Your Identity Key
When you create a mwen.io identity, your wallet generates a 24-word phrase. This phrase — called a mnemonic — is the root of your entire identity. Everything in your wallet is derived from it.
This page explains what the phrase is, why it matters, and how to keep it safe.
What the phrase is
Your 24-word phrase is a human-readable encoding of a random secret — 256 bits of cryptographic entropy — generated entirely on your device. It looks like this:
planet anchor tiger vessel frost noble
basket mirror candle supply bridge column
silver orbit feather sketch window chorus
meadow curtain hollow lantern cipher thread
From this one phrase, your wallet deterministically derives a unique key for every app you sign in to. Same phrase, same app → same key, every time. Different app → different key. This means:
- You can restore your entire identity from the phrase alone.
- Apps cannot link your activity to each other, because each sees a different identifier.
- No server stores your phrase, your keys, or your identity.
Why you must write it down
If your device is lost, stolen, or broken — and you have not written down your phrase — your identity cannot be recovered. There is no "forgot my phrase" button. There is no customer support team that can reset it. Nobody holds a backup copy.
Write your phrase on paper (or two). Store it somewhere safe — a fireproof box, a safe, or another secure physical location. Do not take a screenshot. Do not store it in a notes app or email.
The 3-word verification check
When you create your identity, the wallet asks you to re-enter 3 random words from your phrase before proceeding. This is the 3-word verification check.
Its purpose is to confirm you actually wrote the phrase down before you continue — not after. You cannot skip this step.
What happens if you lose the phrase
| Situation | Recovery options |
|---|---|
You have a .mwen backup file + transfer password | Full recovery — identity, connected apps, profile |
| You have only the 24-word phrase | Partial recovery — identity only; connected apps and profile are lost |
| You have neither | No recovery is possible |
This is why both a written phrase and a regular backup export are recommended. See Backup & Restore.
Keeping your phrase safe
Do:
- Write it on paper with a pen, in order.
- Store copies in more than one physical location.
- Keep it away from anyone who could misuse your identity.
Do not:
- Take a photo of it.
- Store it in a cloud notes service (Google Keep, Apple Notes, Notion, etc.).
- Email it to yourself.
- Type it into any website — including mwen.io. No legitimate flow ever asks for your phrase.
- Store it in a password manager (a compromised password manager gives away the phrase and all derived keys).
How keys are derived from your phrase
If you are curious about the technical detail: the phrase is converted to a 64-byte master seed using PBKDF2-SHA512. A BIP32 derivation step produces a 32-byte child key. Then, for each app you sign in to, HKDF-SHA256 is applied using the app's domain as a unique input, producing a P-256 private key and a corresponding did:jwk identifier.
The result is that the same phrase + myapp.com always produces the same key — but myapp.com and otherapp.io produce completely unrelated keys.
You do not need to understand this to use mwen.io safely. The wallet handles all derivation automatically.