When securing your cryptocurrency with the BitBox hardware wallet, it’s essential to understand two different security mechanisms that are often confused:
- the device password
- the optional passphrase
While both enhance security, they protect very different things and have very different consequences if forgotten.
In short:
- The device password protects access to your BitBox device.
- The optional passphrase creates a completely separate wallet.
Understanding this distinction is critical to avoiding accidental loss of funds.
The BitBox device password: your primary security layer
The device password is the main password for your BitBox hardware wallet. It controls physical access to the device itself, not to individual wallets.
| Aspect | Description |
|---|---|
| Purpose | Protects the BitBox from unauthorized physical access |
| Functionality | Encrypts the device’s contents. Without it, the device and its settings cannot be accessed |
| Setup | Mandatory during initial setup and cannot be disabled |
| Usage | Required every time you connect and unlock your BitBox |
| Recovery | If forgotten, the device can be reset and restored using your backup (microSD card or recovery words). Funds remain safe if the backup is secure |
Important:
The device password does not create or change wallets. It only controls access to the device itself.
Which characters can I use for the device password?
The device password uses a restricted character set by design. This improves usability and reduces input errors on the device.
You can use:
-
Uppercase letters:
A–Z -
Lowercase letters:
a–z -
Numbers:
0–9
Special characters and spaces are not supported for the device password.
If you want to change your device password, you can do so via the BitBoxApp:
How to change your BitBox02 device password
For guidance on choosing a secure device password, see:
Choosing a secure device password
The optional passphrase: advanced wallet security
The optional passphrase (also known as a BIP39 passphrase) is an advanced security feature.
It is not a password for the device.
Instead, it acts as an additional secret that is combined with your recovery words to create a new wallet.
| Aspect | Description |
|---|---|
| Purpose | Creates additional hidden wallets and enables plausible deniability |
| Functionality | Each unique passphrase generates a completely separate wallet |
| Setup | Enabled in the BitBoxApp under Settings → Manage device → Wallet → Enable optional passphrase |
| Usage | Entered after the device password when accessing a specific passphrase wallet |
| Recovery | Never stored on the BitBox and cannot be recovered if forgotten |
Important clarification:
- Entering no passphrase opens your default wallet
- Entering any passphrase (even one character) opens a different wallet
- A single typo creates a new empty wallet
How the optional passphrase is handled
The optional passphrase is never stored on the BitBox.
It is also not included in your backups.
Your backup (microSD card or recovery words) contains only the recovery words.
When restoring a wallet, the same optional passphrase must be entered again to access the corresponding passphrase wallet.
Which characters can I use in my passphrase?
You can use standard ASCII characters, with a maximum length of 127 characters:
-
Uppercase letters:
A–Z -
Lowercase letters:
a–z -
Numbers:
0–9 -
Special characters:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ { | } ~ § -
Spaces:
Spaces are allowed and can significantly increase strength when used between random words˽
Key differences at a glance
| Aspect | Device password | Optional passphrase |
|---|---|---|
| Protects | The BitBox device | A specific wallet |
| Creates wallets | No | Yes — each passphrase creates a new wallet |
| Required | Always | Only if enabled |
| When entered | First | After the device password |
| Recoverable | Yes, via wallet restore | No — never recoverable |
| Loss impact | Device reset required | Permanent loss of funds in that wallet |
FAQ
Is the optional passphrase the same as a 25th recovery word?
Yes. Technically, the optional passphrase acts as an additional secret combined with your recovery words to derive a new wallet.
Can I reset or change my passphrase later?
No. There is nothing to reset. Entering a different passphrase simply opens a different wallet.
What happens if I enter the wrong passphrase?
You will open a different (usually empty) wallet. Your funds are not lost — but they are only accessible with the exact original passphrase.
Should everyone use the optional passphrase?
The optional passphrase is a simple and effective way to increase wallet security.
It is especially useful if you want to protect funds even if your recovery words are compromised, or if you want to separate funds into independent wallets.
However, it is important to understand that the passphrase is not stored or backed up. When using a passphrase, you are responsible for remembering it and entering it correctly when accessing or restoring the wallet.
Why does a passphrase create a new wallet instead of unlocking the same one?
Because the passphrase is cryptographically combined with your recovery words to derive wallet keys. Any change results in a different wallet.
Can BitBox support recover my passphrase for me?
No. BitBox never knows or stores your passphrase or your recovery words. Both are generated and kept entirely under your control. As a result, recovery by our support is not possible.