The BitBox02 has two unlocking protections to protect against trying out possible device passwords:
- After 10 failed unlock attempts, the device will reset and must be restored from a backup.
- The secure chip contains a counter and permanently locks the device after a total of about 730.000 unlock attempts (successful or not), which is about 100 unlocks per day for 20 years.
This is called "security in-depth": even if the unlock protection in the firmware (1) can be somehow bypassed, the unlock protection in the hardware (2) can prevent further damage.
We recommend using a password that is hard to guess (brute force) even in the unlikely scenario that the unlock protection (1) is bypassed. The chance of an attacker guessing the right password before hitting the unlock protection (2) are as follows:
- 5 random characters: 0.08 %
- 6 random characters: 0.012 %
- 7 random characters: 0.00002 %
We recommend using a device password of 5 or more random characters, including uppercase, lowercase letters, and numbers. Using extremely long device passwords with e.g. 30 or more characters hampers usability more than actually improving security.
Avoid confusing the device password for your BitBox02 with an optional passphrase you may have set for your wallet. The latter should be longer and different from the device password, also including special characters, because the protections against brute force attacks mentioned above don't apply here. Find out more on this topic in our blog post.