A secure paper wallet generation process: boot from a trusted, verified Tails OS USB on a machine with no wireless hardware. Generate entropy using dice rolls (a minimum of 50 six-sided die rolls for 128 bits of entropy, or 99 rolls for a Bitcoin private key), convert to the required format using a local tool (such as Ian Coleman's BIP39 tool downloaded and run offline), print using a printer that has never been and will never be internet-connected (laser preferred — inkjet ink can fade and smear), then power off the Tails machine.

The resulting paper should be laminated to protect against moisture and physical damage, then stored in a sealed, dark, dry location. Multiple copies should be made and stored in geographically separate locations.

The most underappreciated risk with paper wallets is long-term degradation. Thermal paper (used in many printers) can fade to illegibility within a few years. Laser-printed text on acid-free archival paper is more durable but still subject to physical damage. A paper wallet intended as multi-decade storage should be made with archival-quality materials and stored in archival conditions.

For truly long-term storage — 10 years or more — metal backup is the standard recommendation among serious self-custody practitioners.

Products like Cryptosteel Capsule and Cryptotag Zeus use a letter stamping approach: individual stainless steel letter tiles are assembled to spell out the seed words (using the first four letters of each BIP39 word, which are unique) and locked into a stainless steel housing.

Cryptosteel Capsule is a tubular design that seals the tiles inside a hollow steel cylinder. It is compact and the cylindrical form offers good physical protection. Cryptotag Zeus uses a two-plate design with engraved plates compressed together. Both have been independently fire-tested and rated to survive conditions well beyond typical house fires.

Many self-custody practitioners prefer the simplicity and cost-effectiveness of DIY metal engraving. A stainless steel plate ($5–20), a center punch or letter stamp set, and a hammer can produce a highly durable backup at minimal cost. The key material consideration is steel grade: 304 stainless steel (food-grade) is the minimum acceptable; 316 marine-grade stainless offers better corrosion resistance for environments with salt water exposure.

A 2mm thick stainless plate that has been center-punched is effectively indestructible under any realistic scenario. The trade-off is aesthetics and the slight risk of legibility issues if stamping is done poorly.

Titanium offers superior strength-to-weight ratio and exceptional corrosion resistance compared to stainless steel. Products like Titanium Backup (and DIY titanium plate approaches) are favored by practitioners who want maximum physical durability in a lightweight form. Titanium's melting point of 1668°C exceeds stainless steel and is well beyond any temperature achievable in a residential or commercial fire.

VeraCrypt is the standard tool for encrypted container creation. A VeraCrypt container holding your seed phrase, encrypted with a strong passphrase that you have memorized or separately secured, provides a backup that is useless to anyone who finds the media without the passphrase.

The backup should be stored on write-once media (DVD-R or similar) and/or on multiple USB drives stored in separate locations. The VeraCrypt container should be created and populated on an air-gapped machine to prevent any internet exposure during the process.

Seed phrase security has exactly two failure modes, and they pull in opposite directions. The first failure mode is loss: the seed phrase is inaccessible when needed due to physical damage, forgetting, or insufficient redundancy. The second failure mode is theft: someone discovers the seed phrase and drains the wallet.

Security measures that protect against loss (multiple copies in multiple locations) increase exposure to theft (more copies means more places where someone could find it). Security measures that protect against theft (minimal copies, hidden locations) increase loss risk (fewer recovery options). The art of seed phrase security is navigating this trade-off correctly for your specific situation.

A fireproof and waterproof safe bolted to a structural element of the home (floor joist or masonry) provides meaningful protection against casual burglary and house fires for seed phrase backups stored in paper or on metal plates. Fireproof safes rated for document protection (UL 350-1 rating, meaning internal temperature stays below 350°F/177°C for at least one hour in a 1700°F/927°C fire) protect paper. Metal seed phrase backups have higher temperature tolerance but safes still provide flood and theft protection.

The limitation of home storage is that it creates a single point of failure for the physical threat model. A determined burglar who knows about the safe can attempt to remove it. A catastrophic house loss (tornado, flood, severe fire) can exceed the safe's protection rating.

Bank safe deposit boxes provide geographically separate storage that is protected by the bank's physical security infrastructure. For seed phrase backups, the considerations are: the bank can potentially be compelled to provide access by legal authorities; the box is inaccessible outside banking hours; the bank could theoretically drill the box; and in rare cases banks have lost access to their own safe deposit contents due to natural disasters or institutional failures.

For users whose threat model does not include government seizure, bank safe deposit boxes represent an excellent complementary storage location. They should never be the only copy.

