Everything you need to know about the 12-word recovery phrase
You often hear people in the cryptocurrency ecosystem use terms like '12-word seed', '12 word phrase', '12 words backup', '24 words backup', 'mnemonic phrase', 'recovery key' etc. If you have ever wanted to learn more about these magical words, Exodus has you covered!
This article covers the most basic aspects of these magical words which ultimately control the keys of your crypto kingdom.
What is a 12 word phrase?
The 12 words are the master private key generated for your wallet. If you have already read our article about private keys, you will understand that each wallet's receive address has a private key which is used make transactions and prove ownership of the funds in the address. All these private keys are generated from and tied to this master private key that is the 12-word or mnemonic phrase.
These words help you recover your funds in case your computer crashes or anything else happens which prevents you from accessing your wallet on the computer it is installed on.
Anybody else who discovers the phrase can steal the funds, so it must be kept safe like your other valuables. It must not be stored in any electronic or digital form - more on this below.
How is a seed phrase generated?
A simple explanation of how seed phrases work is that the wallet has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.
Exodus uses the English-language wordlist of the BIP39 standard which has 2048 words. If the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132, meaning 2 to the power of 132, and the phrase would have 132 bits of security.
However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure. If you want to know how many, you can have a look here: http://bugcharmer.blogspot.com/2012/06/how-big-is-2128.html
When your 12-word phrase is converted into a seed integer, or number, for your wallet, the seed integer is used with a standard derivation algorithm, or formula, to derive, or generate, your master private key.
From this master private key, a very large number (almost infinite for all practical purposes) of private and public keys can be derived with the standard derivation formula. Given that the same master private key is used with the derivation formula, the same private and public keys will always be generated.
Also, different blockchain assets have different starting points in the derivation formula, which prevents differing assets from generating overlapping keys.
It is important to understand that the seed doesn't represent the private key, but it is used to derive your private and public keys to a series of processes described in the following Bitcoin Improvement Proposals (BIPs):
This is a rather lengthy and technical bit of reading, but below is a basic summary.
BIP32 describes how to use a master private key to generate (derive) a bunch of child private keys. These child keys are guaranteed to be 256 bit because of the process that is used to derive them.
BIP39 describes the seed generation. Although the 12-word seed is 128 bit, the derivation process described in BIP32 will ensure that the child keys are 256 bit, but the randomness (entropy) of those keys will be equal to 128 bit.
BIP44 describes a derivation path. In basic terms, it sets the properties that used to derive private keys as described in BIP32. These properties, for example, can indicate what type of coin this is (BTC, BCH etc.).
How to store your Exodus 12-word phrase?
You might have heard this already - anything that is online is hackable! The same holds true for your 12-word seed phrase.
Write down the seed phrase on a piece of paper or print them out using a secure network printer. It is always advised to have multiple copies of your seed phrase and store it in multiple locations to prevent loss from calamities like floods, earthquake, fire, etc. For more tips on 12-word phrase safety, check out our article The Do's and Don'ts of 12 Word Phrases and Private Keys.
Ensure that you write down the seed phrase in the correct order without any spelling mistakes! Exodus tags each word of your seed phrase with the order in which it needs to be written down, so make sure you follow the order. Entering the seed phrase incorrectly (wrong order or spelling) will result in you not being able to access your wallet.
Where does Exodus store the 12-word seed phrase?
Your 12-word seed phrase is stored in an encrypted manner on the computer you install Exodus on. We do not store your 12-word seed phrase on our servers, nor do we have any access to it. This is done in the true spirit of cryptocurrency that gives full control of the funds to the owner of the Private Keys. As Andreas Antonopoulos' famous quote goes: "Your keys, your bitcoin. Not your keys, not your bitcoin".
Also, by doing this, we protect you in the event of a hack on our servers. The hacker wouldn't find any information that gives access to your wallet and funds.
However, this means that you are solely responsible to ensure the safety and security of these words; if you ever forget your password and lose these 12-words, your funds are irretrievable! We cannot help you by recreating your seed phrase or reseting your password as we do not store anything on our end.
Securing your 12-word seed phrase.
As mentioned previously, you must never store your seed phrase on a device that connects to the internet.
Following are some of the most common places where your seed phrase must not be stored: the notepad of your computer, as images on your laptop/mobile/tablet etc., file sharing services like Dropbox, MegaBox, OneDrive, Google Drive, iCloud etc., e-mail drafts, word/excel/ppt files, password protected files, USB drives, etc.
The threats are digital and online, so the best way to protect them is by keeping them in analog and offline storage: good, old-fashioned paper.
Using the 12-word phrase.
The average user would never need to access the 12-word phrase, unless their computer gives up and hence the wallet requires restoration on another computer. These days, there are hundreds forks/airdrops of every token out there - more often than not these forked/airdropped tokens are worthless but do require the user to enter their 12-words or private keys on another wallet to claim them. Doing this is a security risk as your 12-words are may be compromised as soon as you expose them anywhere online - you never know who is lurking around, even an insecure internet router/WiFi password can cause loss of all your digital funds stored inside Exodus.
If you have to absolutely access the forked/airdropped tokens it is recommended to create an additional wallet where your funds can be stored until the fork/airdrop date. This way you can move your funds back to the original wallet while being able to use the new (temporary) wallet's 12-word seed phrase or private keys to access the airdropped/forked tokens.
Security of your wallet.
The online world can be a dangerous place and simply keeping your 12-word phrase safe is not always enough. Malware infected computers can render your wallet vulnerable and susceptible to theft! Our article How do I keep my money safe? dives deep into keeping your computer safe and offers tips for safe online browsing.