A seed phrase is twelve (sometimes twenty-four) ordinary English words that — taken together, in order — are your private key. Not a backup of it. Are it.
Specifically: those words are an encoding (BIP-39) of a 128-bit (or 256-bit) random number. That random number, fed through a cryptographic function, deterministically produces the private key for your XRPL account, and for every other account that wallet might derive.
The full chain looks like this:
12 English words → 128-bit random number → private key → public key → XRPL address
Anyone with the words can recreate the entire chain. Anyone without the words cannot.
Why words, not numbers
A 128-bit number is a string like bcc91d3da55ca8f0c93c5f5cb40b9e8a. Most humans cannot transcribe that without mistakes. Words like island lobster gravity twist coil radio crane wrestle echo metal smoke piano are dramatically easier to write down accurately, dictate over the phone, or remember in your head.
The trade-off: words are easier to steal by reading over your shoulder, photographing, or finding on a sticky note. The format is a usability fix; it doesn't change the security model.
The four rules of seed-phrase safety
Rule 1 — Never type the words into any website, ever
There is no legitimate reason for any website to ask for your seed phrase. Not Gopnik. Not your exchange. Not your hardware wallet manufacturer. Not your tax software. Anyone who asks is trying to steal your money. End of rule.
The only places it's correct to enter your seed phrase are: - The Gopnik wallet's import flow on a device you control. - Another self-custody wallet's import flow, again on a device you control. - A hardware wallet's recovery interface (and only the device, not its companion app on your computer).
Anything else is theft.
Rule 2 — Never store the words digitally
Don't put them in: - A photo on your phone (synced to cloud → seen by anyone with cloud access). - A note in your password manager (yes, even there — password managers are designed for passwords, not key material, and they're a single point of compromise). - A Word doc, a Google Doc, a Notes app, an email draft. - An encrypted file on your laptop (still digital, still a target).
The default storage is physical, offline, redundant. Two pieces of paper or metal, in two separate physical locations you control.
Rule 3 — Test your backup once, after writing it
Write the words. Then use them. Wipe the wallet (or use a different device), import the words, confirm the same account address appears. Then put the words back in your safe.
People who skip this step discover months later that they transcribed a word wrong and the backup is unusable.
Rule 4 — Treat the words as if they're cash, because they are
If someone steals your house and finds the paper, they own your XRP. If your roommate finds it, they own your XRP. If a service technician sees it while repairing your wiring, they own your XRP.
Some people use safe deposit boxes. Some use a steel plate buried in their garden. Some split the words across two locations (the first six somewhere, the last six somewhere else) so neither alone is enough. All are valid. Pick something and commit to it.
What about hardware wallets?
A hardware wallet (Ledger, Trezor, Keystone, Tangem) is a small physical device that stores your seed phrase inside a secure chip that never exposes the key — even when signing. Transactions are sent into the device; signed transactions come out. The key never touches your computer, your phone, or your screen.
For amounts above ~€10,000, hardware wallets are the standard. Gopnik supports pairing with Ledger and Tangem directly. We strongly recommend pairing one before you cross the Custody 301 threshold.
What about Gopnik's passkey option?
The passkey path bypasses the seed phrase entirely — your key lives inside your device's secure enclave (TPM on Android/Windows, Secure Enclave on iOS/macOS), and authentication is via biometric (face/fingerprint) or device PIN. It's the easiest, friendliest setup and now the default for new users. It also has very different trade-offs from a seed-based wallet, which is the entire content of the next lesson.
Next: passkey vs seed — when to use which.