Replying to Avatar Bert

What is your passphrase best practice?

Was asked about the following setup:

nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport, uses encrypted backup with SDcard. Access code to unencrypt is in physical distributed location that would take significant time to travel. SDCard only is a risk as it can burn/break etc.

So the client uses a physical steel backup with 24 words, again a different location. On a different location holds the passphrase on steel.

How do you rate this setup? There’s redundancy in both the SD Card, Steel seed phrase and steel passphrase. Do you think a double backup for the passphrase is required?

Would love more input on best practices around this. nostr:npub15c88nc8d44gsp4658dnfu5fahswzzu8gaxm5lkuwjud068swdqfspxssvx nostr:npub17h7h2jzhq3hn06h93jvz67sfjxaq3jvk7kenjrazht28aun33hks42sd76

Avatar
Jeroen Ubbink 1y ago

Backup is actually a 2 part process with the first part being actually creating the thing that allows you to restore it later.

The second part is what is just as important And what i've learned is that people do not go often enough, or sometimes at all, through this process. I am of course talking about actual recovery. Your backup is worthless without this part.

Whatever your prefered method may be, if you are unable to read the words on your steel properly, or if you have never tried any recovery attempt from the backup procedure you came up with the whole "how safe is it?" question becomes insignificant.

Like with everything else in life keeping it simple probably beats adding extra layers of security because they add complexity to your restore procedure and might make it impossible to restore over decennia.

Reply to this note

Please Login to reply.

Discussion

Avatar
Bert 1y ago

Great points Jeroen. Most people lose access through losing the backup or making it too complex so they forgot how they set it up.

It’s still weird for me that people don’t take time to do this properly. As if everything has to be a click of a button and you can be fully self sovereign. That’s a contradictio in terminis.