ledger-nano-guide.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Seed phrase management — 12 vs 24 words, BIP‑39 and backups

Leon Kozlov Leon Kozlov
Try Tangem secure wallet →

What is a seed phrase (BIP-39)?

A seed phrase (also called a recovery phrase) is a human-readable set of words that encodes the private keys for your non-custodial hardware wallet. The most common standard is BIP-39 (Bitcoin Improvement Proposal 39), which specifies the word lists, checksum rules, and the PBKDF2-based derivation used to turn a phrase into the actual seed used for key derivation (the seed is then used with derivation paths to produce addresses) (see BIP-39 spec: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki).

In plain terms: think of a seed phrase like a master key to a safe deposit box. If you hold the phrase, you control the crypto. If it leaks, someone else can take the funds. I believe getting comfortable with what the phrase represents is the single most important security step for anyone using a hardware wallet.

12 vs 24 words: entropy and trade-offs

BIP-39 supports several phrase lengths; the two most common are 12 and 24 words. The difference is entropy — 12 words encode 128 bits of entropy, while 24 words encode 256 bits (the BIP-39 spec maps specific entropy sizes to word counts). That translates to orders-of-magnitude difference in brute-force resistance.

Which should you pick? It depends on threat model and convenience. For most users, 12 words (128-bit) already presents an astronomically large search space — brute-forcing it with today’s hardware is infeasible. 24 words (256-bit) is more future-proof (resistant against unknown future advances) but costs more effort to write, store, and verify.

Try Tangem secure wallet →

Concrete example: 2^128 is roughly 3.4 × 10^38 possible entropy values. For practical purposes today, 128-bit is considered secure for long-term keys. (BIP-39: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki)

And yes, many users pick 24 words because it "feels safer". But that comfort comes with operational overhead: more copies, longer verification, and slightly higher risk of recording mistakes.

How hardware wallets present and protect the recovery phrase

Most hardware wallet workflows display the recovery phrase on the device screen during initial setup and ask you to confirm it (this reduces exposure to a compromised host computer). The phrase is not retrievable from the device afterward — devices purposely avoid storing the raw recovery phrase in a user-accessible place for security reasons (see device setup documentation and support pages).

If you search for "ledger wallet show 24 word" you'll find people asking why their device won't display the phrase later. That’s by design: the device shows the phrase only during creation (or during a recovery flow when you enter words). For reference, vendor support pages explain that a recovery phrase is displayed only at setup and cannot be exported from a device later (learn more in the device setup and restore guide).

(What I've found in testing: taking your time during that first display — write each word, double-check spelling/accessory characters, and confirm — will save grief. I always test a second small restore on a spare device or test wallet after creating backups.)

Passphrase (25th word): extra security, extra risk

A passphrase acts like an optional 25th word. It is not part of the BIP-39 wordlist; instead it is an additional secret that modifies the seed derivation. Use it and an attacker must know both the 24-word phrase and the passphrase to recreate your accounts.

But there are serious trade-offs. If you forget the passphrase, funds are unrecoverable. If someone discovers the passphrase (e.g., stored in plaintext or leaked), you lose the protection. I’ve seen people inadvertently lock themselves out by treating the passphrase as a "password they’ll remember later" — don’t do that. See detailed guidance in the passphrase (25th word) guide.

Backup methods: paper, metal, Shamir, and split backups

Here’s a quick pros/cons table comparing common options.

Method Pros Cons
Paper recovery sheet Cheap, quick Vulnerable to fire, water, theft; poor longevity
Metal backup plate (example) Durable, fire/water resistant Cost, requires secure storage; still one copy can be single point of failure
Shamir backup (SLIP-39) Split into shares; fault-tolerant; no single point of compromise Not universally compatible; more complex (SLIP-39 spec)
Split physical copies (geographic distribution) Protects vs local disasters More operational complexity; still risk if one copy found

Shamir (SLIP-39) can be attractive for estate planning or corporate setups because it allows you to store shares across trustees and recover if some are lost. But it requires wallets that support the scheme — check compatibility before committing.

