When you create an account on a private messaging service, you normally choose a password. So far, so normal. What's not so normal is what happens underneath.
In most services, your password is the key to everything. If you lose it, you lose access. If it's stolen, you lose everything. Your identity, your messages, your files. Everything depends on a single thing you typed on a keyboard one Tuesday afternoon.
The 24 words work differently. They're not a password you choose. They're a key the system generates randomly, with 256 bits of real entropy. To give you an idea: breaking that key by brute force would require more energy than the sun will produce in its entire lifetime. That's not a metaphor. It's a mathematical calculation.
Two keys for two doors
Your password connects you to the service. It's the key to the front door. If you forget it, you can come in through the back door with your 24 words. If your password is stolen, you can change it instantly without anything else changing.
Your 24 words are something else. They're the representation of your master key. The key from which your cryptographic identity is derived, the one that protects your data, the one that identifies you to your contacts. If you lose the 24 words and also the password, your data is unrecoverable. Like in Bitcoin. And that, even though it sounds harsh, is exactly what you want from a secure system.
Because the alternative is that someone can recover your data for you. And if someone can recover your data, they can also access it.
Paper matters
Write down your 24 words on a piece of paper. A real piece of paper, the old-fashioned kind. Keep it somewhere safe. Not on your phone, not in a digital note, not in an email to yourself. A piece of paper in a drawer, in a safe, or wherever you keep the things that matter.
It might seem old-fashioned. But a piece of paper can't be hacked remotely, can't be intercepted over the internet, and doesn't need a battery. Sometimes the oldest technology is the most secure.
For those who want to dig deeper
The 24 words follow the BIP39 standard, used by Bitcoin wallets. They represent 256 bits of entropy generated by the operating system's CSPRNG (crypto.getRandomValues). From those 256 bits, the identity key is derived (Ed25519 for signing + X25519 for key exchange) via HKDF-SHA256 with domain separation. The password wraps this key with Argon2id + AES-256-GCM before sending it to the server. The server stores the encrypted blob but cannot read it.