Xecret.io Security: Best Practices

Xecret.io
3 min readOct 18, 2022

Protect your seed phrase against loss, fire and theft

Xecret.io

Xecret.io Best Practices
Works offline, allowing you to use the product in a trustless environment to maximize privacy

Xecret.io was created to provide the highest levels of security and privacy. We built Xecret.io to work online and offline in a trustless environment, demonstrating that our servers never see your confidential data.

Xecret.io requires only an internet connection to verify your account login and to purchase credits. All processing related to the creation and recovery of QR codes is done on the client side and can be conducted offline, ensuring that the Xecret.io servers never see your confidential data.

(Diagram of client side vs. server-side processes)

The following are best practices for using Xecret.io in the most secure and trustless way possible:

Option 1 (Chromebook):

Chromebooks are recommended for both creating and recovering confidential data to and from your QR codes (Xecrets). Chromebooks’ sandboxed architecture and Guest Mode ensure that no apps run in the background and that all data is erased from the device when the browser is closed.

Make sure you purchase your Chromebook from a reputable manufacturer and only use it online to access Xecret.io.

The following are the recommended methods for creating your QR codes (Xecrets) with a Chromebook.

  1. Join a trusted Wifi network. Do not use publicly shared Wifi.
  2. Login to the Chromebook in Guest Mode; this ensures NO web applications are running in the background.
  3. Go Directly to Xecret.io and launch the application.
  4. Once you log into the Xecret.io app and purchase a credit, you can NOW go offline (disconnect from the internet) before entering your confidential data. This proves that the application does not share sensitive data with our servers.
  5. Print your Xecrets via a directly-connected USB printer. We recommend that you not use a network printer.
  6. Validate the printed set to ensure it printed correctly.
  7. Close the browser and turn off the computer. Chromebooks’ guest mode automatically clears history, cookies, and downloaded files, ensuring that none of your information is saved on the computer. You can format the machine after using it for added security.

Option 2 (Non-Chromebook/Including Mobile):

If you don’t want to use a Chromebook, please make sure you have a trusted device that is virus-free.

  1. Join a trusted Wifi network. Do not use publicly shared Wifi.
  2. Go Directly to Xecret.io and launch the application.
  3. Once you log into the Xecret.io app and purchase a credit, you can NOW go offline (disconnect from the internet) before entering your confidential data. This proves that the application does not share sensitive data with our servers
  4. Print your Xecrets via a directly-connected USB printer. We recommend that you not use a network printer.
  5. Validate the printed set to ensure it printed correctly.
  6. Clear your browser’s history, cookies, and downloaded files before returning to the internet to ensure that your confidential data has been removed from the computer. You can format the machine after using it for added security.

The Recovery Process

The recovery process can be run offline. Follow our recommendations above using a Chromebook or non-Chromebook device. It is important that you follow the final step to clear your history, cookies, and downloaded files.

If you have any questions or concerns about our security or best practices, please use our Contact page or send us a direct message on Twitter.

--

--

Xecret.io

Store a seed-phrase on paper, fully encrypted inside a set of QR-codes. Seed phrases are immune to loss, fire and theft by our threshold recovery system.