The Authentication Reference

Your go-to place for authentication information

Successful Authentication with Incognia

The Authentication Reference

What is a 12 word seed phrase?

A 12-word seed phrase acts as a key to unlock access to a crypto wallet and is also the ultimate recovery tool for wallets on the blockchain. The words that comprise the 12-word seed phrase are randomly picked from a published list of 2,048 words by an algorithm when a wallet is created, and given to the user at the moment of the account opening. Since it is the master key, if the seed phrase gets lost, forgotten, or mixed up, the user permanently loses access to their crypto wallet.

The seed phrase is intrinsically connected to the user’s blockchain private key and public key.

A private key is a cryptographically secure 256-bit number that "unlocks" access to a public key, and it is generated at the time of the wallet creation. The public key is an address in the blockchain that allows a user to receive crypto funds and it is derived from the private key. Since it is not easily manageable for a user to enter a 256-bit private key every time they want to perform a transaction, a 12 or 24 words seed phrase is automatically generated by the wallet and is derived from the private key so that when a user enters their seed phrase into their wallet app, it is as if they input their private key to access funds.

From the computer's point of view, a public key is equivalent to a username or the address where the crypto lives within that wallet. The private key is equivalent to a secret password (in the traditional sense) that allows users to buy, trade, and sell items, and the seed phrase is a simplified and more humanly manageable version of the 256-bit private key. A private key can be accessed at the wallet that generates it, but also, accessed in other wallet apps. 

Why 12 Random Words?

People are terrible at creating passwords. There are tales on TikTok about people trying to guess their significant others' passwords, then finding out it's just "password1" or their name.

That's why websites put “strong” password requirements into place: to force people to make better passwords.

A computer algorithm in the wallet app creates the 12-word seed phrase assigned to the user. That algorithm has 2,048 possible words to choose from. In mathematical terms, that's 2048 to the 12th power, which comes out to a mind-boggling large number: "5,444,517,870,735,015,415,413,993,718,908,291,383,296." There aren't words for how large that number is, other than 5.4445179e+39.

Since there are so many possible word combinations, it's next to impossible for a hacker to crack. They could create a program to work through all the options (a brute force search approach), but the chances of getting the right combination are 1 out of the big number above.


BIP39: The 12 Recovery Words Blockchain Origin Language

There are 2,048 different word options for the 12-word phrase. Those words come from the published BIP39 specification or Bitcoin Improvement Proposal 39.

One cool thing about crypto (or Bitcoin, in this case) is that the entire community strives to improve the blockchain process. One of these improvement projects (BIP39) suggested that different crypto wallets and sites use an agreed-upon category of words for mnemonic phrases (seed phrases). That's how those 2,048 phrases were born.

When Would One Use a 12-Word Seed Phrase?

Most of the time, a 12-word seed phrase should live on a piece of paper in a safe, in a filing cabinet, and in one more secure location. That phrase can live in those locations full-time until it needs to be consulted. When would that happen?

First, a 12-word phrase is needed any time someone accesses a wallet on a new device, like if someone got a new phone or laptop. The user should only be signing into their crypto wallet on a secure network such as at their home, so this shouldn't happen often. Broken devices, new devices, and upgrades are all reasons to use the 12-word phrase.

On a more morbid note, a user’s 12 word seed phrase should be integrated into their will or estate documents. That way, if something happens to the user, their trustees will be able to access any crypto assets. Adding this information into a will or trust prevents situations like the one with Gerald Cotten from happening again.

The Do's and Don'ts of 12-Word Seed Phrases

Just like the Instagram recovery keys, a 12-word phrase will only be issued once. That's the time to write it down, store it, and or memorize it for future use.

The worst thing someone could do is store this phrase key online, where hackers could access it. 

Online Storage: Better than Forgetting, But Unsafe

If someone did have to store their seed phrase online, they should make sure it's in a protected password storage app/service. These are not as safe as keeping passwords locked away in a vault, but it's better than having them float around in easy-to-hack platforms.

Instead of listing every word out, in order, in that protected platform, try using a shorthand key.

For example, writing down only the first two letters and the last letter of a word. The word which would become wi**h. Bread would become br**d, and so on. A hacker could still quickly figure this out if they got into that password storage app, but it will present somewhat of a challenge.

Best Practices for Your 12 Word Phrase

Everyone should have their 12-word seed phrase written down in at least two places—one as their primary source and one as a backup. The backups should also be stored in multiple locations, to keep their money safe.

As discussed above, anyone with active Crypto-assets should have their 12-word seed phrase listed in their will or trust. That counts as one storage option.

The second place should be where the user knows to look, like in the back of a journal or written on a bookmarked page in their favorite book. Never store/tape/or write passwords on or around the computer. That's not Crypto specific. That's cybersecurity 101.

Relying on wallet apps to reset a seed phrase if it's lost

Unfortunately, if a 12-word seed phrase gets lost, there's no way to "reset" it. The person who lost their phrase will have no way to access their account or their assets, even if they appeal to the platform administrators.

Keeping the recovery phrase safe is the only way to ensure consistent access to Crypto assets. It's the ultimate test of cybersecurity.

All wallet apps rely mostly on the seed phrase for fraud prevention. This has its pros and cons. Learn more about it in the latest Mobile App Friction Report - Crypto Edition - Authentication.