Pairing Xumm with Tangem cards provides an extra layer of security. Configuring a a back-up Tangem card (or a normal XRP ledger account) provides yet another layer.
When an account is created, a Master Key is generated. As the name implies control of the master key gives complete control of the account. There is a way to create another, secondary key that is controlled by the master key.
The idea is to make it so the the master key is not normally used to sign transactions. The master key can then be kept safe and secure offline until needed.
The secondary key is the one exposed to the most security risk in normal use. If something happens to the secondary key it can be revoked by the master key.
For the technically inclined/curious here's the technical explanation:
You can protect your account by assigning a regular key pair to it and using it instead of the master key pair to sign transactions whenever possible. If your regular key pair is compromised, but your master key pair is not, you can use a
SetRegularKeytransaction to regain control of your account.
Source: XRP Ledger Project Documentation
We're adding a wizard to XUMM soon to offer an easy setup process to configure a second card as a backup card.
In the meantime, here's the manual procedure to set another card (or any other XRPL account, eg. a safely stored paper account) as a backup account using (on ledger) "Regular Key" functionality.
Two cards: back up a card with another card
- Have your primary card (A) and secondary (backup, B) at hand.
Card A. needs to be activated, card B. doesn't have to be: a back up account can sign for the primary account without being activated.
- Add both of them to XUMM
- Copy the account address (r-address) of card B to your clipboard
- Use http://xumm.community / http://xrptoolkit.com and sign in with card A.
- Compose a setRegularKey transaction, and enter the r-address of card B. as the Regular Key.
- Sign with card A.
Card B. is now a backup card for card A. Lost/destroyed card A.? No problem.
One card, one paper account: back up a card with a paper account
The idea of using XUMM Tangem cards is that the private key is generated and protected by the chip inside the card. The private key can't be extracted and can't "leak". When you back up a XUMM Tangem card XRPL account with a paper account, you are potentially compromising this added security, as the written down / stored back up secret key can be compromised, resulting in a compromised back-upped (Tangem card based) account. You may have a false sense of (added) security this way.
You can read more about the dangers of key management in this article:
If you still want to proceed, you can follow (only) step 1 and 2 described in this FAQ.