Never reuse passwords

A password manager is essential for your online security because it eliminates the need for easy-to-remember (and guess) passwords and password reuse.

• Username and password for the exchange where you buy bitcoin.
• PIN code to your hardware wallet.
• Seed phrase extension (but not the seed phrase).

I just lost my $170K wallet

Most password managers offer a subscription service that automatically synchronizes your passwords across devices and stores an encrypted backup of your passwords in the cloud.

• 1Password
• LastPass
• Dashlane

Exchanges only provide users with a custodial wallet. This means that the exchange - not you - holds the private keys to your bitcoin. For this reason an exchange is not recommended for holding your bitcoin longer than a couple of days.
It is much safer (and in the ethos of bitcoin) to hold your bitcoin in a wallet of which you control the private keys.

Andreas Antonopoulos: Your keys, your bitcoin; not your keys, not your bitcoin

For novices holding small amounts of bitcoin, a simple software wallet or a non-custodial web-based wallet is a good low-entry solution.

Make sure that an encrypted backup of your wallet is made automatically and regularly. Store the backup on a different device.

See bitcoin.org for an overview of bitcoin wallets

Ledger Nano hardware wallet

Your bitcoin might get stolen if someone gains access to your private keys. With a hardware wallet this is extremely unlikely since the private keys never leave the device.
Although you need to connect your hardware wallet to a computer in order to send bitcoin, malware on your computer has no access to the private keys on your hardware wallet.

The most well-known hardware wallets are Trezor, Ledger and Coldcard

Your hardware wallet must be protected by a PIN code so that in case of loss you need not worry about someone getting access to your funds; just use your seed phrase backup to recover your wallet on a new device.

Metal seed phrase backup with security seal

A seed phrase is a list of 12 to 24 seemingly random words from which the private keys in your wallet are generated. It is what you need to recover your private keys if your wallet gets compromised in any way and is not accessible anymore.
In other words: the seed phrase is your backup of last resort.

When you buy a new hardware wallet, a piece of paper is included to write down the seed phrase that is generated during initialization.
However, for obvious reasons, paper is not ideal to backup your seed phrase as it will likely be destroyed in a fire or flooding or might get eaten by rodents.

Luckily there's a good alternative to paper for making a backup of your seed phrase: stainless steel or another metal with a high melting point.

• Cryptosteel
• Hodlinox
• ColdTi

Some vendors even have seed phrase backup solutions with a security seal, making it impossible to expose the seed without breaking the seal. This allows you to always verify that your seed phrase is uncompromised which is especially useful if you do not have a safe or if you share a safe with someone else.

Read Jameson Lopp's metal bitcoin seed storage stress test

Store your seed phrase in a safe

While losing your hardware wallet is in most cases just an inconvenience (you can easily restore the keys onto a new device), losing your seed phrase requires immediate action.

Anyone that knows your seed phrase can steal your bitcoin simply by entering the seed into another wallet and transferring your funds to a new address.
For this reason it is highly recommended to store your seed phrase in a safety deposit box or safe.

Hardware wallet

Assuming you have secured your hardware wallet with valid PIN code, your bitcoin can not be stolen by someone that holds the wallet but not the PIN code.

However, in some rare cases it might be possible for a hacker to gain access to your private keys if he has physical access to your hardware wallet. For this reason it is recommended to always keep your wallet locked away when not in use.

PIN code

If you do not trust yourself to remember the PIN code to your hardware wallet, it's best to store it in your password manager.

I forgot my PIN: an epic tale of losing $30,000 in bitcoin

Seed phrase

Your seed phrase is best engraved on a stainless steel plate, but for low amounts writing it on a piece of paper is also fine.

While less convenient, it is preferable to store your seed phrase backup on a different geographical location than your hardware wallet; if your seed phrase is written on a piece of paper this is crucial.
Note that your seed phrase is sometimes needed to restore your hardware wallet after a firmware upgrade.

Keep the backup in a personal safe or safety deposit box if available. If you do not have one, consider using a backup with tamper evident security seal such as the Hodlinox double plates and store the backup in a location that meets these criteria:

• It can be locked - OR - nobody is likely to discover its contents by accident.
• You can still remember it in a few years from now.

If you need to secure a very large amount:

• Create multiple wallets by adding one or more seed phrase extensions to your seed phrase.
• Keep only a small amount of bitcoin in the wallet that does not have a seed phrase extension.
• Disperse metal backups of your seed phrase across several locations.

Seed phrase extension

If you do not trust yourself to remember the seed phrase extension, it's best to store it in your password manager. Never store the seed phrase extension along with your seed phrase.