Exploring how many QR codes to produce and how to store them

A discussion on how many QR codes to create using Sead

When securing your cryptocurrency seed phrase with the Sead Tool, you can adopt various strategies to balance security and accessibility. These strategies include using a mix of offline and online QR codes, storing some shares offline while keeping others online, and creating multiple copies of the same QR code for redundancy.

Below a discussion between Alice and Bob who have each their own chosen strategy on the number of QR codes using Sead:

• Alice: Opted for a 2-of-2 Sead Tool QR codes scheme, made 10 copies of one of the two QR codes, distributed them to friends, and hid some in various places.
• Bob: Chose a 3-of-6 Sead Tool QR codes scheme, printing some QR codes and storing others both online and offline.

Alice: Hey Bob, I heard you decided on a 3-of-6 scheme for securing your seed phrase. I'm curious about why you chose that. I went with a 2-of-2 scheme myself. I thought it was simpler and straightforward.

Bob: Hi Alice! Yes, I did choose a 3-of-6 scheme. I wanted a balance between security and redundancy. With three QR codes required out of six, I can lose up to three QR codes and still recover my seed phrase. What made you opt for a 2-of-2 scheme?

Alice: Well, I figured that with a 2-of-2 scheme, there are only two QR codes to manage. I made 10 copies of one of the QR codes and gave them to friends I trust. I also hid some copies in different places. This way, I have multiple backups in case I lose one.

Bob: I see. But aren't you concerned that distributing so many copies of one QR code might increase the risk of it falling into the wrong hands?

Alice: Not really. I trust the friends I gave the copies to, and the hidden ones are well-concealed. Besides, without the second QR code, which I keep securely with me, no one can reconstruct the seed phrase.

Bob: That's true, but with a 2-of-2 scheme, if either of your QR codes is lost or compromised, you either lose access or someone else might gain access to your funds. With my 3-of-6 setup, I have more flexibility. I can afford to lose a few QR codes and still recover my seed phrase.

Alice: That makes sense, but managing six QR codes seems complicated. I wanted to keep things simple. Plus, by having multiple copies of one QR code, I reduce the risk of total loss.

Bob: Simplicity is good, but security is crucial. In my scheme, I've printed some QR codes and stored them in secure physical locations. The others are encrypted and stored online. This diversification helps protect against both physical and digital threats.

Alice: Storing QR codes online? Isn't that risky? What if someone hacks into your accounts or if there's a data breach?

Bob: I've taken precautions. The online QR codes are encrypted in Sead Tool with strong, unique passwords, and I use services with robust security measures, including two-factor authentication. By splitting the QR codes between online and offline storage, I mitigate the risk of losing access due to fire, theft, or other disasters.

Alice: I prefer to avoid online risks altogether. Keeping everything offline feels safer to me. And by giving copies to friends, I have peace of mind that I can retrieve a QR code if needed.

Bob: Trust is important, but human error can happen. Friends might misplace the QR codes or unintentionally expose them, except if you encrypted them. Also, if someone were to obtain both of your QR codes, they could access your funds since only two QR codes are needed.

Alice: True, but the second QR code is only with me. I haven't distributed it at all. The risk of someone getting both is minimal.

Bob: Understood. However, consider scenarios where you might lose your personal QR code due to unforeseen circumstances. With no additional backups, you could be locked out of your own funds.

Alice: That's a fair point. But managing more QR codes still seems daunting. How do you keep track of all six QR codes without making it overly complicated?

Bob: Organization is key. I keep a secure record—encrypted, of course—of where each QR code is stored (I use Sead Safe and Sead Directives where I store my instructions). The physical QR codes are in different secure locations: one at home in a safe, another in a bank deposit box, and one with a trusted family member. The online QR codes are encrypted and stored in different cloud services with strong security practices.

Alice: Doesn't spreading QR codes across different services and locations increase the complexity and potential points of failure?

Bob: It does require careful management, but it also reduces single points of failure. If one location is compromised, the other QR codes remain secure. Plus, requiring three QR codes adds a layer of security; even if someone accesses one or two QR codes, they can't reconstruct the seed phrase (and if they are encrypted it adds an extra layer of protection).

Alice: I can see the benefits of redundancy and added security in your approach. But I'm still concerned about the complexity. What happens if you forget where a QR code is stored or if a service shuts down?

Bob: Sead can be shut down without any impact for us: we’ll always have access to Sead Tool. In addition, I maintain an encrypted master document with all the necessary information in my Sead Safe. I also regularly check that all storage methods are operational and update them if needed.

Alice: You've put a lot of thought into this. Maybe I should reconsider my strategy. Are there any other advantages to your approach?

Bob: Yes, besides security and redundancy, it also helps with transmission/inheritance planning. If something happens to me, my designated beneficiaries, in Sead Directives, can gather the necessary QR codes to recover the funds. The 3-of-6 scheme provides flexibility in such situations.

Alice: That's an important aspect I hadn't considered. In my case, if something happened to me, my family might not be able to access the funds if they don't know about both QR codes.

Bob: Exactly. With proper instructions you can leave in Sead Directives, you can ensure your loved ones aren't locked out. Of course, it requires setting up instructions and possibly involving trusted individuals (defined in Sead Trusted people).

Alice: You've given me a lot to think about. Perhaps an hybrid approach could work for me—maybe increasing the number of QR codes and distributing them carefully.

Bob: That could be a good compromise. You don't have to jump to six QR codes immediately. You could try a 2-of-3 or 3-of-5 scheme, which might be easier to manage while still offering more security than a 2-of-2.

Alice: That's a good suggestion. I appreciate your insights. Any advice on securely managing the additional QR codes if I decide to change my strategy?

Bob: Sure. Start by determining who you trust and what storage methods you're comfortable with. For physical QR codes, consider fireproof safes or bank deposit boxes. For digital QR codes, ensure you use Sead Tool’s encryption option when creating them. Always keep multiple copies and maintain a secure record of your QR codes (using Sead Safe, Sead Directives and Sead Trusted people).

Alice: Thanks, Bob. I'll definitely look into adjusting my setup. Security is important, and I want to make sure I'm not taking unnecessary risks.

Bob: Glad to help, Alice. It's all about finding the right balance for your needs. Let me know if you need any assistance in setting things up.

Conclusion:

This debate highlights the differences between Alice's 2-of-2 scheme and Bob's 3-of-6 scheme for securing their cryptocurrency seed phrases. Alice values simplicity and has distributed multiple copies of one QR code to trusted friends, while Bob prioritizes security and redundancy by using a higher threshold and diversified storage methods.

Key Takeaways:

• 2-of-2 Scheme Risks:
• Pros: Simplicity, fewer QR codes to manage.
• Cons: No redundancy; loss of one QR code means loss of access. Distributing multiple copies of one QR code can increase risk if not managed carefully.
• 3-of-6 Scheme Benefits:
• Pros: Increased security through higher threshold, redundancy allows for loss of QR codes, diversified storage reduces single points of failure.
• Cons: More QR codes to store, requires a predefined strategy where to store them.

When choosing a seed phrase security strategy, it's important to consider factors such as:

• Security vs. Simplicity: Higher thresholds offer more security but can be more complex.
• Redundancy: Having additional QR codes allows for recovery even if some are lost.
• Storage Methods: Diversifying between online and offline storage can mitigate different types of risks.
• Trust: Distributing QR codes to trusted individuals requires confidence in their reliability.
• Accessibility: Ensure that you (or your beneficiaries) can access the necessary QR codes when needed.

By carefully weighing these factors, individuals can select a strategy that aligns with their risk tolerance, technical expertise, and personal circumstances.