Passwords and MetaMask

MetaMask Passwords and MetaMask and its mobile app installed on your phone: You need to have both of them before you start the process of synchronizing

MetaMask: a different model of account security

Public blockchain technology uses a very different set of tools to secure user data, compared to traditional online technologies. Most of us are used to creating an account with an app, or service and being able to, for example, write to support to reset our password or username. We're used to the app keeping our data, presumably on some sort of computer that belongs to the company.

Well... MetaMask doesn't work like that. MetaMask has three different types of secret that are used in different ways to keep your wallet, and your accounts, private and safe: The Secret Recovery Phrase, the password, and private keys. We'll walk you through these secrets one at a time.

Intro to Secret Recovery Phrases

One of the key (you'll see what I did there) technologies underlying MetaMask, and most user account-related tools in the crypto space is the seed phrase, or as it's referred to in MetaMask, your Secret Recovery Phrase.

All of your accounts are mathematically derived from your Secret Recovery Phrase. You can think of the SRP like a keyring, and it holds as many private keys as you could want: and each one of those keys controls an account.

Now, if you want a technical explanation: Seed phrases as we know them today were codified for usage in Bitcoin, according to a standard referred to as Bitcoin Improvement Proposal 39, or BIP-39. In simple terms, a series of words are selected with a high level of randomness from a specific list of words. In MetaMask and many other Ethereum-compatible technologies, there are 12 words in a seed phrase. Some older seeds generated by the Brave browser, and some hardware wallets, use 24-word phrases.

Each one of these words corresponds to a series of numbers, and when placed in a specific order, represent a much more user-friendly way to remember a very, very long number. That number is then used to deterministically generate your accounts, and you may hear people refer to deterministic wallets. In computer science, deterministic is used to describe a process (usually an algorithm of some kind) that will always generate the same result. In other words, your Secret Recovery Phrase will always generate the same set of accounts derived from it.

There are a number of important features to note here:

  • The Secret Recovery Phrase is the secret that controls the wallet. If someone has this secret, they have complete access to the wallet. MetaMask does not keep your SRP: you are the custodian of your wallet. MetaMask representatives will never ask for your Secret Recovery Phrase, even in a customer support scenario. If someone does ask for it, they are likely trying to scam you or steal your funds.

Last updated