New to the decentralized web? This explainer should help.
Your Secret Recovery Phrase is a unique 12-word phrase that is generated when you first set up MetaMask. Your funds are connected to that phrase. If you ever lose your password, your Secret Recovery Phrase allows you to recover your wallet and your funds. Write it down on paper and hide it somewhere, put it in a safety deposit box, or use a secure password manager. Some users even engrave their phrases into metal plates!
With MetaMask, control over your wallet belongs to the holder of a master key (that’s YOU!).
Not even the team at MetaMask can help you recover your account or wallet if you lose your Secret Recovery Phrase. As long as you keep this phrase safe and sound, your wallet will be secure.
There are a lot of benefits to using a self-custody wallet. For example:
- No institution or bad actor can reach into your account to steal or prevent access to your funds
- No merchant you transact with via MetaMask can access more of your personal data than you reveal.
The trade-off? Because a MetaMask wallet is self-managed, the responsibility for keeping that wallet safe is entirely on you.
Never ever share your Secret Recovery Phrase with anyone. Sharing your Secret Recovery Phrase with someone would be like handing over the pin code to your bank card, or the keys to your house. It would give that person the ability to access and transfer all of your funds. The MetaMask team will never ask you for it. If anyone or any website asks you to share it, they’re trying to scam you.
If you’re more of a visual learner, this quick video should help.
Here are a few basic security tips to help you keep your wallet secure
MetaMask locally encrypts your secret recovery phrase with your password. That means that when you lock your wallet, no one can use your funds until you enter your password again. If you forget your password, you can regain access to your account with the Secret Recovery Phrase, as it’s the key to access your wallet that only you hold. It’s important to know that neither MetaMask or anyone else can change or recover your seed phrase if it’s lost. Please guard it well! For more information on this, see here.
You’ll be prompted to set your Secret Recovery Phrase and password when you first unlock MetaMask. If you lose it, you should be able to recover it if you remember your password AND you have a copy of your vault data. You can attempt to find your vault data (either locally on your computer or on a backup of the computer) using these instructions.
If you lose your Secret Recovery Phrase AND forget your password, there is no way to recover the phrase and access your account.
This has been mentioned already, but it doesn’t hurt to be thorough: anyone who has your Secret Recovery Phrase or private keys can remove tokens from your accounts. Never share your Secret Recovery Phrase or private keys with anyone -- not even the MetaMask team. We will never ask you for this information. If anyone claims to be a MetaMask team member and asks you for this information, please report them immediately using our official support channels.
Hardware wallets, like Trezor and Ledger, are commonly thought to be a safer way to store your tokens. They store the private keys offline, meaning you need to be in physical possession of the wallet to sign transactions -- a considerable barrier to online scammers.
These are basic tips, but are by no means an exhaustive list of security options. Keep on top of token security trends and updates by learning from the Ethereum community, reading helpful material (like this post) and joining discussion channels like this.
If you see members of the community struggling with security, feel free to share this post. Remember, if you need any help, or would like to report accounts that are imitating MetaMask, get in touch at support.metamask.io.
Click here to download MetaMask.