What is a ‘Secret Recovery Phrase’ and how to keep your crypto wallet secure

A user asks: What is the difference between a seed phrase and a secret recovery phase? Should I share either of them?

This is an excellent question because it addresses the confusion around seed phrases. Explaining this will increase user security and reduce scams.

What is a ‘Secret Recovery Phrase’ and how to keep your crypto wallet secure.

By Alex Herman

New to the decentralised web? This explainer should help.

TL;DR:

  • Blockchain wallets have a master key made up of a 12-word phrase to unlock your wallet on the blockchain.
  • They are usually called “seed phrase.”
  • To avoid confusion, MetaMask is changing from seed phrase to secret recovery phrase.
  • You should NEVER share your secret recovery phrase, aka seed phrase
  • Secret recovery phrase = Seed phrase

User security and better names

At MetaMask, our goal is to build the most secure software and minimize risk for people. Recently, people have been losing their funds due to sharing their master key of their wallet with scammers. Before May 2021, the master key in MetaMask was called the “Seed Phrase”.

We have concluded that this name does not properly convey the critical importance that this master key has for user security through user research and insights from our customer support team. This is why we will be changing our naming of this master key, formerly known as the seed phrase, to “Secret Recovery Phrase”. `

Note: Through May and June of 2021, we will be phasing out the use of “seed phrase” in our application and support articles and eventually exclusively calling it a “Secret Recovery Phrase.” No action is required. This is only a name change. We will be rolling this out on both the extension and the mobile app for all users.

MetaMask is an account where you can deposit fiat currency and convert it to a digital currency like Ethereum, which cannot be interfered with by private or public institutions. MetaMask is also a self-managed wallet that allows you to transact with that currency over the internet, enable you to swap tokens to diversify your portfolio, and hedge risk even further - and all without requiring a user to offer up any personally identifiable data.

There are two of the great benefits of using a digital 'self-managed wallet: (1) no institution or bad actor can reach into your account to steal or prevent access to your funds, and (2) no merchant you transact with via MetaMask can access more of your personal data than you reveal.

The trade-off? Because a MetaMask wallet is self-managed, the responsibility for keeping that wallet safe is entirely on you.

With MetaMask, control over your wallet belongs to the holder of a master key (that’s YOU!).

The Secret Recovery Phrase is a unique 12-word phrase generated when you first set up MetaMask. Again, this is the same thing as a seed phrase. Your funds are connected to that phrase. If you ever lose your password, your Secret Recovery Phrase allows you to recover your wallet and your funds. Write it down on paper and hide it somewhere, put it in a safety deposit box, or use a secure password manager. Some users even engrave their phrases into metal plates!

Not even the team at MetaMask can help you recover your account or wallet if you lose your Secret Recovery Phrase. As long as you keep this phrase safe and sound, your wallet will be secure.

Never ever share your Secret Recovery Phrase with anyone. Sharing your Secret Recovery Phrase with someone would be like handing over the pin code to your bank card or the keys to your house. It would give that person the ability to access and transfer all of your funds. The MetaMask team will never ask you for it. If anyone or any website asks you to share it, they’re trying to scam you.

If you’re more of a visual learner, this quick video should help:

Here are a few essential security tips to help you keep your wallet secure

  • What’s the difference between a Secret Recovery Phrase and a password? Why do I need both?

MetaMask locally encrypts your secret recovery phrase with your password. That means that no one can use your funds when you lock your wallet until you enter your password again. If you forget your password, you can regain access to your account with the Secret Recovery Phrase, as it’s the key to access your wallet that only you hold. It’s important to know that neither MetaMask nor anyone else can change or recover your seed phrase if it’s lost. Please guard it well!

  • How To Reveal (and Recover) Your Secret Recovery Phrase

You’ll be prompted to set your Secret Recovery Phrase and password when you first log in to MetaMask. If you lose it, you should be able to recover it if you remember your password, AND you have a copy of your vault data. You can attempt to find your vault data (either locally on your computer or on a backup of the computer) using these instructions:

If you lose your Secret Recovery Phrase AND forget your password, there is no way to recover the phrase and access your account.

  • Don’t share your secret recovery phrase and private keys

This has been mentioned already, but it doesn’t hurt to be thorough: anyone who has your Secret Recovery Phrase or private keys could send Ether or tokens out of your accounts. Never share your Secret Recovery Phrase or private keys with anyone - not even the MetaMask team. We will never ask you for this information. If anyone claims to be a MetaMask team member and asks you for this information, please report them immediately via: support@metamask.io.

  • If you have a large amount of ETH/token in your accounts, consider getting a hardware wallet.

Hardware wallets, like Trezor and Ledger, are commonly thought to be a safer way to store your Ether or tokens. It signs transactions through the private keys, which are stored offline.

These are essential tips but are by no means an exhaustive list of security options. Keep on top of token security trends and updates by learning from the Ethereum community, reading helpful material (like this post) and joining discussion channels like this.

If you see members of the community struggling with security, feel free to share this post. Remember, if you need any help or would like to report accounts that are imitating MetaMask, join our Discord or open an issue at support.metamask.io.

Got any more questions? Check out our FAQs or reach out to us here.

Click here to download MetaMask.

3 Likes

This is insightful, thanks for writing!

8 Likes