When you self-custody your Bitcoin with Passport, you are in full control of your money. This means you are also completely responsible for ensuring your Bitcoin is backed up safely and securely, such that your Bitcoin is not lost easily to any single point of failure.
The following video explains:
By default, Passport creates a backup file containing your seed words and device settings. This data is saved, fully encrypted, to a microSD card. We supply one industrial grade microSD with Passport, but you can easily obtain extra from any typical electronics store.
This backup file is encrypted with your Backup Code, shown to you upon setup. The Backup Code is 20 digits long and should be written down on the card provided with the device. You can download additional copies of the card here.
The architecture of this Backup solution dictates that both the microSD card and the Backup Code are required for recovery, it is crucial for them to be stored separately.
For more info on why we love the Encrypted Backup solution, check out our blog post.
TLDR - Encrypted backups allow you to create multiple secure backups to remove any single point of failure, but more advanced users might also choose to use a Seed Word backup for extra protection from physical damage.
Users choosing the Envoy setup method will not be shown their seed words upon setup, but can view them any time, once logged in to Passport, in Settings > Advanced > View Seed Words. More advanced users choosing the manual setup will be shown these words as part of the set up process.
Your seed words can be written down on the card provided with the device. You can download additional copies of the card here.
Most Bitcoin seed word backups are stored in plain text. This makes them extremely sensitive information. Anyone with access to them can steal your Bitcoin! Choose your storage location of this type of backup extremely carefully.
Users choosing the Envoy setup method will be guided through the creating their first encrypted microSD card backup. This includes writing down their 20 digit backup code.
All Passport users can create addition encrypted backups to an unlimited number of new microSD cards by heading to Settings > Backup > Backup Now. The Backup Code can also be viewed at any time from the same Backup menu.
Upon any device state change, such as Account addition or removal, or upon the import of a multisig configuration, Passport will automatically create a new, additional Encrypted Backup if there is a microSD inserted into the device. Older files are never overwritten and each new Backup file is appended with a unique number. Higher number = Newer backup.
How many Encrypted microSD card Backups you make will depend entirely on how many different locations you feel comfortable storing them at. Because each SD card is encrypted using a strong encryption standard, these SD cards are useless to anyone that does not have access to your 20 digit backup code.
To remove the threat of a single storage location being compromised, it is good practice to keep at least 1 microSD away from your residence, potentially with a friend of family member. SD cards are small commodity items that are very easy to store covertly, so keeping multiple offsite copies makes sense, but this is very dependent on you and your personal circumstances.
Remember, never store the Backup Code with the microSD card.
As with the physical storage of the microSD card, how and where you store copies of your Backup Code is very dependent on you, your personal circumstances, but also your technical abilities. Once again you should look to remove single point of failures, so having more than one location is good practice. Here are some commonly used approaches:
Remember, never store the encrypted microSD card in the same location as your Backup Code.
The method of creating a physical backup of your Seed Words will depend on the solution you choose to store them in. As a reminder, you can view your seed words at any time, once logged in to Passport, in Settings > Advanced > View Seed Words.
We provide a physical card in the box with Passport for you to write them down on, but this solution is not resistant to fire or water damage, so please do not make this your only backup solution.
We recommend storing your seed words using a medium that is resistant to fire, water and corrosion etc.
Where you store your seed words should be a deeply thought out decision. Physical access to this single item grants full access to all of your Bitcoin. This can be mitigated by the use of a passphrase, but this is an advanced feature that should be carefully considered.
Keeping multiple copies of your plain text seed creates multiple single points of failure. Anyone with access to any copy of your seed words, has access to all of the Bitcoin in that wallet.
To recover your wallet using a Passport generated Encrypted Backup, you will both the Backup Code and a microSD card containing your encrypted backup file. Here's how to do it on Passport:
That's it, your Passport should now look identical to the last time the backup was created.
If for any reason you want or need to recover from an encrypted backup file without using Passport, you can follow the instructions outlined here. Be aware that using this method will expose your seed to an internet connected device, which brings with it far greater potential risk factors. This method should only be carried out in absolute emergencies (for example if you lost access to Passport and need to spend funds quickly).
Here's how to recover your wallet using your Seed Word backup on Passport:
That's it, your Passport wallet is now restored. If you were using additional accounts, those will need to be recreated on device. If you were using the seed as part of a multisig wallet, the configuration file will need to be re-imported. Finally, if you had any keys derived within the Key Manager extension, those will need to be recreated too.
If for any reason you want or need to recover from seed words without using Passport, you can import your BIP39 compliant BIP39 seed words into any compatible hardware or software wallet. Be aware that using this method will expose your seed to an internet connected device, which brings with it far greater potential risk factors. This method should only be carried out in absolute emergencies (for example if you lost access to Passport and need to spend funds quickly).
This is very dependent on you, but generally speaking you should have at least two. Read more details here.
Upon any device state change, such as Account addition or removal, or upon the import of a multisig configuration, Passport will automatically create a new, additional Encrypted Backup if there is a microSD inserted into the device. Older files are never overwritten and each new Backup file is appended with a unique number. Higher number = More recent backup.
If you do not want Automatic Backups to be saved to an SD card you use for transaction signing, please do not leave this microSD card inserted to Passport. If you forget and Passport automatically writes an Auto Backup to your SD, you can remove it on deivce by heading to Settings > Advanced > microSD > List Files > Enter the backups folder > Select the file to be deleted > Click Delete.
Ideally any SD card containing an Encrypted Backup should be kept out of sight, away from Passport. This provides some plausible deniability around the purpose of the SD card.
You can, but it is advised to use dedicated microSD card(s) for your backups and to use a separate microSD card for passing transactional information via PSBTs. If you prefer not to use Passport's Sign with QR feature of course!
Yes. Your encrypted microSD card should be stored in a secure, cool and dry place far away from obvious threats. We ship an industrial grade microSD card with Passport, but there are no guarantees on the exact amount of damage these can withstand. The nature of this type of encrypted backup affords users the ability to securely store multiple copies at different locations, such that if one were to succumb to damage by heat or water, it would not result in a catastrophic loss of funds.
Unless you are an advanced user, proficient in securing computers effectively, your encrypted backup file(s) should not be stored on a computer. Doing so potentially exposes them to remote extraction from anyone sophisticated enough able to connect to your computer. Whilst an attacker could not easily break the strong encryption of the file, they could easily copy and distribute it 1000s of times over.
We would not advise that for the reasons outlined above.
We cover that here.
We recommend you test the backups at least once annually. Learn how to do that here.
If you can satisfy yourself of the trade-offs outlined here, and/or you want a simple offline backup that is completely redundant of Passport, yes.
We cover two methods of doing this in detail here.