Is “Never Store Your Seed Phrase Online” Still the Best Advice?

Contents

• Why the Commandment Exists
• Three Options to Consider
• Offline Cold Storage
  • Examples of Offline Methods
  • Typical Offline Formats
  • Potential Pitfalls with Offline Storage
• Online Storage
  • Examples of Online Methods
  • Potential Pitfalls of Online Storage
  • Exploring Online Secret Sharing with Guardians
• Multisig, MPC, and Account Abstraction
• A More Nuanced Approach: SecretShield
  • How SecretShield Addresses Key Challenges
• Combining SecretShield with Offline Methods
• Comparison Table: Evaluating Different Approaches
• Conclusion: A Refined Commandment
  • Still Have Questions?

Why the Commandment Exists

In traditional finance (TradFi), if someone steals your money through fraud, it is possible to reverse the transaction. Not in crypto, once a malicious transaction is confirmed on the blockchain, those funds are almost always gone for good. This is also true for account recovery. In TradFI, you can go to the institution to recover your account; however, in crypto, if your seed phrase is lost you have lost access to your funds.

In light of this, backing up your seed phrase is critical, as losing it or having it stolen is disastrous. Most online solutions for drives, backups, etc. are not simply designed for this level of security. The crypto community latched on to the idea of “cold,” offline seed phrase storage—from writing on paper, stamping your seed onto metal, or storing it on a flash drive. The logic is straightforward: if your seed phrase is never online, hackers can’t just grab it from the internet.

However, what if you lose that piece of paper or that hunk of metal? Or what if a fire, flood, or other disaster destroys it? In short, offline alone isn’t necessarily foolproof—and the stakes are too high to rely on a single approach.

Three Options to Consider

1. Online means many things: password managers, encrypted files, or cloud storage. Yes, they come with real risks: hacks, leaks, or exfiltration attacks.
2. Offline seems safer because it requires physical access, yet it’s vulnerable to disasters or theft—and it can be painfully inconvenient when you need quick access.
3. Multisig, MPC, and Account Abstraction primarily focus on transaction signing. They might offer partial recovery features, but you usually still need an offline or online backup of at least one key or password—reintroducing all the usual issues.

Offline Cold Storage

Offline storage (often called “cold”) can range from a piece of paper in a safe deposit box to a specialized hardware wallet. Let’s explore the pros and cons.

Examples of Offline Methods

1. A Safe at Home
   • Pros: Physical security, not internet-exposed.
   • Cons: Safes can be stolen or broken into. Housemates with access may be untrustworthy. Fires or floods can destroy paper backups.
2. A Hidden Location
   • Pros: Less conspicuous to thieves.
   • Cons: Housemates, Contractors, children, visitors, or simply forgetfulness can lead to accidental discovery or loss.
3. A Bank Safety Deposit Box
   • Pros: High physical security, low theft risk.
   • Cons: Inconvenient hours, high fees, and fewer banks offer them now. Not ideal for 24/7 crypto. Still at risk of fire, flood, or other disaster.

Typical Offline Formats

1. Paper
   • Pros: Cheap, easy, readily available
   • Cons: Fades and Decays over time. Fire, heat, or water can destroy it.
2. Metal
   • Pros: longevity, withstand water and typical high heat
   • Cons: challenging to create. Not indestructible at extreme temperatures.
3. Air-Gapped Digital Media/Hardware Wallets
   • Pros: Digitally native, quick to sign transactions offline.
   • Cons: Storage media degrades over time and will become unusable. Encryption needs a separate decryption key, turning into a new single point of failure if that key is misplaced. An electromagnetic pulse (EMP) could wipe or corrupt the data.

Potential Pitfalls with Offline Storage

• Single Point of Failure: One location—if compromised, you lose everything.
• Natural Disasters: Floods, fires, or other disasters can wipe out your offline stash even if stored in a safety deposit box. These are often far more extreme than most people imagine. For example, in 2024 the mountain town of Ashville, North Carolina was decimated in a flood. Similarly, in 2025 wild fires in Los Angeles, CA annihilated homes. In each case, the events rendered recovering a USB or seed phrase stamped in metal highly unlikely.
• Inheritance Woes: Hard to pass on seamlessly. Writing a seed phrase details into a will is dangerous and so can sharing details of the seed phrase location.
• Payable on Death (POD)/Transfer on Death (TOD): hard to achieve without significant risks of informing others of the seed phrase location.
• Timely access: If you’re away from home and your hardware wallet malfunctions or you do not have the seed phrase for the wallet in need, you’re stuck until you can physically retrieve the seed phrase.
• Social Engineering: convince a family member with knowledge of the location to divulge it.
• Collusion: Those with approximate knowledge of the location could work together to gain access without authorization (bank safety deposit box exception).

Final thought, it is possible to apply something like Shamir Secret Sharing (SSS) to the offline methods. While this increases the complexity, it may also create a greater risk on several dimensions such as more people being aware of its existence, collusion, and social engineering. In an offline scenario, these types of shortcomings with SSS are virtually impossible to mitigate.

