BIP39 seed phrase: a complete guide

If there is one thing to remember from the entire Store topic, it is this: your seed phrase×Seed phraseSequence of 12 or 24 words (usually in English) that encodes your master key. Universal wallet backup : with these words, you can restore your funds on any compatible software.See in the lexicon → is your wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon →. The Ledger×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → hardware, the Phoenix app, the Sparrow desktop wallet are only interfaces; the 12 or 24 words that appear when the wallet is created are the cryptographic root of all your bitcoins. Losing the seed equals losing the funds. Letting a third party know the seed equals handing the funds over.

This article goes through the BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon → seed phrase in detail: its mathematical nature, the right way to generate it, how to back it up so it survives a fire or a move, the anti-patterns that regularly cause people to lose millions, adding a passphrase×PassphraseExtra word or phrase you add to your seed phrase to create a hidden wallet. Optional security layer, independent of the seed.See in the lexicon → for higher-risk profiles, and the advanced options (Shamir Backup, social recovery, multisig×Multisig (multi-signature)Configuration where a transaction must be signed by several independent keys to be valid (for example 2 of 3). Reduces the risk that a single key theft causes loss of funds.See in the lexicon →) for cases where a single seed no longer suffices. All of it kept usable for a beginner, because the beginner is precisely the most exposed.

What a seed phrase actually is

The seed phrase×Seed phraseSequence of 12 or 24 words (usually in English) that encodes your master key. Universal wallet backup : with these words, you can restore your funds on any compatible software.See in the lexicon → is defined by the BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon → standard (Bitcoin Improvement Proposal number 39), published in 2013. It is made of 12 or 24 words drawn from a public list of 2,048 words (the wordlist), available in several languages (English by default, but also French, Spanish, Italian, Japanese, simplified Chinese, etc.). Each word encodes 11 bits of information; 12 words represent 128 bits of entropy, 24 words 256.

This sequence of words is not the private key×Private keySecret number that proves ownership of bitcoins at a given address. Whoever holds the private key holds the bitcoins. Never share it and never store it in plain text.See in the lexicon → itself. It serves as the seed for a deterministic algorithm (BIP32 / BIP44) that derives a hierarchical tree of private keys: one for each Bitcoin address×Bitcoin addressString of characters that identifies a destination for receiving bitcoins. Four main formats, starting with 1..., 3..., bc1q... or bc1p... (Taproot, the recommended format in 2026).See in the lexicon → in your wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon →, with no practical limit. This derivation is fully reproducible: from the same seed, any BIP39-compatible wallet will rebuild exactly the same addresses and the same keys.

Three direct consequences of this design:

• Full portability. If your Ledger×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → breaks, you restore your wallet on a Trezor×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon →, a BitBox02, a Coldcard×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → or a software wallet such as Sparrow, by entering the 12 or 24 words. All the bitcoins reappear.
• Security through entropy. 128 bits of entropy are already unbreakable by brute force with the world's computing power; 256 bits are beyond any foreseeable classical or quantum threat. An attacker who doesn't know the seed has no mathematical way to guess it.
• No online trace. A properly generated seed exists nowhere on the internet, in no manufacturer's server. No one can "reset" your wallet for you: there is no "forgot my password" button.

It is this last property that gives Bitcoin self-custody×Self-custodyModel in which you hold your own private keys. Your bitcoins depend on no third party. This is Bitcoin's founding promise.See in the lexicon → all its power and all its danger: your seed is the only proof of ownership, with no recourse.

Generating your seed cleanly

The quality of a seed depends entirely on the quality of the entropy used to create it. A seed generated from a poor random source (weak PRNG, biased dice, biased source) will be predictable and therefore guessable by an attacker. That is why one simple rule applies: the seed is generated on a dedicated hardware wallet×Hardware walletSmall dedicated device (Ledger, Trezor, Coldcard, BitBox, etc.) that keeps the private key away from a potentially compromised computer. Signs transactions inside the device itself.See in the lexicon →, never anywhere else.

