In Bitcoin, securely storing your coins is of utmost importance. One mechanism to add an extra layer of security is the “passphrase.”
But what exactly is a passphrase? How does it differ from a seed? How is it different from other wallet passwords, and how can you add this extra protection to your Bitcoin wallet?
That’s what you’ll find out in this article.
Let’s dive in!
What is a Passphrase?
A passphrase, also known as a passkey, is a type of secret word that some Bitcoin and digital currency wallets offer as an optional feature.
For example, wallets like Jade and Sparrow allow you to create a passphrase after setting up your seed, which consists of 12 or 24 recovery words.
But what exactly is it, and why would you use it?
A passphrase is an additional layer of security that you choose to add to your wallet. It can be any word or phrase and functions as the 25th or 13th word, depending on the number of words in your seed.
This means that if you need to recover your wallet on another device, you’ll need to provide the 12 or 24 recovery words from your seed along with the passphrase you set up.
Without the passphrase, you’ll lose access to your funds completely, making it just as important as your seed.
During setup, you can choose any word or phrase up to 50 characters, and it’s case-sensitive, so it’s crucial to enter it correctly.
Since a passphrase is often made up of multiple words, it can be easier to remember than a random string of characters, while still being more resistant to brute-force attacks.
However, it’s essential to be precise when typing it, as whatever you enter will be recorded as your passphrase.
So be extra careful not to make any mistakes when typing it!
What are the advantages of using a Passphrase?
1. Create alternative wallets to your main wallet
Each passphrase entered generates a new, blank wallet. This allows you to segment your accounts, where one passphrase could designate business accounts and other personal accounts, for example.
With a single cold wallet, you can manage both family and business needs, assigning each person their own exclusive wallet by using different passphrases.
This feature is especially useful in situations involving coercion or extortion. You can create a low-value wallet with a specific passphrase and provide access to that, while keeping your other, more valuable wallets protected with different passphrases.
2. Protect your wallet with an additional password you create
The passphrase acts as an extra layer of security for your wallet, serving as a password that you personally create. This makes unauthorized access much more difficult.
3. Enhance your backup security
If someone gains access to your seed (wallet recovery words), they still won’t be able to access your funds without the passphrase.
This also adds an extra level of security in the event of seed loss or theft, as the passphrase is required to access the wallet.
What’s the difference between a Seed and a Passphrase?
A seed is an initial value used to generate cryptographic keys, while a passphrase is a sequence of words or characters that acts as a password to protect encrypted information.
The seed is commonly used in random number generation algorithms, while the passphrase is used for authentication and unlocking encrypted data.
Although both are related to information security, they serve different purposes.
In short, the 24-seed phrase provides the necessary entropy to protect your wallet from hacker attacks. The passphrase acts as a 25th word, which you can freely choose (up to 100 characters), to safeguard your wallet in case your seed is compromised.
To clarify the difference between the types of passwords — seed and passphrase — the image below illustrates three situations:
In the first scenario, the person did not configure a passphrase and used only the seed to access their wallet.
In the second, the person entered their seed and then set a passphrase with the word “Martha” to access funds in Wallet B.
In the third example, the person entered their seed and set a passphrase with the phrase “john’s best steakhouse 97” to access funds in Wallet C.
The key takeaway is that the passphrase is different from the seed. The seed consists of predefined words based on Bitcoin’s BIP39 standard, while the passphrase can be any information you choose.
But be warned! Again, if you forget or lose your passphrase, it’s a serious problem. Even if you have the seed, without it, you’ll lose access to your funds.
Which Bitcoin Wallets support Passphrase?
Not all Bitcoin wallets allow you to configure a passphrase, but you’ll find this feature in most major wallets.
Here are some wallets that support this feature:
- Trezor
- Coldcard
- Bitbox
- Jade
- Blue Wallet
How to configure a Passphrase? (Step by Step)
As discussed throughout this article, various wallets allow you to configure a passphrase, and each has a slightly different process. For this example, we’ll use the Jade wallet, a Bitcoin-only wallet that is easy to set up and highly recommended.
There are two ways to add it to Jade Wallet:
- During wallet setup, by opting for an advanced configuration.
- By selecting “Options” from the main menu before creating an active wallet.
Once you configure your passphrase in Jade, it will be required every time you access your wallet, following the entry of your PIN or a temporary option like SeedQR.
Make sure to enter your passphrase correctly, as it is case-sensitive. There is no concept of an “incorrect passphrase” — any typo will simply generate a new wallet.
