Ledger 101 — Part 4: Advanced Security Principles

The previous installments of the Ledger 101 series have shown the necessity of using a hardware wallet, the importance of using secure chips and crypto security best practices.

We have explained the importance of common sense when dealing with crypto assets, and covered the basics of security. Once you are comfortable with this and had your first experience managing your backups and accounts, it is time to open the door to more advanced principles.

Plausible deniability and resilient backups

Correctly safeguarding your 24-word recovery phrase (also called backup) is the foundation of your crypto security. In the following sections, we are going to discuss how you can add another layer of protection and resilience to it.

Passphrase usage

The passphrase is an optional security feature that can be used on top of your 24-word recovery phrase. It is also commonly referred to as the 25th word.

Basically, this passphrase is an extra word which is added to your 24-word recovery phrase to generate a new seed and unlock a completely new set of accounts. You can pick any set of letters, numbers and signs as your passphrase, and every unique passphrase will generate a new set of private keys and addresses. All Ledger hardware devices have the passphrase option available, and from a practical point of view it works like the following:

• Your hardware wallet is initialized with your normal 24-word recovery phrase, and gives you access to your normal set of crypto asset accounts
• Through the security settings, you can enter your passphrase. The device will compute the resulting seed and give you access to your alternate set of crypto asset accounts

Remember: all passphrases are valid. If you make a typo, you’ll get access to another set of accounts (in this case no worries, just start the process anew).

When you power off your device, it will forget the passphrase, and will let you access your normal set of accounts again.

Here are the security benefits that using a passphrase can provide:

• If someone compromises your backup (for instance by getting physical access to it), then only your normal accounts are at risk. Your passphrase governed accounts stay safe as long as you haven’t written down your passphrase next to your 24-word recovery phrase!
• You would of course only keep small amounts of cryptos in your normal, non-passphrase related set of accounts, and hold your real crypto holdings on the alternative set of accounts (which is also called “behind the passphrase”)
• By monitoring the normal accounts and setting up alerts in case any crypto assets are moved, you would instantly know if something is wrong and could immediate take your safety measures, such as moving your holdings to a new secure set of cryptocurrency accounts

Of course, you must make sure that your passphrase is complex and impossible to guess. It is all-important that it can resist a brute force attack long enough to give you the time to move your assets.

Example of BAD passphrases:

• a set of numbers, such as your date of birth (or PIN code!)
• the name of your kids, dogs, etc
• anything that can be easily related to you (name of your favorite soccer team, hobbies, favorite author…)
• passwords that you would use on other services

Example of GOOD passphrases:

• a phrase of random words picked from a few books / random URLs you open at different pages / paragraphs (ex: “happen redeem informed office”)
• a complex alphanumeric sequence (ex: “xU/x]dr2MsA[MS3t”)
• of course, use the same security principle for the passphrase than your 24-word backup: Never store it digitally, share it to anyone, etc. And never keep it in the same location than your recovery phrase!
• you may think that you’ll only keep it in your head and memorise it, but that’s a dangerous game (if you forget it, it’s game over) so really think about your passphrase strategies.

Plausible deniability

We have seen how the passphrase can efficiently add security to your backup. Tt can also be used for a different reason called plausible deniability.

Instead of entering your passphrase each time you need it, you can attach it to a second PIN on your Ledger device. This results in having two valid PIN codes: one will unlock the normal set of accounts, the other the alternative set of accounts.

Therefore, if ever you were asked under duress to “open and empty your hardware wallet”, you could use the first PIN code, showing the normal accounts with minimal assets. The attacker is then satisfied and leaves the scene quickly, with limited financial damage on your side.

You must however know that plausible deniability has a limit to its efficiency. If your attacker is knowledgeable about your crypto situation, or even knows about the existence of a potential passphrase, you would most likely still have to reveal the passphrase or alternative PIN code.

This is why putting yourself out of the equation by having your high value hardware wallet and backup away from your home gives you more chance of success in case of a critical security situation.

Resilient and distributed backups

To avoid being subject to the horror of a home jacking, or if you just can’t find a place secure enough for your backup, you may want to have the possibility of splitting your backup in different locations. You could split your 24 words in three groups of 8 and distribute them among three places, but then you would increase the risk of loss of destruction of your backup (if one piece goes missing, it’s game over).

A better alternative would be to split your backup in three, but only needing access to two pieces to recover access.

This is quite low tech and easy to understand.

Let’s say your recovery phrase is “A B C” (only three words are necessary in our example). Then you create three pieces of papers: “A B _”, “A _ C” and “_ B C”. By taking any two pieces, you are sure to recover the full “A B C” phrase.

You can follow this online guide for more information about how to do it for your 24-word recovery phrase.

Backup in steel

Using a piece of paper to store and safeguard critical information may not sound like the best idea regarding durability. Ink could disintegrate over time, and fire or water would immediately be fatal.

We strongly recommend to use steel based backup solutions instead of paper. Here are a few products that we know and have tested, that you can safely could use:

• Cryptosteel
• Billfodl
• Cryptotag

What about estate planning?

One of the burning subject in the crypto space is succession. How can your loved one get access to your crypto in case of your passing, while keeping it your undisputed property until that.

As of today, there is no known trustless solution. They all require to reveal some information and therefore put you at risk of a potential collusion against you.

We have compiled below a list of possible scenarios, but none are really perfect and would have to be used at your own risk:

• your 24 words are secured in a bank safe that is part of your estate, which access would be granted to your next of kin. As an additional layer of security, you can add a passphrase that is given in a sealed envelope to your notary or lawyer.
• you use a split backup, keep one piece in your bank vault, and distribute the two others to two trusted parties. It would be recommended to add a passphrase to prevent collusion and give it sealed to another trusted party.
• you keep your backup in a bank safe and use Google’s dead man switchto communicate clues about your passphrase to your loved ones (make sure they’ll be able to understand it).

As stated before, none of these options are ideal,but we’ll definitely need reliable and trustless solutions in the future. Crypto assets will be a more and more important part of estates, and I can only imagine the complexity it will create with unsuspecting notaries and lawyers…

I’m quite convinced we are soon going to see specialized projects and startups tackling this challenge.

Securely yours,

Eric Larcheveque
Ledger, Executive Chairman & Co-Founder