Principles
- No single point of failure (people, places, devices).
- Backups must be test‑restored, not assumed.
- Threat model: theft, coercion, fire/flood, your own stupidity.
Hardware wallet setup
- Buy from manufacturer, verify packaging/signatures.
- Initialize offline. Record seed on paper/metal. No photos, no cloud.
- Set a PIN and (optionally) a passphrase. Write both separately.
Backup patterns
- Single seed, two locations: home safe + trusted relative’s safe.
- Shamir split (advanced): 2‑of‑3 shares across locations.
- Steel plate: resists fire/flood better than paper.
Test restores (non‑destructive)
Use a spare device or software wallet offline to confirm the seed matches expected addresses (watch‑only).
2FA and admin hygiene
- TOTP app with offline backup codes on paper; avoid SMS.
- Separate email for exchanges; long unique passwords via a manager.
Emergency envelope
Write a plain‑English note for your spouse/executor: where the seed is, how to contact you, who can help. No balances.