Storing Seeds and Passphrases
If an attacker gets your Bip39 seed and passphrase, they have access to all the accounts that can be generated with that seed and passphrase. You must use extreme care and caution when recording or storing your seeds and passphrases.
There are many ways to safely store and secure Bip39 seeds and passphrases. Ultimately it is up to you and what you are willing/comfortable doing for your own security. Here are some recommendations:
Writing seed phrases or passphrases down on paper.
- If you do decide to write on a piece of paper, consider having two copies in case one copy becomes so degraded through wear-and-tear as to be completely unreadable.
Storing them encrypted in KeePassX databases on SD cards is another option (although this is only good for temporary storage).
Storing Bip39 seeds in separate locations or devices from Bip39 passphrases.
Storing them across multiple digital and physical devices and locations.
Storing pieces of passphrases and seeds in different places using Shamir Secret Sharing.
Storing partial seeds or passphrases and memorizing or Shamir secret sharing the other pieces.
Doing a combination of all the above.
Note that the more steps involved, including the use of memorization, the higher the risk of losing or failing to recreate the seed.