Self-custody checklist for your first $1,000 — the concrete starter playbook

This is the final article in the Self-Custody Fundamentals series. The previous five articles set up the why and the what: why custodians fail, how to tell a custodial wallet from a non-custodial one, what responsibilities self-custody actually puts on you, and where on the warm-vs-cold spectrum you should aim. This one is the how. A concrete, ordered checklist for the first thousand dollars of crypto you intend to actually hold yourself.

It's calibrated for someone who is new to self-custody and isn't sitting on six figures yet. Not the answer for an institutional treasury, not the answer for someone who's been doing this for years. The answer for the first meaningful amount.

TL;DR

• Goal: by the end of one focused afternoon, you have a SSP 2-of-2 wallet set up, both seeds written down and physically separated, recovery tested, and your first ~$1,000 of crypto moved off the exchange into it.
• Don't postpone any step. Each one exists because skipping it has produced a known way to lose funds.
• Spend 1–2 hours. Block the time. Mid-setup interruptions are how seeds get photographed "just to remember the rest later".
• After the final step, you're operationally self-custodial. The remaining tiers (cold storage, multi-location backup, inheritance plan) come later as the amount grows.

What you need before you start

Gather these first so you don't have to step away mid-setup:

• A laptop with a recent OS and a clean Chrome or Firefox profile (a separate browser profile is fine, just not the one with 80 other extensions).
• A smartphone running a recent OS, with a working biometric/PIN unlock.
• Two physical pieces of paper (one per device's seed), or two metal backup plates if you have them. Acidic pen, not pencil.
• A place to store each piece of paper separately — not the same drawer, not the same room ideally. A small fireproof bag for at least one of them.
• The exchange you're currently using, with your funds and the ability to withdraw.
• 1–2 uninterrupted hours.

If anything in this list is missing, stop and fix it first.

Step 1 — Install SSP on a clean browser profile

Go to the SSP website (type the URL, don't click an ad). Install the SSP browser extension from the linked Chrome Web Store or Firefox Add-ons page. Verify the publisher is the SSP entity, not a lookalike.

If you have a password manager that's the lookalike-detection layer, good — but the bookmark is your primary defence. Bookmark the canonical SSP URL right now. From this point on, you reach SSP only via that bookmark.

The setting up your first SSP wallet post walks the install in detail. Follow it once and stop at the seed-display screen — don't proceed past it until you're ready for step 2.

Step 2 — Write down the SSP browser-extension seed

When SSP displays the master mnemonic for the browser extension, copy it onto paper. Verbatim, word for word, double-check the order. The wallet will then re-prompt for selected words to confirm — don't skip this confirmation. Skipped confirmations are how seeds get transcribed wrong and the user finds out months later.

Three non-negotiables:

• No photos. Phone cameras are how seeds end up in Apple/Google cloud backups. Use the pen.
• No password manager. Even encrypted, this is the seed for the browser-side of a 2-of-2 — you want both keys offline. Once the SSP Key seed is added to the password manager, the multisig collapses to single-key (the password manager).
• No "I'll memorize it." Memory degrades. Write it.

Label the paper minimally — "SSP browser, [today's date]" — and set it aside in the location you've chosen for it.

Step 3 — Install SSP Key on the phone and write down its seed

Install the SSP Key mobile app from the App Store or Play Store. Same rule about verifying the publisher.

Set up SSP Key. It will pair with the browser extension via QR code — follow the in-app prompts. When it displays its own mnemonic (separate from the browser-extension one), repeat step 2: paper, no photos, no password manager, no memorization. This is a different seed; you now have two pieces of paper, not one.

Label this one "SSP Key, [today's date]" and store it in a different physical location from the first. Different room minimum, different building if possible. The whole point of two devices is that a single physical incident — a thief, a fire — should not take out both.

You now have a working 2-of-2 wallet with two separate, offline-stored recovery backups.

