See security-architecture-explained for a deeper technical view.
What is BIP-39? (what is bip-39)
What is BIP-39? People often search "what is bip-39" — here’s a plain answer. BIP-39 is the Bitcoin Improvement Proposal that defines how recovery phrases (seed phrases) map to binary entropy and then to the master seed used to derive private keys. It standardizes the wordlists and checksum rules so a phrase created by one compatible wallet can usually be restored in another.
12 vs 24 words? A 12-word phrase encodes 128 bits of entropy; a 24-word phrase encodes 256 bits. Both are strong, but 24 words offer more future-proofing against brute-force advances. I noticed that many users prefer 24 words for cold storage, but 12 words are still common for convenience.
For a step-by-step setup, see seed-phrase-basics and restore-recover-failure.
SLIP-39 (Shamir) explained — slip-39 shamir explained
SLIP-39 Shamir explained: SLIP-39 is a standard that applies Shamir’s Secret Sharing to recovery phrases. Instead of a single recovery phrase, you generate multiple shares and specify a threshold (for example, 3-of-5). Any 3 shares reconstruct the master secret; fewer than 3 reveal nothing.
Practical trade-offs: Shamir lets you split risk (store shares in different locations) and add redundancy. But SLIP-39 shares are not universally supported across all wallets, so check compatibility before committing. Read more in the detailed guide: shamir-slip39-guide and consider metal backups via backup-metal-slip39.
Air-gapped definition — offline signing
Air-gapped definition: an air-gapped device never connects directly to the internet or a host during signing. Transactions are prepared on an online computer, exported (often as a QR code or PSBT file), signed on the air-gapped device, and then moved back for broadcasting.
Benefits: reduces remote attack surface. Drawbacks: slower workflow and slightly more complexity. If maximum isolation matters for large holdings, air-gapped signing is worth learning. See air-gapped-signing for step-by-step instructions.
Multisig definition — multi-signature explained
Multisig definition: multisig (multi-signature) means an on-chain rule requiring multiple private keys to approve a transaction. A 2-of-3 multisig, for example, needs any two keys from three to sign.
Why use it? It reduces single-point-of-failure risk and supports shared control (family, corporate treasury, or personal redundancy). What I’ve found is that multisig is one of the best practical trade-offs between security and recoverability, but it adds setup complexity and wallet compatibility requirements. See multisig-setup-ledger and multisig-setups for guides.
Seed phrase, passphrase (25th word), and backups
Seed phrase (or recovery phrase): the human-readable master key for your wallet. Treat it like the ultimate master key (think: safe deposit box master key). If an attacker gets it, they control funds.
Passphrase (25th word): an optional extra word or phrase added on top of a BIP-39 seed to create a separate, hidden wallet. Useful for adding defense-in-depth. But: if you lose the passphrase, funds are irretrievable. I tell people to only use passphrases if they can store them reliably and privately. Read the risks at passphrase-usage-risks.
Backups: metal backup plates resist fire, water, and time decay. For metal options, see metal-backup-plates and backup-metal-slip39. Also read about single-sig vs multisig backup strategies in cold-storage-strategies.
But don’t store your seed phrase in cloud notes. Ever.
Connectivity: USB, Bluetooth, NFC — security implications
USB: straightforward, widely supported, and generally considered low-risk when you control the host. Bluetooth: convenient for mobile, but it introduces another attack surface (radio pairing). NFC: short-range convenience for some mobile workflows.
Is Bluetooth safe? It depends on implementation and user behavior. Many secure designs keep private keys inside the secure element, but Bluetooth still adds complexity. See practical advice at walletconnect-bluetooth and connections-usb-bluetooth-nfc.
Firmware, supply chain & verification
Firmware: the code that runs on the device hardware. Firmware updates fix bugs and add coin support, but unverified updates can be dangerous.
How to verify? Use cryptographic signature verification where possible and follow the vendor’s official verification steps (don’t trust emailed or community-sourced files). If you want the process explained, read firmware-update-verify and firmware-updates-and-verification.
Supply chain risks: buy from reputable sellers, check tamper evidence, and verify firmware after first power-on. For buying safety see buying-supply-chain-safety and supply-chain-and-tamper-risks.
Common mistakes and cold-storage strategies
Common mistakes include buying from unofficial sellers, photographing seed phrases, and reusing passphrases without redundancy. I noticed many recoveries fail because users misunderstood how passphrases work.
Cold-storage strategies range from a single signed hardware wallet in a safe to geographically-distributed multisig vaults with legal inheritance plans. For practical setups, see cold-storage-strategies and backup-recovery-best-practices.
Quick comparison table: example feature breakdown
Example feature breakdown for common hardware wallet types (for illustration). Check model-specific details on the compare page: compare-models.
| Feature |
Secure-element-first (type A) |
Air-gapped (type B) |
Mobile (type C) |
| Secure element |
Yes |
Some variants |
Sometimes |
| Air-gapped signing |
Partial |
Full |
No |
| Connectivity |
USB |
QR / SD / NFC |
Bluetooth / USB |
| SLIP-39 support |
Optional |
Often |
Rare |
| Multisig-friendly |
Yes (via companion apps) |
Yes |
Limited |
| Best for |
Long-term vault |
Highest offline assurance |
Everyday mobile use |
FAQ
Can I recover my crypto if the device breaks?
Yes — if you have the seed phrase (and passphrase, if used). Restore to another compatible hardware wallet or software wallet that supports the same standards. See restore-recover-failure and seed-phrase-basics.
What happens if the company goes bankrupt?
If you control the private keys (self-custody), your crypto exists on-chain and can be recovered with your seed phrase using other compatible wallets. There are ecosystem risks (updates, app support), so consider redundancy and open standards. Read company-bankruptcy-and-business-risk.
Is Bluetooth safe for a hardware wallet?
Bluetooth adds convenience but more attack surface. Good implementations isolate keys in the secure element and use encrypted channels, but Bluetooth still increases complexity. For practical advice, see walletconnect-bluetooth and connections-usb-bluetooth-nfc.
Conclusion & next steps
This hardware wallet glossary covers the terms most readers ask about: secure element definition, what is bip-39, and slip-39 shamir explained among others. If you’re ready to apply these concepts, start with a simple setup guide and a verified firmware check.
Explore the setup overview, then move to getting-started-setup and firmware-update-verify. What I’ve found is that a little time spent understanding these terms pays off when you need to recover or defend your holdings. Good luck, and stay careful.
