This hardware wallet glossary collects the core terms I use when explaining long-term crypto security to friends and clients. I’ve been using hardware wallets since 2018, and over time I noticed the same handful of terms confuse new users. So I wrote this: short definitions, real examples, and links to step-by-step guides.
Think of your seed phrase like the master key to a safe deposit box. Keep it secure, and you keep access to funds. Lose it (or store it poorly), and recovery becomes a painful puzzle. I’ll show the concepts and practical steps, and link to deeper how-tos such as seed phrase management and the firmware update guide. And yes — I test recovery procedures before trusting large balances.
A hardware wallet is a physical device that generates and stores private keys offline. It signs transactions inside the device so your keys never leave the protected environment. I've used several models; the common advantage is strong isolation between your keys and any internet-connected machine.
Secure element definition: a secure element is a tamper-resistant chip that stores private keys and performs sensitive cryptographic operations inside an isolated environment. It’s like a vault inside the device that only accepts signed commands. Many vendors provide a cryptographic attestation (proof the secure element and its firmware are authentic). That attestation lets you verify a device hasn't been tampered with prior to setup.
Seed phrase definition: a seed phrase (aka recovery phrase) is a human-readable list of words that encodes the entropy used to derive private keys. BIP-39 explained: BIP-39 defines the wordlists, how words map to entropy, and how that entropy is converted into a binary seed (using PBKDF2 with HMAC-SHA512). Common lengths are 12 and 24 words, which affect entropy.
What I've found: a 24-word seed gives more brute-force resistance, but the act of storing it safely is the real operational challenge.
SLIP-39 explained: SLIP-39 (Shamir-style backup) splits the recovery secret into multiple shards. You store shards in different locations and recover only when a quorum of shards is combined. It reduces single-point-of-failure risk, but it also increases how many things you must coordinate during a recovery. I used a shard split across family members as a practical example; it worked, but practice and clear instructions were essential.
A passphrase is an optional secret combined with the seed phrase to derive a different wallet. Some users call it the “25th word.” It adds an extra layer of security and plausible deniability. But lose the passphrase and the funds behind that derived wallet are effectively gone. Test recovery before you rely on a passphrase (see passphrase 25th-word guide).
Connection choice is a trade-off between convenience and attack surface. USB offers a direct cable link and is often simpler to reason about. Bluetooth is convenient for phones but adds a wireless layer that increases complexity. NFC provides short-range communication and is less common.
| Connection | Convenience | Security considerations |
|---|---|---|
| USB | High | Direct cable; avoid using compromised computers. See bluetooth-usb-nfc-security. |
| Bluetooth | Very high | Easy mobile pairing; larger attack surface due to wireless stack. |
| NFC | Medium | Short range; limited implementations. |
| Air-gapped | Low | Highest isolation when implemented correctly (no network connection). |
Air-gapped explained: an air-gapped device never connects to the internet. It signs transactions offline and transfers signed payloads by QR code, microSD, or removable media. I’ve signed PSBTs (partially signed Bitcoin transactions) with an air-gapped workflow — slower but cleaner for high-value cold storage.
| Feature | 12 words | 24 words |
|---|---|---|
| Entropy | Lower | Higher |
| Brute-force resistance | Lower | Higher |
| Ease of manual transcription | Easier | Harder |
| Typical use case | Everyday wallets | Long-term cold storage |
I prefer 24 words for large holdings. But a clearly documented 12-word seed with a secure passphrase can be adequate for smaller balances.
Do this deliberately. Mistakes are easy when you rush.
Multisig explained: multisig requires multiple independent signatures to move funds. A common setup is 2-of-3, where two signatures are required. Multisig improves resilience to single-key compromise but raises operational complexity (key storage, compatibility, and coordinated signing). If you manage institutional funds or large personal holdings, multisig is worth learning. See the multisig guide and a model-specific multisig walkthrough.
Firmware updates fix bugs and close security gaps, but only if the update process is authenticated. Firmware attestation is the cryptographic verification that firmware is signed by the vendor and unchanged. Always verify signatures where available. Also, avoid buying devices from unknown resellers — supply-chain attacks are real (more on this at supply-chain verification and buying safely).
What happens if the company behind a device goes bankrupt? Your private keys remain yours; crypto doesn't vanish with the vendor. But support and firmware updates may become harder (see company bankruptcy). If a device dies, you can recover with your seed phrase on a compatible device (see recover if device lost).
Q: Can I recover my crypto if the device breaks?
A: Yes. Use your seed phrase on a compatible hardware wallet or trusted recovery path. Never paste your seed into random websites.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth is convenient but raises the attack surface. For the highest-value cold storage, consider air-gapped or USB-only flows.
Q: What's the difference between non-custodial and self-custody?
A: Non-custodial explained: a service that does not hold your private keys. Self-custody glossary: you hold and are responsible for the keys.
Q: Should I use SLIP-39 or multisig?
A: Both solve single-point-of-failure issues in different ways. SLIP-39 focuses on distributed backups; multisig splits signing authority. Your choice depends on trust model, operational comfort, and recovery planning.
Glossaries are useful, but action matters. If you’re setting up a device, follow a step-by-step setup and test a recovery with a small amount first. Start with the setup guide, then explore model options using the model comparison. Want practical walkthroughs? Try a guided setup and a recovery test — you'll sleep better at night.