Step 4 — Test recovery before you trust it

This is the step almost everyone skips. Don't.

Pick one of the two seeds (start with the browser one). On a different device — a friend's laptop, a clean profile, anything that's not your daily setup — install SSP and restore from that seed. Verify the addresses produced match the addresses on your main install. Then wipe the test install.

Repeat with the SSP Key seed: install SSP Key on a second phone (or your own phone after backing it up and wiping), restore from the seed, confirm. Wipe.

If either test fails — the addresses don't match, the recovery flow errors, the seed words don't ring a bell — go back to step 2 or step 3 and re-do the seed write. Do not skip this because "it'll probably work." It probably will. The point of testing is to find the 1% case where it won't, before you've moved real money in.

Step 5 — Send a $10 test transaction to the new wallet

Don't withdraw the full $1,000 yet. From the exchange, send $10 worth of the asset you're about to hold (BTC, ETH, whatever you're moving). Confirm:

• The address you pasted on the exchange side is identical to the address shown on both the SSP browser extension and the SSP Key mobile app (cross-check, this catches clipboard-replacer malware).
• The transaction confirms on the chain.
• The balance shows up in SSP.

If anything looks off — addresses don't match across devices, the transaction stalls, the asset doesn't appear — stop. Don't send the rest. Figure out what happened. A $10 mistake is a tuition payment; a $1,000 mistake is the rest of this article.

Step 6 — Move the rest

If the $10 test landed correctly, move the rest of the $1,000. You can send it as one transaction or break it up — at this size, network fees usually argue for one. Confirm the same way: addresses match across all three places (exchange, SSP browser, SSP Key), transaction confirms, balance shows up.

When done, log out of the exchange and clear the deposit/withdrawal page from the browser history. There's no operational reason to keep the exchange withdrawal-ready when you're not actively using it.

Step 7 — Write down what you just did

In a notebook (paper, not a doc), record the following:

• Which assets are in the SSP wallet and on which chains.
• Where each seed paper is physically stored (vague enough that the notebook alone isn't a treasure map — "home fireproof bag" and "[name]'s safe", not "top drawer of office desk").
• The first 4 characters of the receiving address for each chain, so you can verify it's still yours in a year without having to fire up the wallet to remember.
• Your recovery test result (date passed).

This notebook is the operational record. It lives somewhere you can find it but a casual visitor won't — and it does not contain the seed phrases themselves.

Step 8 — Set a 90-day review reminder

The first review should happen in 90 days, not when something breaks. Calendar it now. The review is short:

• Confirm both seed papers are still physically where you put them.
• Check for SSP updates (browser extension and mobile app) and apply them.
• Open the wallet, send a $1 test transaction between addresses you control, to confirm both signers still work and you remember the workflow.
• If anything's drifted from the operational record, update the record.

If the 90-day review passes cleanly, set a 6-month one. After that, annual is fine for amounts in the warm-storage range.

What this means for you

Three takeaways for the road:

1. An imperfect setup you finished today beats a perfect one you'll finish "soon." The exchange is the riskiest place your money lives. Get out of it first; refine the model afterward.
2. The seed papers are the wallet. Treat them with the respect that implies — not paranoia, but more care than you'd give a router password. The seed-phrase best practices post covers the metal backup upgrade for when the amount justifies it.
3. This setup scales with you. As your holdings grow, you don't change the fundamentals — you add a cold-storage layer for the long-term portion, refine the inheritance plan, perhaps add a passphrase or a third signer. The 2-of-2 warm wallet remains the operational account.

That's the series. You've now covered why self-custody matters (Not your keys, not your coins), how to tell models apart (Custodial vs non-custodial), where custodians fail (The 7 failure modes), what self-custody costs (What self-custody actually requires), where on the spectrum to live (Without going to cold storage), and the concrete starter playbook above. From here, the rest is operational discipline — and the Multisig Deep Dive series picks up the technical thread on what makes 2-of-2 do what it does.