Concretely, a modern hardware (Ledger×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → Nano S+ / Stax, Trezor×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → Safe 5, Coldcard×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → Q, BitBox02, BitKey) embeds a certified hardware entropy generator, isolated from the host operating system, sometimes certified EAL5+ or Common Criteria. The seed is created inside the secure element, displayed once on the device screen, and never sent to the PC or the internet. You write down the 24 words by hand during that single setup session.

Conversely, several generation sources must be ruled out absolutely:

• A website that "generates your BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon → seed" in JavaScript in the browser. Even if the code is open source×Open sourceSoftware whose source code is public and modifiable by anyone. A fundamental auditability guarantee in Bitcoin.See in the lexicon → and auditable, you have no way to know what actually runs in the page you load at that precise moment. Massive risk of silent exfiltration.
• An unaudited software wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon → on PC or phone. The operating system PRNG is usually fine, but the app may log, leak or store the seed. Acceptable only for small amounts and with a strong-reputation software (Sparrow, Electrum, Phoenix), never as first choice for the main vault×VaultCustody setup for long-term storage, often multisig, kept offline and touched rarely.See in the lexicon →.
• Pre-printed seed shipped with a hardware bought on a third-party marketplace (Amazon, Vinted, eBay). A seed already known to an attacker means they empty your wallet on the first deposit. Buy strictly directly from the manufacturer, or from an official reseller listed on its site.
• Personal "idea" (memorable phrase, logical sequence, famous quote): near-zero entropy, trivial brute force.

For the most paranoid, some hardware devices (Coldcard, Trezor Safe 5) allow generating the seed from manual dice rolls, whose entropy is then combined with the secure element's. Extra setup time: 15 to 30 minutes. Confidence gain: non-negligible for six-figure vaults.

Backing up: paper, metal, redundancy

A well-generated but badly backed-up seed is still a major risk. Three physical media are conceivable, in increasing order of robustness.

Paper. The default medium, shipped in the hardware box as a cardboard card. Zero cost, easy to write on. Vulnerable to fire, water, humidity, light (UV that fades the ink), rodents and time. Acceptable for small amounts (up to 1,000 EUR) or as a temporary backup while waiting for a metal solution. Store in a dry, dark place, ideally in a waterproof plastic pouch.

Engraved metal plate. A stainless-steel or titanium plate on which the 24 words are engraved or punched. Cost: 50 to 150 EUR. Reference brands: Cryptosteel Capsule, Hodlr Steel, SeedXOR, Steely, Stamp Seed, Blockmit. Proven resistance to domestic fire (1,000 to 1,200 °C), corrosion, shock and prolonged immersion. Lifetime one-off purchase. This is the standard for any amount above 1,000 EUR, and the vast majority of serious bitcoiners have at least one.

Metal plate with separate passphrase×PassphraseExtra word or phrase you add to your seed phrase to create a hidden wallet. Optional security layer, independent of the seed.See in the lexicon →. Advanced variant: the seed is on one plate, the BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon → passphrase (see below) is on another, kept in two distinct locations. A thief who finds only one cannot access the funds. Worth considering above 10,000 EUR.

Beyond the medium, geographic redundancy is the practice that makes the difference between a fragile and a reliable backup. A single plate at home is a single point of failure: a burglary, a fire, a botched move, and everything is lost. Two copies in two distinct locations (home + bank safe, or home + trusted relative, or home + second home) protect against all local incidents. Three copies on three different sites are the norm for six-figure-plus estates.

One last rule, often forgotten: test the restore at least once, ideally after every hardware migration. Take your plate, initialise a throwaway wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon → on a blank hardware, enter the 24 words, check that an address you know from your original wallet reappears. If yes, you know the backup works. If no, you find out while you still have the original.

The BIP39 passphrase, or "25th word"

The BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon → standard provides, on top of the 12 or 24 words, an optional secret chosen by the user: the passphrase×PassphraseExtra word or phrase you add to your seed phrase to create a hidden wallet. Optional security layer, independent of the seed.See in the lexicon →, often called the "25th word" loosely. It can be a single word, a full sentence or any arbitrary string. It combines cryptographically with the seed to generate an entirely separate wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon →.