Some self-custody advocates recommend distributing seed phrase components (not the complete phrase) to trusted individuals — family members, lawyers, close friends — who are geographically distributed. This approach requires that the individuals be genuinely trusted and that no single individual holds enough of the phrase to reconstruct it independently. This is the informal version of the cryptographic splitting approach described below.

The passphrase should be long enough to be unguessable by brute force — a minimum of 20 characters, ideally using a combination of uppercase, lowercase, numbers, and symbols, or a long diceware phrase. Unlike the seed phrase, the passphrase does not need to be a specific format; any string of any characters is valid.

The critical question is how to store the passphrase. It should not be stored in the same location as the seed phrase backup — that defeats the purpose. Options include: committing it to memory (high risk of loss if memory fails or the person dies), storing a written record in a geographically separate location under different access controls, or using a password manager with an encrypted backup separate from both the seed phrase and the passphrase.

For very long-term storage (estate planning considerations), the passphrase must be accessible to heirs if needed. This requires careful planning and documentation through channels that maintain security while ensuring eventual access.

SLIP39 is a standard for Shamir's Secret Sharing applied specifically to cryptocurrency seed phrases, developed by SatoshiLabs (Trezor). It encodes the shares as mnemonic phrases using a separate wordlist, making them human- readable and compatible with the same physical backup media used for BIP39 seeds.

Trezor devices support SLIP39 natively, generating shares directly during wallet setup. The shares look similar to a regular seed phrase but cannot be used individually — they require the threshold number of shares to reconstruct. The SLIP39 standard is implemented in open-source tools like the slip39 Python library, enabling independent share reconstruction without reliance on Trezor hardware.

Using SSS effectively requires careful documentation and testing. Each share must be labeled clearly enough to be understood by heirs or recovery parties (in estate planning scenarios) but not so explicitly labeled that a finder immediately understands its purpose. A balance between clarity and obscurity is required.

Testing the reconstruction process with a test wallet before deploying SSS for real holdings is essential. The reconstruction process (combining shares to recover the seed phrase) must be understood and practiced. Many people have set up SSS schemes and then discovered their documentation was insufficient for reconstruction when they actually needed to perform it.

A sealed envelope containing seed phrase components or decryption keys, held by an attorney with instructions to open and distribute after death or incapacitation, has been used by many long-term Bitcoin holders. The attorney does not need to understand what they are holding — only that it should be delivered to specified beneficiaries under specified conditions.

The security of this approach depends entirely on attorney trustworthiness and physical security at the law firm. It should be combined with other security measures — the envelope might contain one share of a 2-of-3 SSS scheme, with a second share held elsewhere.

At the protocol level, Bitcoin supports timelocked transactions — transactions that cannot be confirmed on the blockchain until a specified block height or Unix timestamp. A timelocked transaction that sends funds from a cold wallet to an heir's wallet, pre-signed and provided to the heir with instructions not to broadcast until a certain date or event, provides a cryptographic inheritance mechanism that does not require the heir to know the seed phrase.

The limitation is that timelocked transactions must be updated periodically if the holder remains alive and active — otherwise the timelock expires and the heir can claim the funds prematurely. Services and protocols that automate "dead man's switch" style inheritance have emerged, but most require trusting a third party for the trigger mechanism.

Photographing a seed phrase with a smartphone creates a copy that is synchronized to cloud storage, accessible to the phone's operating system, and potentially exposed to any application with photo library access. This is one of the most common causes of seed phrase compromise. The correct approach is to write or stamp the seed phrase immediately onto permanent backup media, then secure that media, without any digital intermediate step.

No legitimate service ever needs your seed phrase. Any website, application, or person asking for your seed phrase is attempting to steal your funds. This is a non-negotiable rule. Seed phrases are entered only into hardware wallets or verified, air-gapped software wallets for recovery purposes — never into any internet-connected interface.

During the hardware wallet setup process, when the seed phrase is displayed on the device, consider the physical environment carefully. Security cameras, other people in the room, windows with lines of sight, and reflective surfaces in the environment can all potentially expose the seed phrase during setup. The ideal setup environment is a private space with no cameras, no observers, and no reflective surfaces that could capture the screen.

The $5 wrench attack is the informal name for physical coercion — forcing someone at threat of harm to reveal their seed phrase. The passphrase approach with a decoy wallet is one defense: you can comply with a seed phrase request while providing access only to a decoy wallet that holds a small amount (a plausible looking but limited balance). The real funds are protected by a passphrase that was never stored near the seed phrase.

The Coldcard's "duress wallet" feature provides a dedicated implementation of this: a separate PIN unlocks a separate wallet that can hold a believable amount as a decoy. For high-net-worth individuals in high-risk environments, this layered approach is considered essential operational security.