I came up with a first version of a concept to store cryptocurrency on a hardware wallet securely and I would very much appreciate feedback to optimize it.
To access the cryptocurrency funds there are two possibilities:
* You need to have the hardware wallet AND know the secondary PIN
* OR you need to know the recovery seed AND the seed passphrase.
The following table describes what is stored where and how to access the storage.
|Storage:|How to access:|Content:|
|Password manager|Master password + Hardware token|Seed passphrase^(1)|
|Bank|Personal verification|Recovery seed, Master password|
|Mind|Duress|Master password, regular & secondary PIN|
|Trusted Friend|Personal verification|Hardware token|
|Keychain|Take possession|Hardware token, Hardware wallet|
^(1) The seed passphrase is stored in a password manager with an ordinary label like “ebay password” between hundreds of passwords.
I visualized the table [here](https://www.imagevenue.com/ME12VYZ4).
Concept behind seed passphrase and secondary PIN:
>*The Seed passphrase is an advanced feature that adds a 25th word of your choosing of max 100 characters to your recovery seed.*
>*Using a Passphrase will cause an entirely different set of addresses to be created which cannot be accessed via the 24-word recovery phrase alone.*
>*Aside of adding another layer, the Passphrase grants you plausible deniability when under duress.*
>*[When linking a passphrase of your choosing to a secondary PIN code,] you would first create a passphrase directly on your Ledger device [hardware wallet}. After having done so, you would be able to choose a secondary PIN code for your Ledger device. After this, each time you turn on your device, you could choose between entering your normal PIN code or your secondary PIN code. If you would enter your secondary PIN code, your accounts hidden behind a passphrase would be accessible.*
* The cryptocurrency funds are still accessible if
* the keychain is lost
* OR password AND PIN is forgotten
* OR the bank suddenly denies access to the vault
* An adversary cant access the cryptocurrency funds even if..
* he gets possession of the hardware wallet AND token AND forces user to give him a PIN code
* OR gets in possession of the recovery seed AND master password stored in the bank vault
1. **What could an adversary realistically do to access the cryptocurrency funds?**
2. **What are realistic possibilities that would make the user loose access to the funds?**