- 12 words = 128 bits of entropy (common). 24 words = 256 bits of entropy (stronger). The checksum math is part of the BIP-39 standard.
- Passphrase (often called a 25th word) is optional extra security; it’s not stored on the device and if you forget it you lose access. See more at passphrase-25th-word.
And yes, I still recommend using a metal backup if you plan to hold long-term.
For formats and error cases see seed-phrase-management and restore-recovery.
Private keys and self-custody
Private keys are the numbers that prove ownership of funds on a blockchain. Non-custodial means you hold those keys (self-custody). Hardware wallets keep keys on-device so signing is isolated from your phone or computer.
Secure element explained (what is secure element)
Secure element explained: a secure element is a tamper-resistant chip on the device that stores private keys and executes cryptographic operations inside a protected environment. What is secure element compared with a normal microcontroller? The secure element resists physical attacks, side-channel analysis, and forced readout.
Secure element chips are one piece of a layered security architecture. For more on device internals see security-architecture.
Air-gapped signing
Air-gapped means the device signs transactions without any direct wired or wireless connection to the internet. Examples: QR-code-based signing or USB only with a dedicated, offline computer. This reduces attack surface but adds friction.
Firmware
Firmware is the internal code running the hardware wallet. Always verify firmware authenticity before installing. Unauthorized firmware can expose private keys. See step-by-step updates: how-to-update-firmware-steps and verification notes at firmware-updates-verification.
Multi-signature / multisig (what is multisig)
Multi-signature (multisig) is an arrangement where multiple devices or keys must sign a transaction before funds move (e.g., 2-of-3). It reduces a single point of failure and is commonly used for business wallets, family vaults, or higher-value personal vaults.
For setup details and compatibility, see multisig-setup and multisig-setup-compatibility.
Seed phrase best practices & backup options
Short, practical checklist:
- Never take a cloud photo of your seed phrase. Ever. (Phones get backed up.)
- Use a metal backup plate for long-term durability (fire, water, corrosion resistant).
- Consider SLIP-39 (Shamir backup) if you want split shares and threshold recovery. SLIP-39 adds flexibility but reduces compatibility with standard BIP-39 wallets.
- Test a restore on a spare device or emulator before you need it.
Step-by-step: create seed phrase -> write to secure medium -> verify by restoring on a test device -> store geographically separate copies. See full backup guide: seed-phrase-management.
But don’t confuse redundancy with security; more copies means more exposure risk.
Secure element and supply-chain checks
Supply-chain tampering is real. A device could be intercepted and altered before it reaches you. Two practical defenses:
- Inspect packaging and seals on arrival, then initialize the device from factory settings (never accept a pre-initialized device). See supply-chain-tamper.
- Verify firmware signatures during updates (firmware cryptographic checks prevent unauthorized code). See firmware-update.
In my testing I’ve found that verifying signatures after a firmware update catches most obvious tampering attempts.
Connectivity: Bluetooth vs USB vs NFC (comparison)
Short answer: Bluetooth adds convenience for mobile use but increases the attack surface; USB is straightforward and common; NFC is niche and typically low-bandwidth.
| Connection |
Pros |
Cons |
Typical use case |
| USB |
Reliable, fast, works with desktops |
Needs cable or adapter |
Daily desktop transactions |
| Bluetooth |
Wireless, mobile-friendly |
More attack surface if paired incorrectly |
Mobile wallets, on-the-go signing |
| NFC |
Simple tap, low power |
Limited app support |
Contactless signing on supported phones |
See deeper security notes at connectivity-bluetooth-usb.
Is Bluetooth safe? The FAQ below covers that.
Multisig basics and real-world setups
Why use multisig? It mitigates single-device loss, theft, or vendor failure. Example setups:
- Personal 2-of-3: two devices you control plus a geographically-separated backup seed.
- Family 2-of-3: distribute keys among trusted relatives for inheritance planning.
- Organization N-of-M: multiple signers for corporate treasuries.
Drawbacks: more complex recovery, compatibility considerations, and sometimes higher fees (on certain blockchains). Practical walkthroughs: multisig-setup and comparison-multisig-setup-guide.
Firmware updates: why and how to verify
Why update? Firmware often fixes bugs, patches vulnerabilities, and adds coin support. Why verify? A signed firmware provides cryptographic assurance the code is authentic.
How to verify (step-by-step):
- Download update from the official source link inside your wallet’s companion app (do not follow random links).
- Check the firmware’s signature using the device or companion app (many wallets show a verification result).
- If a verification step fails, stop and consult the device support pages: firmware-updates-verification and how-to-update-firmware-steps.
Common mistakes and cold-storage strategies
Common mistakes I still see:
- Buying hardware wallets from unofficial sellers (risk of tampering). See where-to-buy-safely.
- Photographing or typing your seed phrase into cloud-synced apps.
- Ignoring firmware verification.
Cold-storage strategies vary by threat model. Single-sig is simple and adequate for many. Multisig adds resilience for larger balances. Spread backups across locations and have an inheritance plan (see inheritance-planning and geo-distribution-storage).
Comparison tables: quick reference
Connectivity comparison (already above) and backup strategies:
| Backup method |
Durability |
Ease of use |
Compatibility |
| Paper (written) |
Low |
High |
High (BIP-39) |
| Metal plate |
Very high |
Medium |
High (BIP-39) |
| SLIP-39 shares |
High (redundant) |
Medium |
Limited (SLIP-39 wallets) |
For feature-by-feature wallet comparisons see comparison-table and compare-other-hardware.
FAQ
Q: Can I recover my crypto if the device breaks?
A: Yes, if you have the seed phrase. A recovery on a compatible wallet restores access. For step-by-step recovery see recover-if-broken.
Q: What happens if the company goes bankrupt?
A: Your funds are not stored by the company if you control your private keys. Hardware manufacturers provide the tool to sign; the keys are yours. Plan for vendor risk by using open standards and documented recovery options. See company-bankrupt.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth introduces additional risks compared with USB. Practical mitigations include pairing only with trusted devices, keeping the wallet firmware up to date, and using optional passphrase protection. For detailed guidance see connectivity-bluetooth-usb.
Q: What is the difference between BIP-39 and SLIP-39?
A: BIP-39 is the common 12/24-word seed standard. SLIP-39 (Shamir backup) splits a recovery into multiple shares with a threshold. SLIP-39 gives flexibility but is less widely compatible.
Q: What if I forget my passphrase (25th word)?
A: If you forget the passphrase, funds are effectively lost unless you have another copy or can recall it. Treat the passphrase like a separate secret. See passphrase-25th-word.
Conclusion & where to go next (CTA)
Glossaries are most useful when paired with hands-on practice. Start with a controlled setup: unbox, initialize, write the seed phrase by hand, and perform a test restore. If you want guided steps, check the setup walkthroughs and firmware guides:
If you have a specific term you want clarified, ask — I’ll expand this glossary with hands-on examples and screen-by-screen notes.
But remember: plain words written clearly and one tested restore are worth hours of theory.
