Select Page

Carl Cryptohound is asking, "Is it safe to use KeePass or some other password manager LastPass, One Password, etc to store a mnemonic phrase?" And the question is, "Is this a mnemonic phrase for a hot wallet or a cold wallet?" Because that's the immediate follow up question If it's for a hot wallet, yes

Absolutely Perfectly fine Because the security of your password manager should better than a generic operating system and buggy application that you've stored that same mnemonic phrase in whatever device you have the hot wallet on Otherwise, if your password manager wasn't more secure than that then what's the point of having a password manager in the first place? So from a risk perspective, relative risk between the two is fine Cold storage? Absolutely not

I would never store a mnemonic phrase for a cold storage wallet on a password manager, that is by definition, an online device Why would I not store it? Because I don't trust keyboards, keyboard drivers, the operating system, I don't trust that there's no trojan sitting between I don't trust all the things that I would need in order to put that seed into my device I also don't trust the screen, and the fact that it's very easy with a trojan to just take screenshots whenever specific applications show up What more obvious thing to do or more obvious thing can you imagine than taking a screenshot every time a password manager window pops up! I would certainly set that up in my trojan if I was writing one

From that perspective, I wouldn't trust the input into the password manager or the ability to read it back securely without someone else getting into it first In general, when I'm talking about cold storage seeds, mnemonic phrases these mnemonic phrases have never been typed into a computer They have never been displayed on a screen that is not the purpose made screen of the hardware wallet They have most certainly never been typed in sequence, even if I've done a recovery with them, in which case they're typed in a random sequence interspersed with decoy words All of these techniques ensure that they never go online

And so no, I wouldn't use a password manager for that purpose Thank you for supporting my work Learn more at aantonopcom