret recovery phrase?

Exodus will only generate a 12-word secret recovery phrase to back up your wallet. However, other wallets might generate 18-word or 24-word secret recovery phrases. For example, the Trezor Model T automatically generates a 12-word phrase, while the Trezor One creates a 24-word phrase.

Although 12-, 18-, or 24-word secret recovery phrases all provide excellent security, some platforms choose a 24-word phrase because it provides 256-bit security rather than the 128-bit offered by the 12-word phrase. If you want to dive into the math, you could start with this video about 256-bit security or this article about cryptographic algorithms.

Also, keep in mind that different wallets use different derivation paths. Exodus and Trezor both use the BIP39 standard. However, other wallets like Electrum use an older incompatible standard. This means that a 12-word phrase from an Electrum wallet can't be used with Exodus or Trezor.


Where does Exodus store the 12-word secret recovery phrase?

Your 12-word phrase is stored in an encrypted manner on the device you install Exodus on. We do not store your secret phrase on our servers, nor do we have any access to it. This is done in the true spirit of cryptocurrency that gives full control of the funds to the owner of the Private Keys. As Andreas Antonopoulos' famous quote goes: "Your keys, your bitcoin. Not your keys, not your bitcoin".

Also, by doing this, we protect you in the event of a hack on our servers. The hacker wouldn't find any information that gives access to your wallet and funds.

However, this means that you are solely responsible to ensure the safety and security of these words; if you ever forget your password and lose the secret phrase, your funds are irretrievable! We cannot help you by recreating your recovery phrase or resetting your password as we do not store anything on our end.


Using the 12-word secret recovery phrase

The average user would never need to use their 12-word phrase, unless their computer gives up and hence the wallet requires restoration on another computer. These days, however, there are hundreds forks/airdrops of every token out there - more often than not these forked/airdropped tokens are worthless but do require the user to enter their secret phrase or private keys on another wallet to claim them. Doing this is a security risk as your 12-word phrase may be compromised as soon as you expose them anywhere online - you never know who is lurking around, even an insecure internet router/WiFi password can cause loss of all your digital funds stored inside Exodus.

Please note: If you have to absolutely access the forked/airdropped tokens it is recommended to create an additional wallet where your funds can be stored until the fork/airdrop date. This way you can move your funds back to the original wallet while being able to use the new (temporary) wallet's 12-word secret recovery phrase or private keys to access the airdropped/forked tokens.


Security of your wallet

The online world can be a dangerous place and simply keeping your secret phrase safe is not always enough. Malware-infected computers can render your wallet vulnerable and susceptible to theft! Our article How do I keep my money safe? dives deep into keeping your computer safe and offers tips for safe online browsing.


How do I view my 12-word secret recovery phrase?

Desktop:

1
Open Exodus and enter your password. 
2
Click the Settings icon in the top right-hand corner of your Exodus wallet.

3
a) Click on the Backup tab at the top of your wallet then b) click on View.

Please note: Do not reveal the 12 words if you are in a public location, on public WiFi, or if there is a chance anyone can see your screen.

4
A warning will display and you will need to confirm you want to see your 12-word Secret Phrase. Confirm that you understand the risks and have checked your surroundings then when you are ready, a) click the checkbox and b) click  Show Secret Phrase.

5
Write down your 12-word secret recovery phrase. Mouse over the words and write them down in the correct order. Double-check that they are spelled correctly. When you are finished writing down the 12-word phrase, put it in a secure place that only you can access and click Done

Please note: We recommend writing down your secret phrase on more than 1 piece of paper, keep the copies in separate secure locations to prevent a single point loss from events like fires, loss, etc.

  • These 12 words are your secret master seed that generates all your wallet’s addresses and private keys. It is incredibly important for you to keep your secret phrase safe. If you would like to know more about your secret phrase click here.
  • Do not store your 12-word secret phrase in any digital format, hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.

6
Finally, you will need to confirm that you have written down the 12-word phrase correctly. a) Read the verification question carefully, and b) select the correct answer, then c) click Done.


Mobile:

1
Open your Exodus wallet on your mobile device, a) tap the Dashboard icon, then b) tap Security.

2
Tap Backup.

3

Make sure nothing and no one is around to see your secret phrase. Tap View Secret Phrase if you are ready and able to write your secret 12-words down on a piece of paper and store them in a secure and private location.

Please note: We recommend writing down your secret phrase on more than 1 piece of paper, keep the copies in separate secure locations to prevent a single point loss from events like fires, loss, etc.

  • These 12 words are your secret master seed that generates all your wallet’s addresses and private keys. It is incredibly important for you to keep your secret phrase safe. If you would like to know more about your secret phrase click here.
  • Do not store your 12-word secret phrase in any digital format, hackers can access digital files and information, but they can't access an old-fashioned piece of paper. If you would like to know more about how to keep your crypto safe click here.

4
To see your 12-word secret recovery phrase, a) leave your finger on the Press and Hold to Reveal button to see your 12-word phrase. Once you have written down your 12 words, b) tap Done.

5
Next, to check your backup, you will receive a question regarding the 12-word phrase you have written down. a) Choose the correct answer to the question, b) then tap Done.


Browser Extension

1
a) Click the Menu icon, then b) click Settings.

2
Click View Secret Recovery Phrase.

3
To confirm you want to view your 12-word secret recovery phrase, a) enter your password and b) click Next. Make sure no one can see your screen, because anyone with your 12-word phrase can steal your funds.
4
You can now view your 12-word phrase. Write down your 12-word phrase and store it in a secure place to you always have access to your funds. Be sure to double-check that the words have been written down in the correct order and that no words are misspelled.

Please note: We recommend writing down your 12-word secret recovery phrase on more than one piece of paper, and keeping the copies in separate secure locations to prevent a single point of loss from events like fires, floods, etc.

  • The 12-word phrase generates all your wallet’s addresses and private keys. It is incredibly important for you to keep your 12-word phrase safe. If you would like to know more about your 12-word phrase, please click here.
  • Do not store your 12-word secret recovery phrase in any digital format. Hackers can access digital files and information, but they can't access a piece of paper. If you would like to know more about how to keep your crypto safe, please click here.
5
After you have written down your 12-word phrase, and checked that all the words are spelled correctly and are in the correct order, you can click Done.

Lee este artículo en Español | Read this article in Spanish

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.