Skip to main content

Security Hardening Guides

Take your Bitcoin security beyond the basics.

Who Is This For?

These guides are for users who already have a working hardware wallet setup and want to enhance their security. If you haven't set up a wallet yet, start with Wallet Setup first.

Security Layers​

Bitcoin security works in layers. Each layer you add makes your setup more resilient:

SECURITY LAYERS
═══════════════════════════════════════════════════════════════

Layer 1: Hardware Wallet           ← Most people stop here
         └─ Keys offline, device signs

Layer 2: DIY Seed Generation       ← Verify your randomness
         └─ Dice-generated entropy

Layer 3: Passphrase                ← Hidden wallet protection
         └─ 25th word adds second factor

Layer 4: Operational Security      ← Behavior and habits
         └─ How you act matters

Layer 5: Physical Security         ← Real-world protection
         └─ Protect against physical threats

Layer 6: Multisig                  ← Eliminate single points of failure
         └─ Multiple keys required

You don't need all layers. Match your security to your threat model.

🎲 DIY Seed Generation​

DIY Seed Generation Guide​

Time: 2-4 hours | Difficulty: Intermediate | Cost: $30-80

Generate your own seed phrase using dice for verifiable randomness. Don't trustβ€”verify.

Why do this?

  • Hardware wallet RNG could be compromised
  • Verify your entropy source
  • Educational: understand how seeds work

What you'll learn:

  • Rolling dice for true randomness
  • Converting rolls to binary
  • Calculating BIP39 checksum
  • Proper backup procedures

Prerequisites: Understanding of seed phrases and private keys.

πŸ” Passphrase Security​

DIY Passphrase Guide​

Time: 1-2 hours | Difficulty: Beginner | Cost: Free-$10

Add a passphrase (25th word) to create a hidden wallet that requires both seed AND passphrase.

Why do this?

  • Creates plausible deniability (decoy wallet)
  • Adds second factor to seed
  • Protects against seed-only compromise

What you'll learn:

  • How passphrases work
  • Generating strong passphrases
  • Backup strategies for passphrases
  • Common passphrase mistakes

Prerequisites: Working hardware wallet with seed backup.

Critical Understanding

A passphrase creates a completely different wallet. If you forget your passphrase, funds in that wallet are unrecoverable. This is not like a passwordβ€”there's no reset.

πŸ•΅οΈ Operational Security​

Operational Security Guide​

Time: 30 min read | Difficulty: Beginner | Cost: Free

How you behave matters as much as your technical setup. OpSec covers the human element.

Key topics:

  • Don't talk about your holdings
  • Verify before you trust
  • Assume devices are compromised
  • Secure communication practices
  • Social engineering awareness

Why it matters: The best technical security fails if you tell the wrong person or click the wrong link.

🏠 Physical Security​

Physical Security Guide​

Time: 30 min read | Difficulty: Beginner | Cost: Varies

Protect yourself and your Bitcoin from real-world threats.

Key topics:

  • The $5 wrench attack
  • Home security considerations
  • Backup storage locations
  • Travel with Bitcoin
  • Duress wallets and plausible deniability

Why it matters: All the cryptography in the world won't help if someone threatens you physically.

Security Progression​

Here's a recommended order for implementing security layers:

StageWhat to DoWhen
1. FoundationHardware wallet + proper backupEveryone
2. VerificationTest backup recoveryEveryone
3. OpSec BasicsDon't discuss holdings publiclyEveryone
4. PassphraseAdd 25th wordMeaningful holdings
5. DIY SeedGenerate your own entropyHigh security needs
6. Physical SecuritySecure storage, home securitySignificant holdings
7. MultisigMultiple keys requiredLarge holdings

Common Security Mistakes​

1. Security Theater​

Focusing on exotic threats while ignoring basics. Your threat isn't the NSAβ€”it's phishing, malware, and social engineering.

2. Complexity Beyond Competence​

Implementing security you don't understand. If you can't recover your own setup, it's not secureβ€”it's a trap.

3. Single Points of Failure​

One seed, one location, one device. Redundancy matters.

4. Trusting Without Verifying​

"The website said it was safe." Verify addresses on your device. Verify software signatures. Verify everything.

5. Talking Too Much​

The more people know you have Bitcoin, the larger your attack surface.

After hardening your security:

Security Resources​

Threat Modeling​

Recovery Planning​

Pre-Deposit Checklist​