Online Storage

Storing your seed phrase in a password manager, cloud drive, or encrypted file is convenient and timely, but it also introduces major risks. The most obvious risk is that the vast majority of these solutions store the data in a centralized location that is subject to compromise.

Examples of Online Methods

1. Password Managers (e.g., LastPass, 1Password, Keypass)
   • Pros: Easy to manage, widely used, encrypted.
   • Cons: They’re prime targets (the bad kind of honeypots) for attackers. Their popularity has led to desktop viruses that attempt to exfiltrate unlocked password managers. Cloud-based breaches have led to stolen vaults, and if a hacker cracks yours—even years later—you’re done. Millions of dollars in crypto have been stolen this exact way. None of these are immune from compromise; this is an abbreviated list of hacks that have occurred:
     1. 1Password: 2019, 2020
     2. LastPass: 2011, 2015, 2016, 2019, Aug 2022, Dec 2022
     3. Dashlane: 2019, 2020
     4. Keeper: 2020
     5. Roboform: 2020
     6. KeePass: 2019
2. Cloud synchronized notepad/documents and Cloud Drives/Cloud Storage
   • Pros: Easy access from anywhere.
   • Cons: If the cloud provider is breached, the attacker may get your sensitive data. Even if they can only retrieve encrypted data, they can brute force it. Exfiltration risk is huge. Often cloud offerings market security and encryption but data is encrypted in transit but not at rest or is encrypted at rest with the same key as all their customers. Thus a compromise of the cloud service would allow direct access to the sensitive data.
3. Encrypted Documents
   • Pros: Built into tools like Microsoft Office
   • Cons: Where to store the file safely? Even Microsoft says: "You should not assume that just because you protect a workbook or worksheet with a password that it is secure..."
4. Secret File on a Local Computer
   • Pros: Simple, no specialized software required.
   • Cons: Malware or viruses can copy it off your machine and hardware failures can destroy your only backup. If you backup your computer, then the backup becomes a new risk.

Potential Pitfalls of Online Storage

• Centralization: On the cloud, on the computer, or on a backup, there is a risk of attacking a single location in the cloud or a virus on a PC and obtaining the seed phrase.
• Inheritance Woes: Hard to pass on seamlessly. Writing a seed phrase details into a will is dangerous and so is sharing details of the seed phrase location and its password.
• Payable on Death (POD)/Transfer on Death (TOD): hard to achieve without significant risks of informing others of the seed phrase location and password.
• Honeypot Hack Risk: This is the unwanted type of honeypot, a high-value attractive target for cybercriminals.
• Security Claims: virtually every service and solution claims to be secure, but they are not equally secure. Security is a continuum. Just because a product is generally considered secure does not mean it is secure enough for a seed phrase as demonstrated by the password manager hacks.

Exploring Online Secret Sharing with Guardians

In the cryptocurrency world, guardian-based approaches to secret sharing have been making headway. We have seen some of this with Ledger Recover, ZenGo Wallet, SLIP-39, and others.

Not all secret-sharing encryption solutions, also known as guardian-based solutions, are created equal, even when utilizing the same underlying encryption scheme. Shamir Secret Sharing (SSS), a popular scheme that has existed for many years, allows for a threshold and shares to be issued (e.g., a 2-of-3 scheme where shares are issued to 3 parties and as long as 2 are available, the secret can be recovered). While SSS is battle-tested and proven, it can reduce liveness, and many implementations are susceptible to collusion, social engineering, lost shares, denial-of-service attacks, network observation, data exfiltration, and more.

Those limitations are not a nail in the coffin for SSS. Each of these secret-sharing limitations can be mitigated by a well-designed solution; however, many solutions in the market only address these to varying levels. Therefore, it is important to take a careful look if selecting such an option.

Multisig, MPC, and Account Abstraction

These can be powerful tools for transaction signing and some forms of key recovery. In particular, “smart wallets” (or contract-based wallets) or configuring multisig signing requirements, can offer superior transactional security depending on how they are configured over single key signing wallets. As such, they are highly recommended for transactional security; however, they often circle back to the same problem: you need at least one key backed up somewhere. If you lose it, it could be disastrous.

Often these solutions let you create “backup keys” and even replace a lost key with a new one. If you create multiple backups, you multiply your risk of theft and still need a place to store the backups.

There are many other types of options in this space. MPC and Account abstraction have opened the door to the classic web “I forgot my password” capabilities, the use of social logins, and more. These too introduce their own security holes—possibly letting a bad actor fake your identity or compromise a service outside of your control. Other solutions in this space open the door to collusion and social engineering attacks by allowing some “friends” to vouch for you. That is not to suggest all implementations are bad; instead, it is to say, that they are not automatically safe. Some offer mitigation strategies like timelocks for the owner to reject a malicious attempt.

