Mnemonic Best Pratices

Recommendations

Use LEVEL2 as Default Security

Use LEVEL2 (ML-DSA-44) as the default security level. It provides sufficient quantum resistance with smaller key sizes. Only use LEVEL3 or LEVEL5 if your threat model specifically requires it.

Use Maximum Strength for Production

Use MnemonicStrength.MAXIMUM (24 words) for production wallets. Shorter phrases are acceptable for testing but provide less entropy.

Store Phrases Securely

Store mnemonic phrases securely. The phrase is the single point of recovery for all derived wallets. Never store it in plaintext on disk or transmit it over insecure channels.

Use Passphrases for Plausible Deniability

Use passphrases for plausible deniability. The same mnemonic with different passphrases produces entirely different key trees, providing a hidden wallet mechanism.

Dispose of Mnemonic Instances

Dispose of mnemonic instances when no longer needed using [Symbol.dispose] or zeroize() to minimize seed material exposure in memory.

Use BIP84 for New Wallets

Use derive() with BIPStandard.BIP84 as the default for new wallets. Use deriveOPWallet() only when compatibility with the OPWallet browser extension is needed.

Validate Before Construction

Validate phrases before construction with Mnemonic.validate() to provide early user feedback rather than catching constructor errors.