The only secure cold storage solution that protects your private keys and seed phrases from loss, fire and theft

Other Solutions vs. Xecret.io

Solution Types Disaster/Loss Protection
Loss & Fire Icon
Theft Protection
Theft Icon
Single Copy Stored in One Location
Multiple Copies Stored in Different Locations
Online Digital Storage
Xecrets Distributed to Multiple Locations

Xecret.io

The application that runs on your phone or computer. It is used to create and retrieve your Xecrets (QR codes).

Xecret.io application on iPhone

(Feature 1)

The Application Runs Client-Side

Xecret.io

The application runs on your phone or computer used to create and retrieve your Xecrets (QR codes).

Xecret.io application on iPhone

Xecrets

A set of cryptographic QR codes that store your confidential information.

Xecret.io application on iPhone

Xecrets

A set of cryptographic QR codes that store your secret information

Xecret.io application on iPhone

Features

The Application Runs Client-Side

(Feature 2)

Hackproof QR Codes

(Feature 3)

Ideal For Decentralized Cold Storage

(Feature 4)

Non-Custodial

How It Works

Create Your Xecrets

1. Use the Xecret.io app to create a set of Xecrets

The application encrypts your confidential information in a set of Xecrets, visualized as a set of QR codes. Create your Xecrets, by specifying 1) the number of them in a set, and 2) the threshold from the set necessary to recompile your confidential information. For example, you could encrypt a password, confidential text, or a set of recovery seed phrases as a set of five Xecrets with a threshold of three. That way, you can use any three Xecrets from the set to recompile your confidential information.

Enter password, secret key, recovery phrase
Secret convrted to Xecret (QR Codes)

2. Distribute your Xecrets to multiple trusted parties

Distribute your Xecrets to Xecret Keepers

Each individual Xecret in a set is 100 percent hackproof. No individual Xecret contains enough information to recover any portion of your private data.

If a Xecret is lost or stolen, you need not worry. An individual Xecret, on its own, does not pose a security threat. You can still use the other Xecrets in the set to recompile your confidential information.

Recover Your Xecrets

1. Request your Xecrets from your trusted parties

Remember, you need only the threshold number of Xecrets that you specified when you generated the set (such as a threshold of two out of a set of three), to recompile your private information.

Request the threshold number of Xecrets to recover password

2. Scan the Xecrets with the Xecret.io app and recover your confidential information

Recovery threshold Xecrets
Xecret.io application turns your Xecrets back into your secret information

Store Your Xecrets

There are many ways to store your Xecrets.
The key is to keep them in physically separate locations for strong security

Secure Your Passwords and Recovery Phrases to any Wallet or Exchange

Xecret.io can protect your access to these and other popular services
coinbase logo
binance logo
exodus logo
coinbase logo
lastpass logo
blockchain logo
Crypto.com logo
Electrum Wallet logo
Ledger Wallet logo
Helium logo
Trezor Wallet logo

Use Cases

Xecrets are the perfect tool for backing up private keys, seed phrases, credentials, or any other item of confidential information. Individual Xecrets are 100 percent secure because they do not contain enough information to recover your confidential information. When you need to recover your private data, gather the threshold number of Xecrets (such as two out of a set of three) and scan them into the Xecret.io app.
Use Xecrets as a non-custodial and decentralized paper wallet to hold your coins. Store the Xecrets in physically separate locations of your choosing. This is the safest and most secure backup solution; it provides cold storage security simultaneously protecting against fire and theft. You grant each Xecret Keeper access to one Xecret, preventing them from ever being able to access your private information.
Xecrets can store all your critical information for estate planning, such as account numbers and passwords. Distribute the Xecrets to reliable friends, associates, or family members: one Xecret for each Xecret Keeper. If something happens to you, the "Xecret Keepers" would return the Xecrets to the instructed beneficiary. The beneficiary needs only the threshold amount of Xecrets (such as two out of a set of three) to reconstruct the critical data.
Executives can use Xecret.io to create Xecrets that protect critical corporate information. Specify the set size as the number of board members and the threshold as the number necessary for a quorum. Then distribute each Xecret to a different board member. This strategy ensures that a quorum must be present during the retrieval of confidential information.
Xecret.io is the perfect tool for groups of three or more who wish to purchase NFTs or other digital assets jointly. The owners can use Xecret.io to turn their credentials into Xecrets, with each owner receiving one Xecret. The owners can set the recovery threshold to either a specific proportion of the group or require 100 percent of the Xecrets to recover the owners' credentials.

