The **Secret Recovery Phrase** (formerly Seed Phrase) is a master key—a unique sequence of 12 or 24 words—that mathematically derives every single private key associated with your wallet. It grants complete, ultimate control over all your funds across all supported networks (Ethereum, Polygon, BNB, etc.). **MetaMask** is a non-custodial wallet, meaning you, and only you, possess this key. If you lose it, your funds are lost forever. If someone else gains access to it, they gain immediate control over your assets. You should **never** store it digitally (on a computer, cloud, or in a photo) and never share it with anyone, under any circumstances, including MetaMask support. Treat it as the equivalent of a physical safe key and store it offline, ideally engraved or written on metal.
Phishing often occurs when scammers create fake websites or impersonate support staff on social media, claiming there is an issue with your **MetaMask login** or funds. **Crucially, MetaMask will never contact you first.** You should never click on links from unverified sources, and always manually type the URL of official decentralized applications (DApps). Never enter your Secret Recovery Phrase into any website, software, or application other than when restoring your wallet through the official MetaMask extension or app. If you encounter a problem, always navigate to the official MetaMask support channels yourself. Install a reliable browser security extension that flags known malicious websites, and ensure your device's operating system and browser are always up to date.
Yes, you can and should use a hardware wallet with MetaMask for maximum security. Hardware wallets function as an extra layer of protection by physically isolating your private keys. When integrated, MetaMask manages the transactions, but the final, sensitive signing of the transaction **must** occur physically on the hardware device itself. This means that even if your computer or browser is compromised, no attacker can approve a transaction without physical access to your device and knowledge of its PIN. This setup provides the best defense against malware and online theft for your assets.
The local password is only used to decrypt the private keys stored in your browser or phone, providing quick access after your initial **MetaMask login**. If you forget this password, the only official way to regain access is to uninstall and then reinstall the MetaMask extension/app. During the reinstall process, you must choose the "Import Wallet" option and enter your **Secret Recovery Phrase**. This will restore access, allowing you to set a new local password. If you have also lost your Secret Recovery Phrase, your funds are permanently inaccessible. This is the nature of self-custody: you are your own bank and recovery system.
To add a non-default network in MetaMask, first complete your **MetaMask login** and click the network selector dropdown at the top of the interface. Select "Add network." You will then choose "Custom Networks." Here you must manually input the **Network Name**, **New RPC URL**, **Chain ID**, and **Currency Symbol** (e.g., MATIC for Polygon) for the specific network you wish to add. You can find these correct parameters on official documentation sites like Chainlist or the network's main website. Always verify the RPC URL before saving, as using an incorrect or malicious RPC can lead to connection issues or security risks.
Gas is the fee required to execute transactions or smart contract operations on the Ethereum network and many compatible chains (like Polygon or Arbitrum). It pays network validators for the computational effort and storage required to process your request. MetaMask uses the EIP-1559 standard on Ethereum to estimate this fee. This fee has two parts: the **Base Fee** (burned by the network) and the **Priority Fee** (or "tip" paid to the validator for faster inclusion). Before confirming any action after your **MetaMask login**, the wallet provides recommended fee settings (Low, Medium, High). You must always have enough native currency (e.g., ETH, MATIC) in your wallet to cover the Gas fee, or the transaction will fail.
A transaction gets stuck when the initially paid gas fee is too low for validators to pick it up quickly. After your successful **MetaMask login**, click on the "Pending" transaction in the activity tab. You will usually see two options: **Speed Up** and **Cancel**. To *Speed Up*, you resubmit the transaction with a higher Priority Fee, making it more attractive to validators. To *Cancel* (also known as replacing), you submit a new transaction with a zero-value transfer to your own address, but with a significantly higher gas fee than the original. Both actions require spending more gas, and only one will eventually succeed, clearing the stuck transaction from the network queue.
