“I have lost the password to my account.” If you sent this message to your bank, you are almost assured that -- once you verify your identity -- your bank will find a way to help you recover your password or create a new one.
However, if the same message was directed at the software cryptocurrency wallet MetaMask, the answer would be disheartening: “Sorry to hear about that. MetaMask is a fully user-managed wallet; it is not possible for us to help you regain access to the wallet.”
Is losing your MetaMask password akin to an irreversible loss of your cryptocurrency savings held in the wallet? If you have also lost your recovery phrase, the answer is likely to be "Yes". However, there is always hope that you can recover your password on your own or by asking for help.
If you lost your MetaMask password, don't give up yet. This article will help you find clever ways of recovering your password and, hopefully, a healthy stash of wealth in your wallet. Just make sure you read this article all the way to the end.
We start by defining the MetaMask wallet, presenting a bit of its history, the processes of registering a wallet on the service, and the importance of the MetaMask recovery phrase and password.
MetaMask is a software cryptocurrency wallet that permits users to manage their tokens on the Ethereum blockchain.
Describing MetaMask in an article published by Mashable.com, Stan Schroeder calls it “one of the most popular web wallets for cryptocurrency platform Ethereum.”
In a January 2022 vote of confidence, Ollie Leech, the editor and technical analyst at CoinDesk.com, penned a flattering article about MetaMask. He writes, “While there are a number of different wallet services available, MetaMask is by far the most popular with over 21 million monthly active users – up by 38x since 2020.”
He continues, “One of the key reasons MetaMask is so popular among new and existing crypto users is its interoperability with virtually all Ethereum-based platforms.” The wallet permits users to connect with over 3,700 different applications and services.
MetaMask gets excellent reviews from other quarters as well. For example, Werner Vermaak of CoinMarketcap.com says, “According to an independent audit by Least Authority, a security company, the Ethereum online wallet provides top-of-the-line features and functionalities in terms of security and design.”
Explaining why the service was so popular, Vermaak refers to the wallet’s “outstanding encryption technology, which securely stores passwords and private keys in each user’s device.”
However, this same security advantage can become a disadvantage if you lose your passwords and recovery phrases.
MetaMask was started in 2016 by ConsenSys, a blockchain technology firm established in New York by Joseph Lubin.
Before 2019, MetaMask could only be accessed from desktop browser plugins on Chrome and Firefox. One of the biggest frustrations about the service at this time was that it did not have an official mobile app.
The lack of an official mobile app resulted in unscrupulous individuals introducing malicious software masquerading as the mobile version of MetaMask, causing headaches for Google and users.
The challenges faced by Google in dealing with the malicious software related to MetaMask are embodied in headlines like, “Google Play caught hosting an app that steals users’ cryptocurrency.”
Dan Goodin of Arstechnica.com, the Conde Nast-owned technology site, reports, “The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers.”
This resulted in individuals depositing funds into scammers’ wallets every time they tried to execute transactions with trusted wallets.
Goodin concludes that the presence of the malware was “evidence that Google can’t be trusted to proactively keep malware out of Play.” He suggests that this leaves the onus on end-users, who should do their due diligence before installing any app.
Google rapidly removed the app.
David Canellis writes for Thenextweb.com, a site that calls itself the “heart of tech.” In 2019, he wrote an article titled, “MetaMask reveals your Ethereum address to sites you visit, here’s how to hide it.”
Explaining the problem, Canellis cites a user who claimed that the addresses of users could be relayed to advertisements and trackers like Google+ like buttons, Facebook like buttons, Twitter retweeters, etc.
Canellis reports that when users complained, representatives from MetaMask acknowledged the problem.
He quotes lead developer Dan Finlay who said, “You’re right, we haven’t enabled this by default yet, because it would break previous dapp behavior, and we realized if we add the manual ability for users to ‘log in’ to legacy applications, we can add this privacy feature without breaking older sites.”
If you lost your MetaMask password, perhaps a reminder of the steps you took when registering for the wallet may help you remember your password.
The YouTube channel MoneyZG produced a detailed tutorial explaining how you could set up your MetaMask Wallet.
The tutorial explains that the process starts with a visit to MetaMask.io and selecting a suitable option between the Chrome browser, Android, and iOS for installing the app.
To install the wallet, for desktop, you select Chrome and for mobile devices either Android or iOS. The app can also be accessed directly from the Apple App Store, Google Play Store, or Chrome Store.
After selecting whether you will install MetaMask from iOS, Android, or Chrome, you then hit the “Install MetaMask for …” button. Clicking this button takes you to the respective store from which you can then install the software.
Once you have downloaded MetaMask, you get a welcome message.
