Contents
- What is passphrase and how does it work?
- A practical example
- Security benefits
- Utility benefits
- Be advised: Diligence goes a long way.
A passphrase as implemented in Trezor is an advanced feature which can be used to protect your accounts. When this feature is enabled, your Trezor device asks you to enter a secret phrase in addition to your numeric PIN every time you connect your device.
When you enter a passphrase, your Trezor combines the already existing randomness of your recovery seed with your own chosen input and computes a new wallet.
Looking at this, you can think of the passphrase feature as a way to extend your recovery seed. Except, unlike the recovery seed which is generated randomly, the passphrase is chosen by you.
Whatever you enter as your passphrase is used as a so-called “salt” in the process of deriving your accounts from your recovery seed. Note that much like the salt you would use to modify your cooked meal, it irreversibly changes the structure of your original seed, and it is utterly useless on its own.
In other words, once you use a passphrase, a completely new wallet is generated and forever tied to (or “built on top”) your original recovery seed.
A passphrase can be any word, phrase, any set of letters, or even a sentence, up to 50 characters long. Passphrases are case-sensitive. Entering an “empty” passphrase will let the user access the original seed-only wallet.
Let’s say you have an initialized Trezor device, your recovery seed is properly backed up, and you have been using your PIN-protected Trezor to secure cryptocurrencies for a while. For whatever reason, you decided to take the safety levels a bit further by using a passphrase to protect your accounts.
Enabling passphrase protection
If passphrase protection is disabled on your device, enable it in settings. To do so, visit suite.trezor.io and connect your device, as usual. Once your Trezor is plugged in and unlocked, click on the gearwheel in the top-right to open the Settings menu. Then, click on the Device tab and scroll down to the Security section. Click the toggle next to Passphrase to enable it, as shown below.
Once enabled, you will be asked to confirm the change on your device. If you are using a Trezor Model T, it will ask you to choose between entering the passphrase using the touchscreen on your Trezor or typing the passphrase using the app. If you are using the original Trezor Model One, you will only be able to type your passphrase in the app.
Moving funds to a hidden wallet
This time, you decide to use your mother’s first name as your passphrase because you figure it would be easy to remember. You carefully type “Martha” in the respective box, hit enter and you are suddenly presented with an empty wallet. No accounts, no funds in sight.
After you catch your breath and remember this is exactly what was supposed to happen, you quickly realize that you will need to somehow move your funds to this new hidden wallet. To do this, you proceed the same way you would normally receive transactions. You find the receiving address and copy it. We wholeheartedly recommend jotting down this address somewhere offline, especially if you are moving your balances across passphrases for the first time.
Now that you have the receiving address from your new account, you need to send crypto to it from somewhere else. To do this, reconnect your device and hit enter without typing anything into the passphrase box. Voilà! You now see your original “seed-only” wallet. Navigate to the “Send” tab and send a transaction to the address you previously copied. Again, start small and triple-check, just in case, if you are doing this for the first time.
Passphrase is case-sensitive and spaces count!
You sent the transaction to your new accounts, and now it is time to check whether everything is ok. You reconnect your device, enter the passphrase and… Nothing! No accounts, no transactions. What happened? This time, you managed to mistype the passphrase and use “martha” instead of “Martha”. Remember, every character matters. The only way to access your hidden passphrase-protected accounts is to enter every character exactly like before.
Using “Passphrase”, “passphrase”, “pass phrase”, or “pass-phrase” will generate four different, unique wallets. Can you spot the differences?
Recovering a passphrase-protected account
Let’s take this a bit further and imagine that after some time, you tragically lost your precious device. How do you recover a passphrase protected wallet?
No worries! You can use a spare Trezor, or one of the many other wallets compatible with our standards, to recover your existing accounts using the recovery seed. Once the seed is loaded on your device, all you need to do is enter the very same passphrase you were using before. You may have to first enable the passphrase manually again if the passphrase feature is not enabled upon recovery, or if you are using a different BIP39-compatible wallet to restore your accounts.
There are two primary benefits a user gains when they use passphrases to protect their wallet.
1. Passphrases are not stored on the device
Unlike a PIN, which is changeable, protects your physical device from unauthorized access, and is stored on the chip, the passphrase protects your recovery seed and is not stored anywhere. This means that even if somebody compromised your recovery seed, they would not be able to access your accounts unless they knew the passphrase as well.
The fact that the passphrase is not stored anywhere on the device means that even if there were a way to hack your Trezor and extract the seed from the physical device, the perpetrators would come up short.
Introducing this “second-factor” authorization will also protect your funds if somebody finds your written physical copy of the seed.
Pro tip:
If you have to make a physical backup of your passphrase, do not store it with the backup of your seed. Instead, store it in a separate secure location, or consider choosing a memorable passphrase and setting up reminders to refresh your memory every few months.
2. Passphrases let you segregate funds
The second and arguably even more important addition brought to the table is plausible deniability. There is no such thing as an “incorrect passphrase” and you can create an unlimited number of wallets. This can be quickly turned to your benefit when you decide to redistribute your balances to give you a “cover”.
There is no such thing as an “incorrect passphrase” and you can create an unlimited number of wallets.
Consider leaving some pocket change, funds you would use for smaller everyday purchases, on your unprotected account. Then, move a moderate chunk of your savings under a passphrase of your choosing. Lastly, you can move the greater part of your balance to a completely different passphrase.
In a situation where you are physically threatened by burglars, border security agents, or pretty much anyone else, you can now safely give up your PIN number (which can be changed anyway) leading to a small loss of funds. If the assailants keep you under duress and demand a passphrase, you can give out the one with the lesser amount.
Pro tip:
If suitable for you, consider leaving a reasonable part of your balance on the unprotected “passphrase-less” account and move the rest of your savings under a passphrase.
Bonus pro tip:
Avoid talking about your balances and maintain your privacy.
Passphrases can also be used to help you organize your accounts. Do you have a problem with the limited number of accounts possible in our Wallet interface? Use the passphrase “1” (for example) to generate a new wallet. Now you have a wallet with a fresh set of accounts.
Perhaps you would like to share an account with the rest of the household or your team members at work. You can generate and distribute a recovery seed which would give everyone access to the “mutual”, “seed-only” wallet. Every member of this group can then separate their own secret wallet by using their own custom passphrase.
As is usual and true to the basic principle of using cryptocurrencies, there is a trade-off between safety and personal responsibility.
The attributes of this feature which give you the most value may turn against you when used carelessly.
A passphrase is an advanced feature. We earnestly recommend using it only after you understand how it works and recognize all the risks. If you ever forget or lose your passphrase, your wallet becomes irrecoverable.
Remember, passphrases are case-sensitive and spaces are valid characters — every character matters.
Continue to Is your passphrase strong enough?
SatoshiLabs is the innovator behind some of the most pivotal and influential projects involving Bitcoin and cryptocurrencies: mainly Trezor, the world’s first cryptocurrency hardware wallet, and CoinMap.org, the primary resource for bitcoin-accepting venues.
Our Trezor Model T is the next-generation hardware wallet, designed with the benefits of the original Trezor in mind, combined with a modern and intuitive interface for improved user experience and security. It features a touchscreen, faster processor, and advanced coin support, as well as all the features of the Trezor One.
The Trezor One is the original and most trusted hardware wallet in the world. It offers unmatched security for cryptocurrencies, password management, and Second Factor. These features combine with an interface that is easy to use whether you are a security expert or a brand new user.