Wouldn’t it make sense if you’ve got a 3 of 5 multisig solution to keep the seed phrase with the signing device?
What’s the best practices for securing the seeds of your signing devices?
Discussion
At a minimum you should keep your seed recovery mnemonic sealed in a tamper evident pouch. It’s more important to keep it secret and secure than it is to keep the signing device secured (because loss of the secret puts not only current holdings at risk, but any future balance as well).
Loss or (malware/Trojan) compromise of a signing device MIGHT result in exposure of your secret. But the PIN and any wipe threshold on repeated PIN failures MIGHT save you.
So, keep the seed MORE secure than your hardware wallet.
I recommend deriving new seeds (BIP85) off the one that you secure for your hardware wallet (or air gapped, dedicated transaction signing system).
I derive new seed (sub-keys) for mobile, desktop wallets, wife’s mobile wallet, and (so far) one for other applications (like NOSTR identities). (You can use the supplemental pass phrase support to derive different nsec keys).
Dang this is good advice
cc #[3] #[4]
The above comment is spot on. Don’t Comingle your seed and device locations
how do i derive new seeds from the existing ones securely?
Start with a wallet (seed securing device or software) which supports BIP0085 (https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki).
Use that support. Optionally you can add use of "pass phrases" or other strings which can be mixed into the seeds encoded in BIP0039 recovery mnemonics by and for some applications.
For instance, the seed I used to generate my alternative nsec for NOSTR (my @iris account) adds "nostr" to the key I derived for such purposes. I plan to used other post-derivation key strings for WireGuard, Signify, and age/rage encryption.
.. and a copy of the crucial coordination data with each 🔑