After entering your passphrase correctly and connecting to your wallet, take note of the fingerprint displayed in the bottom right corner of Jade’s screen (e.g., 249192D2).
This 8-character sequence is unique to your wallet and passphrase. If you access your wallet and this code appears differently, it means you’ve entered the passphrase incorrectly and are in a different wallet.
You can also adjust your passphrase settings in Jade!
To adjust your passphrase settings, power on Jade and navigate to the “Options” menu.
Then select BIP39 password.
Next, choose “Frequency” to decide how often you want Jade to prompt you for a passphrase:
- Never: You won’t be asked for a passphrase during login.
- Once: The passphrase will only be requested the next time you log in with your PIN or temporary access. You’ll need to return to this menu each time you want to use a passphrase. This option helps hide the fact that you are using a passphrase, enhancing security.
- Always: The passphrase entry screen will appear every time you log in.
Then choose “Method” to select how you want to enter your passphrase:
- Manual: A keyboard appears, allowing you to enter specific characters one by one. This is the default option for most hardware devices and offers the option to use uppercase and lowercase letters, numbers, and other special characters.
- WordList: This input method is designed for faster entry of longer, higher-entropy passwords based on the BIP39 word list. A random series of these words can be chosen as a password, and Jade will suggest BIP39 word options as you begin typing, speeding up the input process. Passwords using this method are easier to remember and can be entered more quickly than manually typed passwords while maintaining the same level of security.
Passphrase divides opinions among experts
The use of passphrases is a topic that divides opinions among technical Bitcoiners.
These differing perspectives can be summarized into two main schools of thought:
1. Bitcoiners who support Passphrase
Those in favor of using a passphrase argue that it provides an additional layer of security. Unlike the wallet’s PIN, which can be modified and stored on the device’s chip, the passphrase is not stored on the device and adds extra protection. Even if a thief manages to steal your seed, they won’t be able to access your account without the passphrase.
In this case, it’s recommended not to store the seed and passphrase together, or to choose a passphrase that you can easily remember.
A passphrase is often considered more convenient than a standard multisig, as you only need one device, one seed, and the passphrase to add an extra layer of security. It’s simpler! With traditional multisigs, you need to set up, back up, and store multiple seeds properly.
Additionally, another advantage of using a passphrase with single-signature addresses is that it provides more privacy compared to a multisig. It maintains a single-signature footprint on the blockchain, which is less distinguishable than a multisig transaction, which takes up more space and is more identifiable.
The more information someone has about how you secure your addresses, the easier it becomes for them to plan a targeted attack.
As block space becomes more limited, transaction fees for multisig addresses increase. This makes a passphrase a more cost-effective security option, as it incurs lower fees than a multisig setup.
However, the biggest risk with using a passphrase is human error—specifically, forgetting it. If you lose your passphrase, it’s equivalent to losing your entire seed. For this reason, some security-focused developers prefer using multisigs over passphrases.
2. Bitcoiners who don’t support Passphrase
Bitcoiners who do not recommend using a passphrase argue that multisig setups provide a higher level of security by requiring multiple signatures to authorize transactions, such as 2 out of 3 or 2 out of 4. This adds a greater safety margin against seed loss and reduces the risk of losing access to your funds.
With a passphrase, on the other hand, if you lose or forget that single passphrase, you lose all access to your funds.
Developers who prefer multisigs believe that, if properly managed, it’s highly unlikely that an attacker could steal or compromise all necessary components, such as devices, seeds, and wallet data. They also argue that accessing funds is significantly easier when relying on a passphrase, increasing the risk of potential compromise.
Moral of the story
In summary, while multisigs offer greater security than passphrases, a passphrase is easier to set up and use, and it also provides more privacy in transactions on the network.
In Bitcoin, there is no right or wrong—only choices and their consequences. You need to decide which risks you are more comfortable managing if your security model fails.
Choosing between single-signature (with or without a passphrase) and multisig isn’t an either-or decision. You can even use both.
For example, you might want to secure the majority of your assets in a multisig wallet, while keeping another wallet with smaller amounts in a single-signature setup with a passphrase for easier access.
The choice is yours.
It’s up to you to decide which additional security layer works best for you and which one you feel most confident handling. After all, sovereignty comes with the responsibility of understanding the benefits and risks of each option.
I hope you enjoyed this article, and don’t forget to share it with friends and family!
Until next time, and opt out
Share on your social networks:
Area Bitcoin is an educational Bitcoin school that aims to accelerate the financial and intellectual sovereignty of all individuals.
Enjoyed this article? Donate some sats so we can grab a cup of coffee and keep writing. ☕