The optional passphrase is an advanced security feature that allows you to create hidden wallets on your BitBox02. This article explains what a passphrase is, how it works, and the significant benefits and risks, helping you decide if this feature is right for you. For a deeper dive, you can read our blog post about the benefits and risks of optional passphrases.


What is an Optional Passphrase?

An optional passphrase is like a "25th recovery word" that you create. When enabled, your BitBox02 will ask for a passphrase every time it's unlocked. Each unique passphrase you enter, combined with your 24 recovery words, generates a unique, hidden wallet. This means you can have a plausible deniability wallet (your standard wallet) and multiple hidden wallets, each accessed with a different passphrase.

Before you start

Using a passphrase is an advanced feature and is not for everyone. Before you consider using it, you must understand that forgetting or losing your passphrase will result in the permanent loss of your funds in that hidden wallet. There is no way to recover it.

 

How a Passphrase Works

Your BitBox02's security is based on your 24 recovery words. The passphrase feature adds another layer on top of this.

  • Standard Wallet: When you use your BitBox02 without a passphrase (or leave the field blank), you access your standard wallet, which is derived solely from your 24 recovery words.
  • Hidden Wallet: When you enter a specific passphrase, the BitBox02 combines it with your 24 recovery words to create a completely new, separate wallet.

This process is deterministic, meaning the same passphrase will always open the same hidden wallet. A different passphrase (even by one character) will create another, entirely different wallet.


Benefits of Using a Passphrase

Plausible Deniability

The primary benefit is plausible deniability. In a situation where you are forced to reveal your crypto wallet, you can open the standard wallet, which might hold a small amount of funds. Your main holdings remain secure and undiscoverable in your passphrase-protected hidden wallet.

Protection Against Physical Threats

If your 24 recovery words are found by an attacker, they can steal the funds from your standard wallet. However, without the passphrase, they cannot access your hidden wallet. This provides powerful protection against physical attacks, theft, or extortion.


Critical Risks You Must Understand

Permanent Loss of Funds

This is the most significant risk. If you forget, lose, or incorrectly type your passphrase, the crypto in that hidden wallet is gone forever. Shift Crypto cannot help you recover it. There is no "Forgot Passphrase" option.

Complexity and Human Error

Managing a passphrase adds a layer of complexity. You are solely responsible for accurately recording and securely storing it. A single typo or misplaced character when recording it means you will never be able to access your funds. For many users, the risk of making a mistake is higher than the risk of being targeted by the advanced attacks a passphrase protects against.


Best Practices for Passphrase Management

To minimize risks and maximize the benefits of an optional passphrase:

  • Record Accurately: Always write down your passphrase with extreme care, ensuring every character, including case and spaces, is exact.
  • Secure Separate Storage: Store your passphrase backup in a highly secure location that is physically separate from where you store your 24-word recovery words. This distributes your risk.
  • Avoid Memorization Only: While memorizing it can be an extra layer, do not rely solely on memory. Always have a secure, written backup.
  • Test Your Passphrase (with small amounts): After setting up a passphrase-protected wallet, send a small, insignificant amount of cryptocurrency to it. Then, try accessing that wallet multiple times using your passphrase to ensure you can consistently enter it correctly before transferring larger sums.

Frequently Asked Questions

What if I enter my passphrase incorrectly?

Entering an incorrect passphrase will open a new, empty wallet. This can be alarming, but your funds are safe. You simply need to re-plug your BitBox02 and enter the correct passphrase to access the correct wallet.

Do I need to back up the passphrase?

While some users may choose to memorize their passphrase, we strongly recommend creating a physical backup. Relying only on memory is risky. If you create a backup, you must store it with the same diligence as your 24 recovery words, but in a completely separate physical location. Storing your recovery words and passphrase backup together defeats the purpose of the feature.