Clicking the Get Started button and the service asks you whether you have an existing wallet or you need to set up a new one. This stage allows those with existing wallets to import them to new devices and those who want new ones to create them from scratch.
After indicating that you want to create a new wallet, it’s time to create a password. As can be seen from the screenshot below, the password needs to be a minimum of eight characters.
After you create your password, you'll be shown your Recovery Seed.
Your Recovery Seed is incredibly important. It is the backup for your wallet -- as long as you record this seed correctly, store it safely, and don't let anyone else see it, you can recreate your wallet (with all its funds) even if you lose your computer.
Some tips offered to users at this point include:
The screenshot below shows what things look like when everything is set up.
With the setup done, your next task is to manage your settings from the icon beside the Ethereum Mainnet button in the top right corner in the screenshot above.
In the settings, you decide on your preferred currency conversion. Here, you can also select the primary currency between ETH and Fiat.
Under the advanced settings, you can reset your account to remove any information about previous transactions.
We’ve touched a bit on the MetaMask recovery seed or recovery phrase above, but let’s get deeper into it since it’s vital information for anyone attempting to recover a lost MetaMask password.
Understanding your MetaMask recovery phrase, secret phrase, or seed phrase is critical if you want to protect your funds. Many people lose their recovery phrases because they don't understand how important it is.
Your recovery phrase represents a random number (a "seed") that is actually used to generate your private key.
This seed can reliably recreate your private key and your addresses.
Anyone that has access to your recovery seed can irretrievably move all of your funds out of your account.
When you set up your MetaMask wallet, the instructions are clear: “MetaMask provides you with a unique 12-word Secret Recovery Phrase on the very first launch.”
The service adds, “DO NOT share this phrase with anyone! These words can be used to steal all your accounts. You can’t edit or change your Secret Recovery Phrase.”
Aware of the importance of your recovery phrase, many phishing attempts try to lure you into divulging this information so that they can gain access to your assets.
Because the MetaMask wallet is a decentralized non-custodial wallet, your recovery passphrase and the password to your wallet should only be known by you.
How to Recover Your Recovery Phrase
If all that’s lost is the recovery phrase but you still know your password and you have access to the computer that has Metamask installed, you should be okay.
If you installed the MetaMask extension but can no longer unlock your account using your password, below are the instructions provided by MetaMask you can follow to recover your recovery phrase.
The instructions provided on MetaMask.Zendesk.com are intended to help users who didn’t back up their “12 Word English Secret Recovery Phrase on paper, along with any manually imported private key or JSON file.”
When the instructions were published, MetaMask informed users, “This article provides instructions for Secret Recovery Phrase recovery on the desktop (MetaMask Browser Extension) and MetaMask Mobile on iOS.”
MetaMask told Android users, “We are currently working on a solution for Android; as soon as it is available, we will post it here.”
Access can be gained by extracting the Vault Data. To find your Vault Data, you can use the MetaMask Vault Decryptor.
The fact that you have read this far is testimony that you don’t have both your recovery phrase and your password. Now, you need to begin the work of recovering your recovery phrase and password by other means.
Below, we present some tested techniques you can follow to recover your password and how you can seek help if none of these methods seem to work.
If you haven’t done this already, you can try to find your vault data. You could find this either locally or as a backup of your computer. To do this, you can follow the instructions provided by MetaMask above.
Searching your browser for stored passwords could assist you in remembering some of the trends you use when you create passwords. This may involve looking at all your passwords stored in different browsers.
Who knows, you may have – against common counsel – repeated a password you have used elsewhere.
Always remember that you may have changed your browser over the years. Therefore, you may want to check all the browsers you have ever used.
Search your Papers At Home
The advice from MetaMask after you create your passphrase is that you should copy it onto a piece of paper and store it somewhere safe. There is a possibility that you may have done this, and the passphrase is somewhere safe around your home.
Finding your password among the paperwork accumulated in your home over the years may be daunting. Thus, you need to create a plan indicating how you will approach the search.
This could mean prioritizing rooms such as the home office, bedroom, garage, and so on. The idea is to create some order so that you don’t search one area many times or skip places that may have vital information.
We have written another article with insights on how you can use psychology to try and guess your password. This method involves taking time to analyze your thinking when creating passwords to help you narrow things down and start working with a manageable number of options.
Take some time to find patterns in the other passwords you already use. Ask questions. Do you tend to include details related to the names of your children, siblings, or friends when you create passwords? Do you sometimes use aspects of your home or work address or date of birth?
Answering these questions could help you get the clues that may help you remember your password.
At CryptoAssetRecovery.com, we are always ready to help you recover your wallet. We will save you the pain and time involved in attempting to guess your MetaMask password.
If you have lost your password and your recovery seed, but you still have the computer with Metamask installed, we may be able to help you "crack" your password and recover access to your wallet.