Step 1: Store the seed phrase everywhere and in plain sight.
That's right, store it in a plain text file on your PC, multiple flash disks and phones, print it out a 100 times and leave it lying around. It's perfectly safe and inaccessible to thieves as long as you also follow step 2.
This magic 25th "word", when added to your 24 word seed phrase works just like a password. It can be any length and combination of letters, numbers or symbols, and it turns your seed phrase (and the wallets it provides access to) into a completely different set of words and wallets. You won't need to know what those words are because only your original 24 seed words + this 25th pass word can provide access to the wallet. If you'd like to see how it works, use ian coleman's seed phrase generator, generate a random seed and observe how the wallet addresses change with every keystroke in the passphrase box.
Why is this much safer?
Why is this much safer than the other strategies and ciphering methods i see mentioned here (e.g. memorization, splitting, etching)? Because those typically only add complexity (and therefore more points of failure) without actually providing any additional security in practical terms. Memory can deteriorate, split lists can be lost, stolen or burnt, requiring backup split lists, possibly made of fire proof metal, and additional locations to store them, etc etc. A readily available seed phrase secured with a passphrase provides as much practical security as a seed phrase split and etched onto 24 metal washers using UV reactive ink, which in turn are buried in 24 non descript locations around the globe.
How secure is a passphrase though?
Well assuming a thief has access to your 24 word phrase, the only way to get past the passphrase is an impossibly time consuming brute force attack. Unlike regular passwords, crypto passphrases are infinitely more difficult to crack since every single brute force attempt generates an infinite number of potential wallets to test, and each individual wallett would have to be queried against multiple target blockchains (BTC, ETH, etc) to see if any of them contain any crypto. Placing limits on the number of wallets tested, or figuring out the user's receiving address beforehand can significantly reduce the difficulty for short passwords but we're still talking an eternity for a 12 character passphrase with mixed letters, numbers and symbols.
Step 3 (Optional): Honeytraps and plausible deniability.
If a thief finds a 24 word seed phrase in multiple locations that seemingly has no transactions on it, they will suspect that it's protected by a passphrase- time to brute force the passphrase or better yet, get out the $5 wrench for a different kind of brute force attack.
This is where honey traps and plausible deniability are useful. Sign up to a unique exchange you won't use for anything other than this step, fund the account with fiat, buy some shitcoins and send it to your unprotected 24 word wallet. You can either leave it here (honey trap), or send it back after a few months and sell it all (plausible deniability). With nothing else connecting this wallet and exchange account to your main stash, as far as someone with access to both wallet and exchange account can tell, you've dabbled in cryptos and are now completely out of the game. All while your main stash sits safely in your 25 word wallet.
A few notes and tips
- "In plain sight" here is obviously for illustrative purposes. While it's perfectly safe to store multiple copies of the passphrase protected 24 words in multiple places, there is no need to go out of your way to advertize your seed phrase since that would just invite $5 wrench attacks.
- A honey trap with just enough crypto on it to serve as a target can also serve as an early warning system that alerts you to a compromised device, giving you an opportunity to secure your main stash.
- Just like with passwords, don't use "password123" or your pornhub password to secure your crypto stash. As time consuming as brute forcing a passphrase is, the ones that attempt it anyway will most likely use a dictionary attack that will include passwords sourced from website hacks. You don't have to ever check HaveIBeenPwned if you use a unique passwords.
- Leave hints to your passphrase lying around. An accident or any number of illnesses (including COVID) can easily affect your memory. Scribbling something non descript like "badger badger" can quickly remind you that your passphrase is "mushroom mushroom" while also appearing much less conspcious than a list of 24 words.