Contents
- Step 1. What is MetaMask?
- Step 2. How can you download MetaMask?
- How can you prevent phishing attacks when you download MetaMask?
- How do you go from the MetaMask download page to your browser's extension store?
- Which browser extension or Add-On stores can you use to install MetaMask?
- Why does MetaMask need access to your browser's data?
- Step 3. How can you create and setup a MetaMask wallet?
- Step 4. How can you verify your recovery phrase?
- Step 5. How can you securely back up your seed phrase?
- Step 6. How can you Initialize or import your seed phrase?
- Where can you read more about MetaMask?
Crypto Wallet Guides
If you are following this guide from the beginning, and you created your wallet using the default approach, using the app to `Create a Wallet`, then congratulations! You are ready to start using your wallet.
However, be careful about storing large amounts of funds secured only by a wallet-generated recovery phrase.
MetaMask browser extension
Browser extension, Version 1.0.10
August 31 2024
Welcome to this guide on securely setting up a MetaMask wallet. This guide focuses on the security choices you can make when setting up your MetaMask wallet; if you are looking for the official setup guide, please click here.
MetaMask is your entry point to the world of Ethereum - a blockchain platform designed for running apps and smart contracts.
This guide is focused on the MetaMask browser extension. Read our iOS and Android guides.
Step 1. What is MetaMask?
MetaMask consists of two main parts: a wallet and a web browser. The wallet supports any token compatible with Ethereum, and the web browser is preconfigured for interacting with dapps and smart-contracts.
MetaMask was first released in 2016, as a browser-extension, by ConsenSys - the first company focused on building decentralized tools and infrastructure. Both MetaMask and ConsenSys have played monumental roles in bringing Ethereum to the mainstream.
It is hard to overstate the effect MetaMask has had on the Ethereum ecosystem. By making dapps and smart-contracts simple and intuitive to use, activity on the Ethereum blockchain has enjoyed consistent growth.
Metamask is an open-source wallet, active development happens on github. The wallet has tons of features, and is constantly being updated and improved.
MetaMask is available as a browser-extension for Chrome, Firefox, Brave, and Edge. In September of 2020, MetaMask released a mobile app for iOS and Android.
Step 2. How can you download MetaMask?
MetaMask is installed as a browser-extension. The process of installing MetaMask involves going to the extension/add-on store for your browser and downloading MetaMask.
- The first step is crucial. Navigate to the official MetaMask website. The only valid URL for metamask is https://metamask.io
- Verify the closed lock to the left of the URL. This signifies you are connected through SSL - an encrypted connection. SSL encrypts data in transit and prevents attacks like phishing, and man-in-the-middle attacks.
- If you do not see the closed lock, exit the page immediately.
How can you prevent phishing attacks when you download MetaMask?
- MetaMask is a target for phishing attacks. Phishing is a way of stealing your credentials, by tricking you into downloading a malicious version of the app you want to download. A common tactic for phishers is to purchase domain names of common misspellings - hoping you make a mistake typing the URL.
- Advanced phishers will install an SSL certificate on their phishing site. For extra verification, click on the closed lock, then click on `Certificate` to bring up the certificate details. Verify that the certificate was issued to https://metamask.io - the only valid URL for MetaMask.
How do you go from the MetaMask download page to your browser's extension store?
After you have verified you are on the correct URL - https://metamask.io - click on `Download` in the upper right corner, or `Download Now` in the main section.
- The MetaMask download page contains the official links to download MetaMask from your web browser's extension store. By following or verifying the links from the official MetaMask site, we can prevent phishing.
- On the MetaMask download page, click on your Web Browser's icon to go to the browsers extension store
Which browser extension or Add-On stores can you use to install MetaMask?
- Chrome Web Store - https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn?hl=en
- Firefox Browser Add-Ons - https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/
- Microsoft Edge Add-Ons - https://microsoftedge.microsoft.com/addons/detail/metamask/ejbalbakoplchlghecdalmeeeajnimhm?hl=en-US
- Brave Browser (Brave Browser is a Chromium-based browser, it sources add-ons from the Chrome Web Store.) - https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn?hl=en
Follow the official link from MetaMask to your browser's web store, then click `Add to browser`.
Before installing, you will get a pop-up letting you know MetaMask can access and alter data on any website you visit. Let's go over the details
Why does MetaMask need access to your browser's data?