All accounts created within the standard MetaMask setup are derived sequentially from your single Secret Recovery Phrase using a standardized process (BIP39/BIP44). This means that if you restore your wallet using the 12-word phrase, all subsequent accounts you previously created (Account 2, Account 3, etc.) can be automatically or manually re-added within the restored wallet. **Crucially, they all share the same Secret Recovery Phrase.** If you need an entirely separate wallet for security reasons, you must create a new wallet instance with a completely different Secret Recovery Phrase, which should then be backed up separately.
The biggest risk is approving a **token allowance** or **set approval for all** to a malicious smart contract. This approval grants the contract the right to move your specified tokens (or all tokens) without requiring further permission. Always check the contract details and ensure the amount of the allowance is set to the minimum required, not an "unlimited" amount. Additionally, be wary of "blind signing," where the data field is incomprehensible—always confirm that the action displayed on your **MetaMask login** pop-up matches the action you intended (e.g., confirming a transfer, not a sale). Never approve a transaction if the source DApp URL looks suspicious.
When you connect your wallet after a **MetaMask login**, you are granting the DApp limited access to two key pieces of information. First, the DApp learns your public wallet address (Account 1, 2, etc.) for the currently selected network. Second, it gains the ability to *request* that you sign or approve transactions, but it **cannot** initiate or execute any transaction without your explicit confirmation. Importantly, connecting *never* gives the DApp access to your private keys, password, or the ability to move your funds. If a DApp asks for your Secret Recovery Phrase during a connection, it is a 100% confirmed scam.
MetaMask does not automatically track every custom token on every network. After confirming the transaction succeeded on a block explorer, you likely need to add the token manually. In the MetaMask interface (post-login), click "Import tokens" at the bottom of the asset list. You will need the token's **Contract Address** (found on Etherscan, Polygonscan, etc.) and the **Token Symbol** and **Decimal** fields will usually populate automatically. Once imported, the token balance will appear. Ensure you are on the correct network where the token was sent before attempting to import it.
Always use a strong, unique password for the local wallet unlock. Set the wallet's **auto-lock timer** to a short duration (e.g., 5 minutes) so that your wallet locks when idle, preventing unauthorized access if you step away from your device. Dedicate a specific browser (or even a specific computer) exclusively for crypto transactions, avoiding general browsing. Never install unverified browser extensions, as they can read data from your MetaMask extension. Finally, consider using a separate "hot wallet" for small, frequent transactions and a hardware-backed "cold wallet" for storing the vast majority of your valuable assets.
MetaMask officially supports Chrome, Firefox, Brave, and Edge. If you experience issues, first ensure your browser is fully updated. Next, clear your browser's cache and cookies. If the problem persists, ensure you only have *one* crypto wallet extension active, as multiple can conflict with each other. A common fix is to completely **restart your browser**, which often resolves issues related to the extension failing to "inject" or communicate with DApps. If all else fails, attempt the same connection process using a different browser to rule out a software-specific issue.
An "RPC Invalid Response" error means your **MetaMask login** is fine, but the wallet is failing to communicate properly with the chosen blockchain network node (the Remote Procedure Call). This frequently happens if the network node is overloaded, temporarily down, or if the RPC URL you entered when setting up the custom network is incorrect or outdated. To fix this, you should try switching to a different, reliable RPC URL for that specific network, or simply wait and retry the transaction later. For default networks like Ethereum, this error is rare and usually indicates a temporary network overload rather than an issue with your wallet itself.
The core security model is the same: self-custody relying on your Secret Recovery Phrase. The main difference lies in the environment. The mobile app offers the convenience of biometric unlock (Face ID/fingerprint), which is generally secure against shoulder surfing. The browser extension, however, is more susceptible to malware on a compromised desktop system. When using the mobile app, you use the internal browser to interact with DApps, which avoids conflicts with other browser extensions. Both methods require the same high level of security awareness and protection of your seed phrase.
