598634

An optional passphrase adds an extra layer of security to your BitBox02, creating a unique, hidden wallet that enhances the protection of your digital assets.


What is an Optional Passphrase?

An optional passphrase, sometimes called a "25th word," is a custom word or phrase you create. When combined with your 24-word recovery words, it generates a unique and entirely separate wallet. It's an advanced security feature that modifies your master seed, allowing you to have multiple distinct wallets derived from the same recovery words. Each unique passphrase you use will lead to a different, independent wallet.


How a Passphrase Works

When you use a passphrase, your BitBox02 and BitBoxApp combine your 24 recovery words with this custom phrase to calculate a completely new master seed. This new master seed then derives a new set of addresses and a new wallet.

  • Not Stored on Device: Your passphrase is never stored on your BitBox02 device. It exists only in your memory or secure storage.
  • Unique Wallet for Each Passphrase: Every distinct passphrase you enter (including an empty one) will open a different wallet. Even a single character change or a difference in case (e.g., "secret" vs. "Secret") will lead to a completely new, empty wallet.
  • Requires Passphrase for Access: To access funds in a passphrase-protected wallet, you must always enter the exact passphrase, along with your device password, when unlocking your BitBox02.
  • Recovery Requirement: If you ever need to restore your wallet, you will need both your 24 recovery words and the exact optional passphrase to access your funds.

Benefits of Using a Passphrase

Using an optional passphrase can significantly enhance your security, offering protection against various threats.

Enhanced Backup Security

A passphrase allows you to distribute the "keys" to your crypto across different physical locations. Your 24-word recovery words can be stored in one secure place (e.g., a safe), while your passphrase is stored in another (e.g., a separate hidden location, or memorized). This means that even if someone gains access to your recovery words, they cannot access your funds without the exact passphrase. This strategy significantly mitigates the risk of a single point of failure in your backup plan.

Protection Against Physical Coercion (Duress Wallet)

In rare, high-stress situations where you might be physically compelled to reveal your wallet, an optional passphrase offers a layer of plausible deniability. You can maintain a separate wallet (the one accessed without a passphrase, or with a different, low-value passphrase) to present to an attacker. This "duress wallet" would contain only a small, expendable amount of cryptocurrency, while your primary funds remain secure and hidden in a different wallet, protected by a passphrase that you do not reveal. This helps de-escalate the situation while protecting your main assets.

Increased Physical Device Security

Although the BitBox02 is designed with robust security features to protect against physical tampering, a passphrase adds another layer of defense. Since the passphrase itself is never stored on the device, even if someone were to gain physical access to your BitBox02 and attempt advanced forensic attacks, they would still need your passphrase to derive and access your private keys. This makes it significantly more challenging for unauthorized individuals to compromise your funds.

For a more in-depth look at the advantages, you can read our blog post on optional passphrases: benefits and risks.


Critical Risks and Considerations

The power of an optional passphrase comes with increased responsibility. Failure to properly manage your passphrase can lead to permanent loss of funds.

Irrecoverable Funds if Forgotten

This is the most significant risk. Unlike your 24-word recovery words, which follow a standardized wordlist and checksum, your optional passphrase is entirely custom. If you forget your passphrase or lose your record of it, there is no recovery mechanism. The funds in the wallet associated with that specific passphrase will be permanently inaccessible. It is paramount to treat your passphrase with the same, or even greater, care as your recovery words.

Typographical Errors

Passphrases are case-sensitive and character-specific. Even a minor typographical error (e.g., "Passphrase" instead of "passphrase," or missing a space or special character) will result in a completely different, new, and empty wallet. The BitBox02 will present an empty wallet because, to the device, you have simply opened a valid (but new) wallet. This can be a source of confusion and alarm for users if they don't realize they've made a subtle error. To mitigate this, the BitBox02 displays your entered passphrase for verification before confirming, which helps catch mistakes.

Overcomplicating Your Security

While beneficial, adding a passphrase increases the complexity of your backup and recovery process. For some users, especially beginners, this added complexity might introduce more risk through human error (e.g., forgetting or incorrectly recording the passphrase) than the additional security benefits provide against advanced attacks. It's essential to assess if you are comfortable with this added layer of management before implementing it.


Best Practices for Passphrase Management

To minimize risks and maximize the benefits of an optional passphrase:

  1. Record Accurately: Always write down your passphrase with extreme care, ensuring every character, including case and spaces, is exact.
  2. Secure Separate Storage: Store your passphrase in a highly secure location that is physically separate from where you store your 24-word recovery words. This distributes your risk.
  3. Avoid Memorization Only: While memorizing it can be an extra layer, do not rely solely on memory. Always have a secure, written backup.
  4. Test Your Passphrase (with small amounts): After setting up a passphrase-protected wallet, send a small, insignificant amount of cryptocurrency to it. Then, try accessing that wallet multiple times using your passphrase to ensure you can consistently enter it correctly before transferring larger sums.

By understanding and adhering to these best practices, you can leverage the powerful security features of an optional passphrase effectively. For steps on how to set up your passphrase, see our guide on Setting Up Your BitBox02 Optional Passphrase.