In 2022, a complex password took 438tn years to brute force.
In 2023, a complex password took only 26tn years to brute force.
Brute forcing passwords gets easier every year. Therefor:
1 #Bitcoin private keys are intentionally massive.
2. #BIP39 passphrases become less secure over time.
A #BIP39 seed with a passphrase is effectively multifactor (2-of-2). This provides pretty good security without encumbering users with the need to backup multisig metadata. Users can add redundancy by backing up their seed and passphrases, seperately, as many times as needed.
Because #BIP39 is widely supported across software and hardware devices, they can be assured access to funds remains for the long haul. Put simply: they only need the seed and the passphrase, regardless of their evolving hardware/software circumstances.
To eliminate the fear around creating and testing backups (and therefor disaster recovery), I like to start new folks out on *stateless* multifactor using either nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Jade + Green or nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl with Sparrow.
One simply generates a #SeedQR and a good passphrase. Every time they access their wallet, they must load up their device from an empty state. This drills the entire workflow such that disaster recovery is self evident: their devices are stateless, so one could easily get a new Jade or computer with Green on it and load up their wallet again. This means every time they access their wallet, they become more comfortable in the ability to *maintain* access to their funds over the long haul.
New users should be buying and withdrawing #Bitcoin every week, which, given this workflow, would allow them to drill accessing their funds 52 times in the first year. Most folks will have memorized their passphrase by then, allowing them to remove their onsite passphrase backup and eliminate that as a security risk. Furthermore, stateless devices will look as if they were never setup to begin with, and the #SeedQR will point to an empty wallet that was never used. One could simply say "My cousin wanted me to start using #Bitcoin but I never got around to it." The plausible deniability is excellent.
Now, because #BIP39 passphrases *do* become weaker to brute force over time, it's important that users understand that as #Bitcoin becomes a greater % of their net worth, they'll want to look into #multisig in order to enhance their security. This is because #multisig uses several massive private keys, which exponentially improves entropy and therefor security. New users will likely take many years before approaching the type of #Bitcoin exposure that warrants the added complexity of multisig, mainly: the need to backup metadata in addition to private keys and the risks that represents (exposing your balance to strangers).
