Private Key & Passphrase
In the electronic world, if the private key and passphrase are lost or exposed, users will not be able to access their assets. So what is a private key? What is a passphrase? How to store Passphrase safely and securely?
What is Private Key?
A private key is a string of random letters and numbers generated using cryptography to decrypt information.
In the crypto world, a private key can be considered the password to your cryptocurrency wallet. It allows you to access and manage your assets, recover your wallet, and sign transactions. Your private key is extremely sensitive information that must be carefully stored and protected. Never disclose it to anyone to avoid the permanent loss of your assets.
Example of a private key:
1a6bb7e9b25bbed5f513bd1dd1866d12c1010a6d2a138f657aaf291064e11b7c
What is passphrase?
A passphrase (also known as a seed phrase) is a series of 12 to 48 random English words that allows you to access and manage your assets, as well as recover your cryptocurrency wallet in case of loss or device replacement.
Similar to a private key, your passphrase must be kept secure and should never be shared with anyone under any circumstances.
Example of a passphrase:
lecture estate tube tunnel decade tone flash army pink nice net trap
Distinguish between Private Key and Passphrase
Similarities
Private keys and passphrases are both crucial pieces of information that directly affect your crypto assets. They share the following similarities:
- Purpose: Both serve as “keys” to secure your assets, grant access to your wallet, and recover your wallet in case of loss or device replacement.
- Enhanced Security: In the crypto world, private keys and passphrases offer a higher level of security compared to traditional passwords due to their length and complexity. They help protect against common attacks like dictionary attacks and brute-force attacks, where hackers try to guess your password.
- Example: In a dictionary attack, hackers use a database to guess your password. Since private keys and passphrases are made up of multiple words and symbols, the probability of success for this type of attack is very low.
(According to NordPass research, hackers can crack a user’s password in 10 seconds, but not a passphrase.)
Differences
While both private keys and passphrases serve the same purpose of securing crypto assets and allowing wallet access and recovery, they have some key differences:
- Format: As mentioned earlier, the format of a private key and a passphrase differs. A private key is a string of random characters and numbers, while a passphrase is a series of words. Generally, private keys are harder for users to remember than passphrases.
- Application: For single-chain wallets like Ethereum wallets or Solana wallets, users can use either a private key or a passphrase for recovery. However, for multi-chain wallets, which hold multiple single-chain wallets within them, users can only use a passphrase for recovery. Think of the passphrase as the key to your house, and the private keys as the keys to each room within the house. One passphrase holds multiple private keys.
Example: Recovering a Wallet Using Coin98 Super Wallet
To illustrate this, let’s look at the process of recovering a user’s wallet using Coin98 Super Wallet:
- Step 1: On the homepage, select the “Wallet” icon in the bottom right corner.
- Step 2: Select the “Add Wallet” icon in the top right corner.
- Step 3: Choose the “Hot Wallet” type and select “Continue”
Step 4: At the wallet selection interface, choose the type of wallet you want to recover. If you select a single-chain wallet, you can choose to enter either your private key or passphrase to proceed with the recovery.
Step 5: If you select a multi-chain wallet, you can only enter your passphrase to recover it and retrieve all the private keys within each individual wallet.
In summary, if users intend to use their primary wallet for asset storage and don’t frequently interact with various dApps, a single-chain wallet is a suitable solution. Conversely, if users want to interact with multiple applications and don’t store large amounts of capital, they should create a multi-chain wallet for greater convenience.
Regardless of the wallet type, users must ensure the careful storage of both their passphrase and private key to safeguard their cryptocurrency assets.
How to secure Private key and Passphrase safely
Unlike banks or credit card companies, which allow users to reset their PIN or password if it’s lost or forgotten, private keys and passphrases cannot be recovered. If lost, the user’s assets are also lost. Therefore, users need to ensure that their private key and passphrase are stored very carefully.
