Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Electrum
Merits 2 from 1 user
Re: Electrum: Urgent question on seed phrase and pass phrase
by
Abdussamad
on 16/07/2021, 23:55:40 UTC
⭐ Merited by pooya87 (2)
Quote from: bmeyersbtc on Today at 09:50:15 PM
Quote from: hosseinimr93 on Today at 09:05:25 PM
Quote from: bmeyersbtc on Today at 08:50:49 PM
I was able to transfer my bitcoins to a new electrum wallet that I created with a password and an extended mnemonic seedphrase. My question is this safe enough or would I have to create a new wallet with a password, extended mnemonic seedphrase AND also add 2FA?
As long as no one has access to your seed phrase (a series of 12 words) and your passphrase (the words or characters you entered to extend your seed phrase), your fund is secure.


Quote from: bmeyersbtc on Today at 08:50:49 PM
@hosseinimr93 As for the passphrase that you mentioned, what do you mean exactly? is this different from the seed phrase and the password?
The 12 words electrum gave you is called seed phrase.
The words or characters you added to your seed phrase when creating the wallet is called passphrase.
What you need to enter when opening the wallet or sending bitcoin is called password.

If you don't use any passphrase, the seed phrase is enough for recovering the wallet.
If you use a passphrase, for recovering the wallet, you need both seed phrase and passphrase.

Note that your password is stored locally and is used only for encrypting the wallet file.
Anyone has access to the seed phrase (+passphrase if there's any) doesn't need the password.

What if my system gets compromised and someone has access to the 12 word seed phrase BUT not the pass phrase (extension words), is it still safe?

Both the seed and seed extension (passphrase) are stored in the wallet file so if someone compromises your system and gets past your wallet password they will have everything they need to steal from you. They can get the wallet password by installing a key logger on your system so that when you enter the password it gets recorded and they can use it to decrypt the wallet file.

if your worried about a system compromise then create a 2fa wallet or a multisig wallet. this way if one device is compromised the attacker can't steal from you. they have to compromise multiple devices.

you will have to create a new wallet with a fresh electrum generated seed if you want to use 2fa or multisig. Note that 2fa wallets can be recovered using the seed phrase so that's how you get access to your coins in the event you lose your phone.