- Since MetaMask works by connecting your web-browser to an application running on the blockchain, MetaMask needs these permissions to form the connection and establish the flow of data between the blockchain and your web browser.
- To maximize security, consider running MetaMask in a browser profile that only consists of MetaMask. This creates a separation between regular browsing activities and MetaMask activities.
- Click on `Add Extension` and MetaMask will finish installing and open a new tab with a welcome screen. Congrats! You just installed MetaMask browser-extension
Good job on safely installing MetaMask. By verifying the authenticity of the MetaMask download, like this guide shows, a whole range of attacks can be prevented. When doing anything in the world of crypto, having a security mindset is so important. Having a security mindset is the best way to prevent loss of funds or a breach of personal information.
Trust, but verify - This means even if a source is trusted, such as an official website or a trusted community member, you should always take the additional steps to verify the information - no matter what.
You are now ready to move on to the next section. Click on `Get Started` on the welcome screen.
Step 3. How can you create and setup a MetaMask wallet?
MetaMask is a very easy wallet to get started with. No email address or personal identification is required. The process consists of two main steps - creating a password and backing up your seed phrase. You will be ready to explore the world of Ethereum in just a few minutes.
MetaMask supports any token built on the Ethereum blockchain. You might come across terms such as ERC-20 and ERC-721; these are just types of tokens.
ERC-20 tokens are fungible; meaning they are like money - each token represents the same value.
ERC-721 are NFT's, non-fungible tokens - where each token represents a unique digital asset - like a collectible.
On the Ethereum Blockchain, there are a couple hundred thousandtokens in existence. MetaMask includes most of the popular tokens by default.
To add a token, simply tap `Add Token` and search for the token. If your token is not listed, select `Add Custom Token` and input the contract address - MetaMask will then pull the info automatically.
Safely backing up your MetaMask wallet is essential. This guide covers in detail how to securely back up your seed phrase in Section 5. Securely back up your seed phrase.
MetaMask uses BIP39 to generate a seed phrase for your wallet. Your seed phrase will cover every token, address, and transaction generated by your wallet. Think of it as your backup master key. Backing up your seed phrase ensures you will always have access to your funds.
When creating a new MetaMask Wallet, the default method is to create your wallet within the app. The more advanced method is to generate your own seed phrase. We created detailed guides on generating your own seed phrase. By following the right directions, you can generate a seed phrase that is more secure than the default method used by wallets.
If you already have a recovery phrase, proceed to Section 6. Initialize or import seed phrase.
Create a New Wallet in MetaMask
In this section, you are going to create a new wallet in the MetaMask browser extension using the wallet's default method. Let's get started.
To create a new wallet with a new recovery phrase in MetaMask:
- Open the MetaMask extension and tap on `Get Started`. This will bring you to the `Wallet Setup` screen
- On the `Wallet Setup` screen you will be presented with 3 options:
- `Import using seed phrase`
- `Create a new wallet` ← This is the one you want to select
Help us improve MetaMask? Before setting up your wallet, MetaMask wants to know if you want to help contribute to MetaMask development by contributing anonymous data. This is a personal decision for you to make based on your own value system. The data MetaMask wants to collect is anonymous clicks and pageviews.
- The first step is to create your password
- Create a secure password! MetaMask does not have 2FA, so creating a secure password is very important
- Make your password unique, do not reuse an old password
- Consider using a passphrase instead, a sequence of 4 or more random words
- Consider using a password generator and manager, like Bitwarden
- Setup a time frame to rotate to a new password
- Learn how to make secure passwords
- Prepare your Seed Phrase for Backup - Backing up your seed phrase is the most important step in creating a wallet. In this step, you will find your seed phrase and prepare it to be backed up. Section 5. Securely back up seed phrase of this guide focuses on how to safely backup your seed phrase.
- MetaMask will first show you your secret backup phrase, called your `Seed Phrase`, grayed out. Click in the box to reveal your seed phrase.
- There are a few options for backing up your seed phrase mentioned here, only one suggested option is secure enough - backing the seed phrase up on an encrypted medium.
- Remind me later ← Never Select this option.
- MetaMask encrypts data on the client-side, this means your seed phrase is the only method of recovering funds.
