Table of Contents

How BitBox protects your password BitBox02 (standard model): BitBox02 Nova: Shared protection: Recommendations for your device password Important: Device password vs. optional passphrase FAQ What happens if I enter the wrong password too many times? What’s the difference between the main microcontroller and the secure chip? Does the BitBox02 Nova add new password protection features? Do I need to choose a longer password for extra safety?

Your BitBox device password is your first line of defense to protect your crypto assets from unauthorized access. Setting a secure password during initialization is crucial. This guide helps you choose a strong one.

How BitBox protects your password

The BitBox family of devices includes multiple layers of protection to prevent attackers from guessing your password.

BitBox02 (standard model):

  • Limited attempts: After 10 incorrect password entries, the BitBox automatically resets to factory settings. Your funds remain safe as long as you have your backup, but the device will need to be restored.
  • Secure chip protection: The BitBox02’s secure chip includes a counter that permanently locks the device after approximately 730,000 unlock attempts (both successful and unsuccessful). This equals roughly 100 attempts per day for 20 years.

This "security-in-depth" approach means that even if the firmware-level protection (10 attempts) were somehow bypassed, the hardware-level protection (secure chip) provides an additional powerful safeguard.

BitBox02 Nova:

  • The Nova introduces a new secure chip that enforces the 10-attempt limit directly in hardware, not just in firmware. This makes physical attacks significantly harder, as the chip itself prevents more than 10 password attempts even if someone were to tamper with the firmware.
  • In addition, the Nova maintains all other existing hardware-level protections from the BitBox02.

You can read more about the BitBox02 Nova’s upgraded secure chip in our blog post: Introducing BitBox02 Nova

Shared protection:

This “defense-in-depth” design applies to both the BitBox02 and the BitBox02 Nova.

It combines two independent layers of security working hand in hand:

  • First layer — firmware on the main microcontroller (MCU):
    The BitBox firmware running on the open-source microcontroller limits password attempts to ten. This layer handles user interaction and logic, ensuring full transparency and auditability through open-source code.
  • Second layer — secure chip:
    The secure chip acts as a hardware vault, enforcing its own protection counter and safeguarding sensitive data like encryption keys. It ensures that even if someone were to tamper with the firmware, the hardware still limits password attempts and keeps secrets locked.

Together, these layers provide the best of both worlds: transparent and verifiable open-source firmware combined with the physical security of a dedicated secure chip.
Even if one layer were bypassed, the other would continue to protect your funds.

To learn more about how BitBox achieves this layered approach, see our detailed blog post: {Best of both worlds: using a secure chip with open-source firmware}

 

Recommendations for your device password

Given these strong built-in protections, here’s how to choose an effective password:

  • Length: Use a password with 5 or more random characters.
  • Character types: Combine a mix of
    • Uppercase letters (A B C … Z)
    • Lowercase letters (a b c … z)
    • Numbers (0 1 2 3 … 9)

Consider the chances of an attacker guessing your password before reaching the secure chip’s limit, even if the first protection layer were somehow bypassed:

  • 5 random characters → 0.08 %
  • 6 random characters → 0.012 %
  • 7 random characters → 0.00002 %

A password with 5 or more random characters strikes a good balance between security and usability. 

Using extremely long passwords (e.g., 30 or more characters) for the device password can make it harder for you to use without significantly increasing practical security, thanks to the BitBox02's built-in protections.

 

Important: Device password vs. optional passphrase

Do not confuse your device password with the optional passphrase (also known as the BIP-39 passphrase):

  • The device password (this article’s topic) unlocks your BitBox hardware wallet.
  • The optional passphrase is an advanced feature that creates hidden wallets.
    • It should be much longer and more complex—often including special characters like ! @ # $ % &—and follows different protection rules if your recovery words are ever exposed.

To learn more about the optional passphrase, see our blog post: Benefits and risks of using an optional passphrase 

FAQ

What happens if I enter the wrong password too many times?

After 10 incorrect entries, the BitBox02 and BitBox02 Nova automatically reset to factory settings. Your funds remain safe as long as you still have your backup (microSD card or recovery words).

What’s the difference between the main microcontroller and the secure chip?

  • The main microcontroller (MCU) runs open-source firmware, responsible for wallet logic, display, and communication.
  • The secure chip is a closed but tamper-resistant component that physically protects sensitive data and enforces access limits.

Together, they form a complementary system: openness for auditability, hardware isolation for security.

Does the BitBox02 Nova add new password protection features?

Yes. The Nova’s secure chip now enforces the 10-attempt password limit in hardware, not only via firmware, which makes physical attacks even harder.

Do I need to choose a longer password for extra safety?

Not necessarily. Because of the built-in hardware limits, even short but random passwords (5 or more mixed characters) are already very secure. Focus on randomness and variety instead of length.

Related Articles

Was this article helpful?

Give feedback about this article