Q&A

The best way to protect your passwords, recovery phrases, or any secret information is cold storage. Cold storage maintains information offline. This establishes a physical barrier against someone trying to hack your information from a remote location. Xecrets take the concept of cold storage to the next level, protecting your assets against physical theft, loss, and disasters such as fires and floods.

You can store any string of text up to 5,000 characters in a set of Xecrets. This allows for the protection of passwords, private keys, and recovery phrases.

Yes, the Xecret.io app operates on the client-side (that is, user devices) offline, not on our servers. We do not store the confidential information of any client on our servers.

We randomize your private information down to each bit and store less than the threshold on each Xecret. Attackers can't learn anything from a single Xecret regardless of their computational resources. It is the physical. Please refer to our white paper for more details on how our technology works.

Increasing the threshold in a set improves security because it increases the difficulty of taking possession of the number of Xecrets necessary to recover the secret information.

The Xecret.io threshold system provides redundancy against loss, theft, damage, and destruction. If one Xecret is not accessible or readable, you can still decrypt your private information with the remaining Xecrets in the set.

If the threshold number of Xecrets were lost, the secret information would not be recoverable. For example, consider a set of three Xecrets with a threshold of two. If two of the three Xecrets were lost, then the confidential information would not be recoverable.

  • Risk: An attacker may guess the contents of a single Xecret based on its length.
  • Mitigation: Each Xecret has a maximum length based on the scannable codes involved. Rather than allowing Xecrets of different lengths, the Xecret.io system always pads to the full maximum length. Thus, the length of an individual Xecret will reveal nothing about the confidential information stored in it.
  • Risk: A person may fail to store the secret slice securely or may lose it.
  • Mitigation: The app could offer downloadable, standardized information sheets that users can share with their Xecret Keeper when negotiating the agreement to store the confidential information. The information sheet could include acceptable approaches for both preserving and hiding the secret.
  • Risk: A threshold number of Xecret Keepers may collaborate and betray the user who created their Xecrets.
  • Mitigation: When sharing with people, users should choose people who don’t know each other.
  • Risk: Someone might create a public registry of the names of Xecret.io users, which might encourage unscrupulous Xecret Keepers to register the name of the user who entrusted them with their Xecrets, look for other Xecret Keepers in service to the same user, and collaborate to retrieve the confidential information.
  • Mitigation: Ultimately, this system rests on the trustworthiness of the Xecret Keepers, be they individuals or corporate entities. Each Xecret.io user should choose their Xecret Keepers carefully. The extremely risk-averse, who must protect a critical item of confidential information, can use safe deposit boxes at different banks, taking humans almost entirely out of the equation.
  • Risk: Photos taken on practically any device that connects to the Internet can propagate those photos automatically to iCloud Photos, Google Photos, or other cloud storage options. If a full set of Xecrets existed on one phone, the dispersal element of Xecret.io would collapse and allow a cloud administrator, or perhaps a hacker, to retrieve the confidential information.
  • Mitigation: Literature included in Xecret.io instructs users to avoid adding photos of Xecrets to their camera roll or to immediately delete any such photos in their camera roll.
  • Risk: Scanning a Xecret may trigger the analytics incorporated into Apple or Google phones to silently send that data to a data warehouse in the cloud, violating secrecy expectations.
  • Mitigation: We are not sure whether this ever happens. But if it does, Xecret.io will offer a proprietary format for the physical Xecret, a format that consumer devices won’t automatically read.
  • Risk: Web apps are less secure and trustworthy than those distributed through app stores. For example, even though the web app would be set up to do as much as possible client-side, and avoid sending secrets to the server, there are still risks.
  • Mitigation: Xecret.io instructs users to cut off internet access while processing Xecrets for either dispersal or retrieval. It further enhances the security of users’ confidential information by instructing them to close all browsers and clear all browser history before re-enabling internet access. In many cases, this would protect a user from the consequences of a hacked and compromised application.
arrow-up icon