How to protect your recovery phrase?
Your 24-word recovery phrase (sometimes called a mnemonic or seed phrase) is the key to your crypto accounts.
Anyone gaining access to your recovery phrase can very easily clone your accounts on their own device (or software wallet) and spend your funds.
As such, it's very important to keep your phrase secure and private at all times.
Does Ledger Support need my recovery phrase to help me solve technical issues?
- No, the Ledger Support team does not need to know your 24-word recovery phrase to help you.
- Anyone trying to access your recovery phrase should be considered a scammer.
- Please never share your recovery phrase with anyone, including Ledger.
Here's a list of tips to help you custody your recovery phrase securely:
- Ensure that your 24-word recovery phrase is obtained from your Ledger device's screen during the initial setup. Your recovery words do not come in the box. The set of recovery sheets included in the box should be blank.
- Do not make a digital copy of your recovery phrase. Do not take a picture of your phrase. Do not save your phrase into a password manager. Your recovery phrase needs to stay strictly offline.
- When first writing down your recovery phrase, make sure to number each word correctly. Use a ballpen and not a pencil. Use capital letters which are easier to read. Make sure each recovery word is correctly spelled by using the BIP-39 list.
- Always keep a physical copy of your recovery phrase. Memorizing your recovery phrase is not a safe strategy for long-term cold storage
- Consider backing up your recovery phrase with a Crypto Steel Capsule Solo.
- Do not split your recovery phrase into multiple parts. Here's why.
- Do not not scramble your recovery words.
- Do not seed your Ledger 24-word recovery phrase into Metamask. This would compromise your phrase.
- Do not seed your Metamask 12-word recovery phrase into your Ledger device. Your Metamask recovery phrase was generated online. As such, it is not secure. Seeding it into your Ledger device would compromise all the Ledger accounts that are derived from that recovery phrase.
- Learn to protect yourself against physical attacks. More on this here.
- Learn how your recovery phrase works under the hood by watching this video.
How to protect your PIN code?
Like your recovery phrase, your PIN code must be chosen during the device's initial setup. A strong PIN is key to the security of your Ledger accounts.
- Always choose your PIN code yourself. Never use a PIN code you did not choose yourself.
- Always enter your PIN code out of sight and away from prying eyes.
- Do not store your PIN code on your computer or phone.
- Change your PIN code if you believe it's been compromised. Learn more.
- Remember that typing three wrong PINs in a row will reset your Ledger device. If this happens, your only option is to restore your accounts by using your recovery phrase.
How to choose a strong PIN code?
- An 8-digit PIN is more secure than a 4-digit PIN.
- Choose a PIN that's hard to guess. Easy-to-guess PIN codes like 0000, 12345678, or 55555555 are not secure.
- Do not choose your date of birth as a PIN code.