- Temporarily write your seed phrase on paper ← Only acceptable with additional safety measures
- Please read Section 5. Securely back up seed phrase, multiple additional steps need to be taken to ensure the safety of funds.
- Store seed phrase in password manager ← Never select this option.
- Your seed phrase should be nowhere near the internet.
- Store seed phrase on encrypted medium← The only good option listed
- There are a few different ways you can safely back up your seed phrase. We have done the research and compiled all the ways to do so in Section B of this guide
- To move on to the next step, you will have to write down your 12-word seed phrase. Click in the gray box to reveal your 12-word seed phrase.
Step 4. How can you verify your recovery phrase?
At this point, you will have a fully functioning cryptocurrency wallet that is able to store, send, and receive cryptocurrency. Before you put funds in your wallet, you need to verify and create a backup of your recovery phrase. Your recovery phrase is the only way to restore access to your funds if you lose access to your wallet - backing up your recovery phrase is a very important step. Before moving on to Section B, you need to find out what your recovery phrase is, so you can back it up.
WARNING: When you follow the steps to find your recovery phrase, you will be writing the recovery phrase on a piece of paper. It is very important that you back up the recovery phrase on a more reliable medium, and then destroy that piece of paper. Paper is vulnerable to accidental loss, theft, and damage. It is not the safest method of backing up your recovery phrase.
- Now you need to confirm you accurately prepared your Seed Phrase for backup. MetaMask will display your 12 words in a random order. Starting with the first word, click on each word in the correct order.
- MetaMask encrypts data on the client-side. This means all data is encrypted locally in your web-browser before being transmitted over the internet. If you lose access to your account, MetaMask cannot help you recover your account
- Pay attention to the piece of paper you have written your seed phrase on. Do not leave this paper anywhere where someone else can find it. It is advisable to destroy the paper after you have backed up your seed phrase.
- Congratulations! Your wallet has been created and is ready to be used. You have also prepared your seed phrase for backup. Read over the advice given on the Congratulations screen and click `All Done` when you are ready.
- Get ready to explore the world of Ethereum. Your MetaMask wallet can store, send, and receive any token on the Ethereum blockchain. MetaMask is more than just a wallet - it's your portal to interact with apps and smart-contracts built on Ethereum.
- Before you put funds in your wallet, you need to create a safe backup of your seed phrase. Your seed phrase is the only way to restore access to your funds if you lose access to your wallet.
You are now ready to proceed to Section 5. Securely back up your seed phrase and securely back up your funds.
Recommended Action: After you securely back up your recovery phrase, it is important to destroy the paper you temporarily wrote your recovery phase on.
Step 5. How can you securely back up your seed phrase?
If you used Vault12 to generate your recovery phrase, your recovery phrase is already securely backed up in your digital vault.
Your recovery phrase is the master key to all of your cryptocurrency funds. BRD Wallet uses BIP39, which is the current industry best practice for generating recovery phrases. The majority of modern wallets today use BIP39. This means your MetaMask seed phrase can be used to access your funds across many different wallets.
Securely backing up your recovery phrase is the most important step in creating a new wallet. To emphasize how important this is, consider how someone with your recovery phrase could access your funds without you knowing.
Imagine a bad actor has your recovery phrase, and you have your BRD Wallet locked down with 2FA, IP address whitelisting, blocked tor access, and all the other security features. The attacker could simply open any wallet application, and import your recovery phrase. The attacker now has access to all of your funds.
We want you to have a secure backup, so this never happens to you.
Nine out of ten wallet providers only mention one way to back up your recovery phrase - by writing the recovery phrase on paper. Wallet providers only mention this paper backup method because it is easy for beginners to do. Paper backups are simply not that secure.
We did extensive research and compiled the best ways to back up your recovery phrase. We cover all the most well-known options, including next-generation options like how to back up your recovery phrase in Vault12.
Once you have safely backed up your seed phrase, you can initialize your wallet using any BIP39 compatible wallet. In the next section, you will learn how you can initialize a MetaMask wallet using your seed phrase.
Step 6. How can you Initialize or import your seed phrase?
If you are following this guide from the beginning, and you created your wallet using the default approach, using the app to `Create a Wallet`, then congratulations! You are ready to start using your wallet.
However, be careful about storing large amounts of funds secured only by a wallet-generated recovery phrase.