More recently, we have seen passkey-based wallets allowing a friendly user experience. By design, passkeys are backed up to online services, like password managers, resulting in material risk as previously identified. We’ll dive deeper into these advanced topics in a future post.

A More Nuanced Approach: SecretShield

SecretShield is a Zero Trust (aka. Trust Minimized) solution built to tackle the core problems of both offline and online approaches maximizing safety and liveness. It merges powerful cryptography with real-world usability leveraging Shamir Secret Sharing while addressing the shortcomings and limitations with a high degree of security that should be more than sufficient for backup and recovery of seed phrases.

How SecretShield Addresses Key Challenges

1. Shamir Secret Sharing: The secrets or seed phrases are broken into shares (or “shards”) that don’t individually reveal or contain any part of the secret.
2. No Centralized Storage: Zero-Trust - The secret or seed phrase is not stored, encrypted, or decrypted on SecretShield’s servers or in the cloud. Data and processing are conducted on decentralized end-user devices.
3. Guardians: Zero-Trust
   1. You choose friends or family to hold shares—not us.
   2. Shards are encrypted and pinned to each device’s hardware security (e.g., Secure Enclave or Trusted Execution Environment). Physical access to the guardian’s device is required to decrypt stored data.
   3. The shards do not reveal any of the secret, the required threshold, or any of the other guardians.
4. Collusion mitigation:
   1. Guardians are unaware of other guardians for the same secret.
   2. Guardians do not have the configuration to request the shares from other guardian devices.
   3. Guardians do not have the configuration to reconstruct (decrypt) the secret
5. Prevent Social Engineering: Guardians cannot extract or access the shares on their own. There is no means to convince a guardian to provide a person shares that does not have rights to it.
6. Recovery Configuration: Only the secret owner (or a designated trustee in cases like inheritance) can trigger a valid recovery request. The configuration is required for reconstruction/decryption.
7. Resiliency/Fault Tolerance: Achieved by issuing extra shares to additional guardians so that only a subset is required for recovery. E.g. 3 of 5.
8. Lost Shares: No problem, if shares are corrupted, deleted, or otherwise no longer accessible, SecretShield will detect this and notify the secret owner so new shares can be issued.
9. Prevent Recovery Denial (denial of service): The shares are verifiable, so accidental corruption or malicious intent can be detected and those shares are excluded from the recovery process.
10. Minimized Network Trust: Communication is end-to-end encrypted (App to App encrypted) using the double ratchet protocol that rotates keys with every message. Thus, there is Zero-Trust in the network and communication is not reliant on HTTPS/TLS for security. Network Services, Equipment, and even SecretShield’s servers cannot access the information contained in the encrypted messages.
11. Offline & Online: Need to recover with no internet? As long as guardians are within about 10 meters, you can complete an offline recovery handshake—no servers needed.

This approach minimizes trust in any single party (including SecretShield).

SecretShield is designed to provide an acceptably high degree of safety and liveness. However, SecretShield is not immune to all risks. For example, nuclear war could break out and EMP’s could wipe out electronic devices. The environment is compromised such as the device or cameras recording you at the point of creating the backup. Alternatively, a secret owner could assign a trustee with instructions that are not enforceable by SecretShield and that trustee could ignore them. While imperfect, this hopes to impress just how much better this solution is over other approaches.

Combining SecretShield with Offline Methods

Neither purely offline or online solutions address all failure domains. By pairing a carefully managed cold storage solution—such as a paper or metal backup in a secure location—with SecretShield, you get the best of both worlds:

• Offline: Protects against extreme catastrophes (e.g., nuclear war, EMP, total internet collapse).
• SecretShield: Provides resilience, convenience, inheritance support, and strong cryptographic defense against collusion or exfiltration.

Comparison Table: Evaluating Different Approaches

Disclaimer: We haven’t covered extreme disasters (e.g., EMP) in detail here, though SecretShield + an offline approach can mitigate many of them.

Conclusion: A Refined Commandment

The old commandment—“Never store your seed phrase online”—made sense when the only “online” choices were insecure password managers or random cloud drives. But today’s reality is more complex:

• Offline can be great for pure safety but is often inconvenient, hard to inherit, and prone to single points of failure.
• Online can be convenient but historically offered huge attack surfaces—hence the original taboo.
• SecretShield demonstrates that a well-designed solution can be far safer than old “offline-only” mantras ever allowed for.

So, do we ditch the commandment altogether? Not exactly. Let’s reframe it:

That’s the new mantra for modern crypto security.

Ready to learn more?

• Check out our in-depth guides on SecretShield features.
• Explore how trustee inheritance can ensure your digital assets are seamlessly passed on.
• Get tips on combining cold storage with share-based protection for total peace of mind.

Still Have Questions?

No problem—crypto is all about verifying. If you’d like a deeper technical dive on how SecretShield addresses issues like social engineering, collusion, data exfiltration, and more, stay tuned for our next blog posts or reach out to us. We’re happy to discuss exactly how each risk is mitigated and why it’s time to evolve beyond “offline-only” dogma.