Here are some ways to effectively store and secure your private key and passphrase:
Use Zen Card – A Next-Generation Storage Solution
Zen Card is a next-generation storage solution developed by Ninety Eight that helps users enhance the security of their private keys and passphrases. Zen Card exists as a cold wallet—a compact physical device similar to a bank card—and uses NFC (Near Field Communication) technology to connect with the Coin98 Super Wallet hot wallet, allowing users to conveniently carry it with them and easily connect it to their mobile wallet.
Simply put, Zen Card can be considered a “hybrid wallet” that leverages the advantages and eliminates the disadvantages of both hot and cold wallets. It enhances security and minimizes the risk of private key and passphrase attacks for users through key splitting technology. Specifically:
- Key Splitting: The encrypted private key and passphrase are split into two parts. One part is stored on the Zen Card, and the other is stored in a secure partition on the user’s phone. With this mechanism, the user’s key is not stored in its entirety on the phone or software. Therefore, even if one of the two devices is lost or compromised, it would be impossible to decrypt the original key and access the user’s crypto wallet.
- NFC Connectivity: When conducting transactions on the wallet, users need to use the Coin98 Super Wallet and scan the Zen Card with their phone to sign the transaction. This makes signing transactions more convenient than using a USB cable.
Read more: Detailed instructions for using Zen Card.
Storing Your Private Key and Passphrase Offline
During the wallet creation process, Coin98 Super Wallet always recommends that users save their private key and passphrase in a secure location and never disclose them to anyone. Otherwise, the account is at risk of being compromised if someone gains access to these keys.
Users often have the habit of taking screenshots and storing them in their photo gallery or pasting their private key/passphrase on messaging apps (Messenger, Zalo, etc.). However, this is not truly secure for several reasons:
- Data stored as images or sent through other apps can be tracked or stolen by hackers.
- When stored as images, it can be difficult to copy the information, especially for complex strings of characters like private keys.
Here are some recommended practices for secure storage:
- Write down your private key and passphrase on paper and store it in a safe, dry place to minimize environmental damage.
- Make multiple copies and store them in different locations, in case one copy is lost or damaged.
Never Share Your Keys: “Your Keys, Your Coins”
- Never share your private key or passphrase with anyone, including family members or admins of any community.
- Never enter your private key or passphrase on unknown websites, in unfamiliar applications, or through links from untrusted sources. This could lead to phishing attacks or malware infections that could steal your keys and all your assets.
Read more: 19 forms of cryptocurrency scams in crypto.
Using Personalized Memorization Techniques for Storage
Everyone has different methods for storing their security keys.
One common approach is to change 1-2 words or characters in the private key or passphrase to their antonyms or other variations.
Example:
Original passphrase: visual this guide pear sad primary glory weasel sausage aisle pipe make
Modified passphrase: visual that guide pear happy primary glory weasel sausage aisle pipe make
This method changes “this” to “that” and “sad” to “happy.” Users can create various other modifications according to their preferences. This memorization technique helps prevent hackers from stealing the private key or passphrase.
Implementing App-Specific Security Layers
Application developers often provide additional security layers, such as passwords, to protect user assets. These security layers vary depending on the wallet application.
For example, Coin98 Super Wallet not only supports various security settings like Face ID, fingerprint recognition, and PIN codes but also offers a new generation of password called Matrix password, which has high security and anti-peeping capabilities, preventing screen recording during operations.
Using Ramper – A Social Login and Keyless Solution
For newcomers to the crypto market who are unfamiliar with entering private keys or passphrases to create a wallet, Ramper offers a Social Login solution for easier and more seamless access to the world of cryptocurrencies.
Specifically, Ramper minimizes the worry of remembering passphrases or private keys by eliminating the need to create a wallet from them. Instead, Ramper provides a login feature through social media accounts like Gmail, Facebook, and Google, opening up access to the crypto world for users transitioning from Web2 to Web3.
By using Ramper, user actions are simplified with a familiar process. However, after successfully creating a wallet, users still need to carefully store and secure their private key or passphrase using the methods mentioned above
Read more: Detailed instructions for using Ramper.
Pingback: Understanding Hash Functions in the Crypto Market - coinrin.com