If you followed one of our guides for pre-generating a more secure seed phrase, for instance using Vault12, and you want to use that seed phrase with your wallet - this section is for you!
In this section, you will learn how to initialize your wallet using only your recovery phrase. There are 3 main reasons to generate your wallet using this method:
- You lost access to your wallet, and you need to regain access to your wallet and your funds.
- You want to access your wallet and funds using a different wallet app.
- You want the best security, and you generated a recovery phrase using an advanced method.
The Metamask Wallet makes the process super easy and user friendly. Let's get started.
In this section you are going to create a new wallet in the MetaMask browser extension by importing your seed phrase. Let's get started.
To create a new wallet with a new recovery phrase in MetaMask:
- Click on the MetaMask extension and tap on `Get Started`. This will launch the wallet setup process.
- On the `Wallet Setup` screen you will be presented with 2 options:
- `Import Wallet`← This is the one you want to select
- `Create a new wallet`
- Help us improve MetaMask? Before setting up your wallet, MetaMask wants to know if you want to help contribute to MetaMask development by contributing anonymous data. This is a personal decision for you to make based on your own value system. The data MetaMask wants to collect is anonymous clicks and pageviews.
- Enter your seed phrase and create a new password.
- Proceed to type in your 12 word recovery phrase. Any typos, misspellings, or typing the words in the incorrect order will invalidate the process and you will have to start over
- Create a secure password! MetaMask does not have 2FA, so creating a secure password is very important
- Make your password unique, do not reuse an old password
- Consider using a passphrase instead, a sequence of 4 or more random words
- Consider using a password generator and manager, like Bitwarden
- Setup a time frame to rotate to a new password
- Congratulations! Your wallet has been created and is ready to be used. Get ready to explore the world of Ethereum. MetaMask is more than just a wallet - it's your portal to interact with apps and smart-contracts built on Ethereum. Your MetaMask wallet can store, send, and receive any token on the Ethereum blockchain.
- Read over the advice given on the Congratulations screen and click `All Done` when you are ready to start using MetaMask.
Recommended Action: do you have a safe backup of your seed phrase? Your seed phrase is the only way to restore access to your funds if you lose access to your wallet. Review Section 5. Securely Backup Seed Phraseof this guide for compiled information on best practices for secure seed phrase backups.
Where can you read more about MetaMask?
In the world of cryptocurrency, knowledge is your best friend.
Crypto Wallet providers will almost always have their own user documentation, and sometimes they may even have a user community where you can ask questions.
Check out these resources about MetaMask Wallets:
Information about best practices on the topic of security can be scattered all over the internet. We work hard to distill the best practices into one place for you.
Check out these resources about securing digital wallets:
- Benefits of using an encrypted digital vault, like Vault12
- How to back up a seed phrase on paper
- All about RNG's - Random Number Generators and why they are important
Ethereum is home to a rapidly growing ecosystem of dApps, smart contracts, communities, and more.
Check out these resources about Ethereum:
https://www.linkedin.com/in/artk42/
https://startag.xyz/artk42
Art Krotou
Art is a crypto-security expert and researcher with serial entrepreneurship background. Having a degree in physics and experiences in multiple cutting-edge industries like fintech, secure hardware and semiconductors, and identity gave him a unique multi-faceted perspective on the problem of key management for individuals in the crypto networks and the evolution of the internet in general.
In his current work, he is specifically researching how cryptographic keys can be inherited without posing a threat to 3rd parties in edge cases. In addition, he advocates for "fault-tolerance via secrets automation". He discusses the quantitative impact of user experience factors on the uptake of non-custodial solutions.
As one of his most notable accomplishments, he co-founded and led through the early years of the company that contributed to the complex technology behind Apple's recent M-series CPUs. He is also the creator of the most friendly and aesthetically pleasing, but nonetheless super secure and fault-tolerant hardware wallet - U•HODL.
Check out his curated series of "Vault12 Learn" contributions below, and follow him on Twitter and LinkedIn for more sharp insights.
Vault12
Vault12 is the pioneer in crypto inheritance and backup. The company was founded in 2015 to provide a way to enable everyday crypto customers to add a legacy contact to their cry[to wallets. The Vault12 Guard solution is blockchain-independent, runs on any mobile device with biometric security, and is available in Apple and Google app stores.
Add a legacy contact for your crypto.