Practical consequences:

• With the passphrase, you access a hidden wallet. Without it (or with a different passphrase), you access another wallet, which can serve as a decoy. An attacker who finds the 24 words without knowing the passphrase only reaches the decoy wallet, which can be left intentionally almost empty ("plausible deniability").
• The passphrase is never stored by the hardware. You retype it every time you use the hidden wallet. It lives in your memory or on a physical medium separate from the seed.
• Forgetting the passphrase equals losing the funds. There is no recovery procedure. This is the main operational risk and the reason the passphrase is not recommended to a beginner for their first 500 EUR.

Usage best practices:

• A strong passphrase is long (at least 20 characters), random, and includes uppercase, lowercase, digits, symbols. A memorable but unique sentence also works ("my-real-yacht-is-moored-in-geneva-port-1992"), provided it cannot be derived from your public life.
• Test first with a small amount. Send 10 EUR to the hidden wallet, check you can retrieve it by re-entering the passphrase, then only transfer the bulk of your stack.
• Back the passphrase up separately from the seed, on a different metal plate, in a different location. The separation is the whole point: a burglar who finds both in the same place cancels the effect.
• For six-figure amounts, consider a memorised passphrase (nothing written) if memorisation is reliable, or a device like Steely passphrase with separate physical storage.

The right moment to add a passphrase: when your amount comfortably exceeds your tolerance to a burglary loss. Below that, the risk of forgetting is statistically larger than the risk of physical theft. Above, the reverse becomes true.

Advanced cases: Shamir, multisig, social recovery

For significant estates or specific contexts (succession, risky travel, public exposure), a single seed on two metal plates shows its limits. Three advanced solutions exist.

Shamir Backup (SLIP39). Standard implemented by Trezor×Ledger, Trezor, Coldcard, BitBoxMain hardware wallet brands. Ledger Nano S Plus / X (French, the best-seller), Trezor Model T (Czech, open source), Coldcard Mk4 (Canadian, ultra-secure, Bitcoin-only), BitBox02 (Swiss, open source).See in the lexicon → (Safe 3 and Safe 5) that splits the seed into N shares, only M of which are needed to rebuild it (for example 3 out of 5). You distribute the shares geographically and to relatives; no single holder can access the funds, but if one or two shares are lost, rebuilding is still possible. Ideal for long-term resilience and succession transmission. Different from standard BIP39×BIP39Standard defining the list of 2,048 words used for seed phrases. Lets every wallet brand generate seeds that are compatible with each other.See in the lexicon →: not every wallet×WalletSoftware or device that manages your Bitcoin keys and lets you sign transactions. A wallet does not really « hold » your bitcoins, it holds the keys that prove you own them.See in the lexicon → supports it.

Multisig×Multisig (multi-signature)Configuration where a transaction must be signed by several independent keys to be valid (for example 2 of 3). Reduces the risk that a single key theft causes loss of funds.See in the lexicon →. Rather than splitting one seed, you use several distinct seeds to sign each transaction (for example 2 signatures from 3 cosigners). Each seed remains a regular BIP39, but the wallet requires several signatures to move funds. Key benefit: no single seed gives access to the funds, even if stolen. Turnkey solutions: Casa, Unchained, NunchUk. Personal solution: Sparrow Wallet with three hardwares from different brands (reduces manufacturer-specific bug risk). Worth considering from 100,000 EUR. Topic detailed in the multisig article article.

Social recovery. A modern variant where "guardians" (relatives, notary, third-party service) can collectively help recover a wallet in case of loss. Implemented by some mobile apps (mainly Argent on Ethereum, a few Bitcoin experiments) or integrated in services like Casa. Interesting trade-off for non-technical users; to be evaluated case by case as it introduces dependence on a third party.

A word on succession transmission, which often comes up alongside Shamir and multisig. The golden rule: organise during your lifetime. An instruction letter (without the seed itself) deposited with a notary or a trusted relative, explaining where to find the plates, how to use them, who to contact in case of doubt. Without that, your bitcoins die with you. Topic developed in the Bitcoin inheritance article.