New to the decentralised web? This explainer should help.
At MetaMask, our goal is to build the most secure software, and minimize risk for people. Recently, people have been losing their funds due to sharing their master key of their wallet with scammers. Before May 2021, the master key in MetaMask was called the “Seed Phrase”. Through user research and insights from our customer support team, we have concluded that this name does not properly convey the critical importance that this master key has for user security. This is why we will be changing our naming of this master key to “Secret Recovery Phrase”. In 2021, we phased out the use of “seed phrase” in our application and support articles, and now exclusively call it a “Secret Recovery Phrase.”
MetaMask is an account where you can deposit fiat currency and convert it to a digital currency like Ethereum, which cannot be interfered with by private or public institutions. MetaMask is also a self-managed wallet which allows you to transact with that currency over the internet, enable you to swap tokens to diversify your portfolio, and hedge risk even further - and all without requiring a user to offer up any personally identifiable data.
There are two of the great benefits of using a digital ‘self-managed’ wallet: (1) no institution or bad actor can reach into your account to steal or prevent access to your funds, and (2) no merchant you transact with via MetaMask can access more of your personal data than you reveal.
The trade-off? Because a MetaMask wallet is self-managed, the responsibility for keeping that wallet safe is entirely on you.
With MetaMask, control over your wallet belongs to the holder of a master key (that’s YOU!).
The Secret Recovery Phrase is a unique 12-word phrase that is generated when you first set up MetaMask. Your funds are connected to that phrase. If you ever lose your password, your Secret Recovery Phrase allows you to recover your wallet and your funds. Write it down on paper and hide it somewhere, put it in a safety deposit box, or use a secure password manager. Some users even engrave their phrases into metal plates!
Not even the team at MetaMask can help you recover your account or wallet if you lose your Secret Recovery Phrase. As long as you keep this phrase safe and sound, your wallet will be secure.
Never ever share your Secret Recovery Phrase with anyone. Sharing your Secret Recovery Phrase with someone would be like handing over the pin code to your bank card, or the keys to your house. It would give that person the ability to access and transfer all of your funds. The MetaMask team will never ask you for it. If anyone or any website asks you to share it, they’re trying to scam you.
If you’re more of a visual learner, this quick video should help.
Here are a few basic security tips to help you keep your wallet secure
- What’s the difference between a Secret Recovery Phrase and a password? Why do I need both?
MetaMask locally encrypts your secret recovery phrase with your password. That means that when you lock your wallet, no one can use your funds until you enter your password again. If you forget your password, you can regain access to your account with the Secret Recovery Phrase, as it’s the key to access your wallet that only you hold. It’s important to know that neither MetaMask or anyone else can change or recover your seed phrase if it’s lost. Please guard it well!
- How To Reveal (and Recover) Your Secret Recovery Phrase
You’ll be prompted to set your Secret Recovery Phrase and password when you first log into MetaMask. If you lose it, you should be able to recover it if you remember your password AND you have a copy of your vault data. You can attempt to find your vault data (either locally on your computer or on a backup of the computer) using these instructions:
If you lose your Secret Recovery Phrase AND forget your password, there is no way to recover the phrase and access your account.
- Don’t share your secret recovery phrase and private keys
This has been mentioned already, but it doesn’t hurt to be thorough: anyone who has your Secret Recovery Phrase or private keys could send Ether or tokens out of your accounts. Never share your Secret Recovery Phrase or private keys with anyone - not even the MetaMask team. We will never ask you for this information. If anyone claims to be a MetaMask team member and asks you for this information, please report them immediately via: email@example.com.
- If you have a large amount of ETH/token in your accounts, consider getting a hardware wallet.
Hardware wallets, like Trezor and Ledger, are commonly thought to be a safer way to store your Ether or tokens. It signs transactions through the private keys which are stored offline.
These are basic tips, but are by no means an exhaustive list of security options. Keep on top of token security trends and updates by learning from the Ethereum community, reading helpful material (like this post) and joining discussion channels like this.
If you see members of the community struggling with security, feel free to share this post. Remember, if you need any help, or would like to report accounts that are imitating MetaMask, join our Discord or open an issue at support.metamask.io.
Click here to download MetaMask.