Step-by-step: secure backup and verification (How to)

  1. Generate the recovery phrase only on the screened hardware wallet during initial setup. Never accept a phrase generated on a computer.
  2. Write the words on the provided recovery card or on metal backup plates. Print neatly; use block letters to avoid confusion (e.g., "m" vs "rn").
  3. Verify the words on the device when prompted — most devices require you to confirm a few words during setup.
  4. Create at least two geographically separated backups (one accessible, one emergency). Don’t store copies on cloud or photos.
  5. Consider a metal backup for durability and a Shamir split if you want decentralised recovery (see shamir-backup-slip39 and metal-backup-plates).
  6. Test restoration on a spare device or testnet wallet with a small amount of funds before you trust the backup. This confirms you wrote everything down correctly.

But don’t test by entering your main phrase on an internet-connected laptop or phone. Use a clean, air-gapped device or a spare hardware wallet.

Multisig and higher-security strategies

If you’re storing large amounts, multisig (multi-signature) setups can reduce single-point-of-failure risk. Multisig requires multiple private keys to sign a transaction (e.g., 2-of-3), so an attacker needs more than one compromised key to steal funds. It also allows designers to build recovery policies across devices and people.

Multisig adds complexity (compatible wallets, coordination for signing, backup planning). For a practical comparison, see the multisig and multisig-compatibility guides. In my experience, multisig is worth the operational cost once holdings reach a level where a single human error would be disastrous.

Common mistakes and recovery scenarios

  • Buying a device from an unofficial seller (risk of tampering). See where-to-buy-safely.
  • Photographing or storing the seed phrase digitally.
  • Using the passphrase without recording it securely.
  • Keeping all backups in the same physical location (fire, flood).

If a device breaks or is lost, you can recover funds using the recovery phrase on a compatible device or supported recovery path — see restore-recovery. What happens if a vendor goes bankrupt? Your recovery phrase lets you restore on other compatible wallets; hardware manufacturers going under does not erase the BIP-39 seed — but you must ensure you can find compatible software/hardware in the future (see company-risk).

FAQ: ledger wallet seed, ledger wallet show 24 word, and recovery phrase questions

Q: Can I recover my crypto if the device breaks? A: Yes — with the recovery phrase you can restore your accounts on another compatible hardware wallet or recovery tool. Test this before you need it (restore-recovery).

Q: Why won’t my device show the 24-word phrase after setup? A: Devices typically display the recovery phrase only during initial setup for security reasons. If you need to "see" it again, the safe path is to restore from your written backup to a clean device (but that exposes the phrase during input, so treat it as high risk).

Q: Is a 12-word seed safe? Should I use 24? A: A 12-word (128-bit) seed is secure for most users today. 24 words (256-bit) is more conservative. Pick based on threat model — for very large holdings or long-term future-proofing, 24 words is reasonable.

Q: Is Bluetooth or USB relevant to seed phrase security? A: Connectivity affects device attack surface, but your seed phrase should never be entered into a phone or PC; it should be recorded from the hardware wallet screen only. See connectivity-usb-bluetooth-nfc.

Conclusion and further reading

Seed phrase management is less about choosing "12 vs 24" and more about operational discipline: generate on-device, back up reliably, protect the passphrase (if used), and test recovery. In my testing and real-world use, a well-documented 12-word setup with metal backups and geographic separation can be safer than a careless 24-word routine.

For detailed walkthroughs, see the setup guides and recovery pages: setup-initial, backup-and-recovery, passphrase-25th-word, and shamir-backup-slip39. If you want a step-by-step visual, check the unboxing/setup pages for your model (nano-s-unboxing-setup, nano-s-plus-guide, nano-x-guide).

Need help deciding? Start by inventorying your holdings and threat model (how much could you not afford to lose?). Then match that to a backup strategy — single-sig secured backups, metal plates, or multisig — and test the restore. Good seed phrase management is the quiet, boring work that keeps crypto safe for years. And that pays off.

Try Tangem secure wallet →