There are many ways and recommendations on how to store the so-called seed - the most important "password" to your bitcoin. I don't claim to know the best solution, or even that there is one. But I do offer a list of steps to consider at a minimum. But please don't be intimidated by the complexity. It's better to do at least something for security than to do nothing for complexity or the pursuit of a perfect solution.
Getting ready
-
Buy a Trezor T
-
Download the Trezor Suite app ...You run the app and plug the Trezor into your computer.
-
Install bitcoin-only firmware
-
Create a Shamir backup
- This means you'll have that master password (seed) split into three parts. You'll need two of them to have the account, and the third is the backup. If you lost one, broke it, someone saw it, etc. Of course you can use another scheme like 3/5 etc. but for simplicity I recommend 2/3.
- Just rewrite the words on separate papers. On each paper just one of the three parts. Fold the paper so that the password is not visible.
- ⛔️ Never type the seed into a computer, cell phone, or take a picture of it. ⛔️
- You can further increase security by acquiring some of the metal plates. However, it's quite expensive and you can make such upgrades later. The options are many, but I don't have a favorite among them yet.
- Save the individual shares of the shamir
- I would keep one part somewhere with you - in a relatively accessible place. Somewhere you can get to at any time within an hour.
- The second can be hours away
- And the third ideally in a completely different part of the world. If you don't have anyone intimate and geographically distant, then maybe take it somewhere far away, but where you can return once a year or get there if you need to. Locate the various parts of the shamir before you send any bitcoin to your Trezor.
- Make sure you have everything written down correctly
In the Suite you can find it in
settings→device→check backup.
-
In Suite, add a test bitcoin - called a bitcoin testnet.
- Generate a test address. It will probably start with "tb1q..." but it depends what type of account you chose.
- Google some "bitcoin testnet faucet". And send a test bitcoin to your test address. It won't cost you anything and you'll get a better understanding of how it works. At the time of writing https://bitcoinfaucet.uo1.net/ works.
- Check in Suite that your test bitcoin has arrived. I recommend checking an independent source at the same time. In my opinion, the current best is https://mempool.space/
-
Erase your Trezor This one is a bit mentally challenging, but really worth it.. just go into
settings→danger area→factory resetand erase your Trezor. This will give you a taste of what happens if you lose your Trezor. -
Then setup the Trezor again Use the passwords you prepared earlier. If you have done this correctly, you will again find the test bitcoins in the Trezor that you sent before. In the same way, you can reset the Trezor with real bitcoin when you need it one day.
-
Set up a PIN code So that no one can easily get into your Trezor. Warning. ou can theoretically get the Seed out of the Trezor even if you use a pin. However, this will delay a potential attacker and give you plenty of time to react by transferring the bitcoin elsewhere.
-
Consider setting up a WIPE code If someone threatens you, you can enter a WIPE code instead of a PIN and the Trezor will be completely deleted. You have a backup safely stored so you don't mind. Currently you need to use the command line to do this, but I believe we will eventually get this into the Trezor Suite.
-
Use a passphrase Text or at least a word that you believe you can safely and perfectly accurately remember. At the same time, I would personally communicate it to someone you trust who also has no other information about your backup. Also, write down the passphrase and keep it with the same precision as the individual parts of the shamir backup.
-
Congratulations. You have mastered the complete bitcoin backup. 🎉
Put the real money on
Don't buy bitcoin on exchanges as this reveals personal information about you. This probably doesn't bother you today, but you never know how someone will handle such information in the future. What's once on the internet usually doesn't make it off the internet.
If you need to accept bitcoin somewhere in the field, use a mobile wallet (like Muun) and once you're in a quiet environment, transfer the funds to your secure Trezor with a minimal fee.
Keys management
Once a year, check that you have everything in order. Make sure all the parts are where they should be and that you trust that no one has gotten to them.
Account cancellation
If something has gone wrong, create a new setup immediately - ideally using a second Trezor. Feel free to skip some security features if you're in a hurry. It depends on how serious the problem is. For example, if you've lost one part of a backup, it's not a matter of minutes. Still, it's important to resolve it as soon as possible.
Put together the two most accessible parts of the seed and transfer all resources to the new Trezor.
Then destroy the original backup - all shamir parts including the passphrase and erase the original Trezor. You can then safely use the newly setuped Trezor again.