Yes, if the other wallet uses the same cryptographic standard (BIP39), you can import it into MetaMask using its Secret Recovery Phrase (Seed Phrase) or by importing a single Private Key. If you import the full Seed Phrase, all accounts derived from it will be accessible in MetaMask after your **MetaMask login**. If you only import a Private Key, only that single address will be added. Note that once you import a wallet's key material into another software, you must assume both pieces of software have full access and their security is now linked.
The **Gas Limit** represents the maximum amount of computational units (gas) you are willing to spend on a transaction. MetaMask automatically sets this value based on the complexity of the operation. You should **almost never** manually lower the Gas Limit, as this will cause the transaction to run out of gas and fail (though the fee still gets deducted). You may occasionally need to increase the limit if a smart contract operation is very complex, but for standard transfers or simple DApp interactions, stick to the default value provided after your **MetaMask login** initiates the transaction.
No. The account name (e.g., "Main Account" or "NFT Wallet") is a purely local label that only you see after your **MetaMask login**. It is for organizational purposes and has no effect on the underlying blockchain data. Your wallet address—the 42-character string starting with `0x`—is mathematically fixed to your private key and can never be changed. Renaming the account simply helps you manage which address you are currently using when interacting with DApps or sending funds. Always rely on the `0x` address for receiving funds.
Revoking token approvals is an essential security practice to protect against compromised contracts. Since MetaMask itself does not host a dedicated revocation tool, you must use a third-party service like **Etherscan's Token Approvals** or a dedicated revocation DApp (e.g., Revoke.cash). After connecting your wallet (post-**MetaMask login**) to one of these verified services, it will display a list of all contracts you have granted spending permission to. You can then revoke the permission, which requires submitting a new transaction and paying a small gas fee to update the smart contract's state on the blockchain.
First, ensure your hardware device is unlocked and the **Ethereum app** is opened on the device's screen. For Ledger, you must also go into the Ethereum app settings and ensure **Blind Signing** (or **Contract Data**) is enabled, as this is necessary for signing smart contract interactions. Second, close any native software (like Ledger Live or Trezor Suite) that might be running in the background, as they can conflict with MetaMask's connection via the browser. If the issue persists, try a different USB cable and ensure your browser is fully updated before attempting to connect the hardware wallet again.
'Non-custodial' means that MetaMask does not hold, store, or have access to your private keys or funds. The assets are solely controlled by the person who possesses the **Secret Recovery Phrase**. Unlike an exchange (which is custodial), if you lose your private keys or seed phrase, MetaMask cannot help you recover them. This gives you absolute sovereignty over your assets—the core tenet of Web3—but it also means you bear 100% of the responsibility for maintaining the security and confidentiality of your credentials.
**Signing a Message** is a cryptographic proof of identity. It costs no gas and writes no data to the blockchain; it merely proves that you own the wallet address. This is typically used for DApp login or voting. **Approving a Transaction** is far more consequential. It always requires a gas fee and changes the state of the blockchain (e.g., sending tokens, minting an NFT). After a **MetaMask login**, be extremely cautious of what you are signing; always verify that the message content is what you expect, as a malicious message sign could allow a DApp to steal your tokens.
While MetaMask restores your accounts from your Secret Recovery Phrase, custom settings (like manually added RPC networks or custom token lists) are stored locally. There is no single "settings backup" file. The best practice is to manually record the necessary parameters (Network Name, RPC URL, Chain ID, etc.) and save them offline alongside your Secret Recovery Phrase. When you perform a fresh **MetaMask login** restoration on a new device, you will need to re-add these custom networks and tokens manually to see your balances on those specific chains.
A browser or computer crash has absolutely no impact on your funds, as your crypto assets are stored securely on the decentralized blockchain, not locally in the extension. The only thing stored locally is the encrypted key material. After restarting, you will likely need to perform your **MetaMask login** (unlock with password) again. If a transaction was initiated but not broadcast before the crash, it will typically be lost and you will need to re-initiate it. If it was broadcast, check the block explorer to verify its status.