Understanding optional passphrases
An optional passphrase, often referred to as the "25th word," is an advanced security feature that allows you to add a custom passphrase to your existing 24 recovery words. This combination generates a unique wallet, providing an additional layer of protection for your cryptocurrencies.
How does an optional passphrase work?
Your BitBox wallet's security is based on a master seed derived from your 24 recovery words. By introducing an optional passphrase, you create a new, unique master seed. Each distinct passphrase results in a completely separate wallet. Importantly, every passphrase is valid; entering a different one, even with a minor typo, will access a different wallet.
Important characteristics of using a passphrase:
- Validity of any passphrase: Any passphrase you enter is considered valid. If the passphrase differs from the one used during wallet setup, a completely new and empty wallet will be generated. Therefore, entering an incorrect passphrase, even by a single character, will result in accessing a different wallet.
- Passphrase storage: The BitBox02 does not store your passphrase. You must enter it each time you wish to access a passphrase-protected wallet. This ensures that even if your device is compromised, your funds remain secure as long as your passphrase is unknown to the attacker.
- Restoration requirements: To restore a wallet, you need both your wallet backup (the 24 recovery words) and the exact passphrase used during the wallet's creation. Without both components, accessing your funds will be impossible.
Wallet access scenarios:
| Recovery Words | Passphrase | Formula | Resulting Wallet |
|---|---|---|---|
| Seed (24 Recovery Words) | "" (empty) | Backup + "" | Base wallet (standard wallet) |
| Seed | Passphrase1 | Backup + Passphrase1 | Wallet1 |
| Seed | Passphrase2 | Backup + Passphrase2 | Wallet2 |
| Seed | Passphrase3 | Backup + Passphrase3 | Wallet3 |
Benefits of using an optional passphrase
- Enhanced security: Even if someone gains access to your 24 recovery words, they cannot access your funds without the additional passphrase.
- Distributed backups: You can store your recovery words and passphrase separately, reducing the risk of total loss due to theft or damage.
- Duress wallets: Create a secondary wallet with a different passphrase containing a small amount of funds. In a coercion scenario, you can reveal this wallet without exposing your main holdings.
Risks and considerations
- Irrecoverable funds: If you forget or misplace your passphrase, you will lose access to the associated wallet and its funds.
- Case sensitivity: Passphrases are case-sensitive. For example, "CryptoSafe" and "cryptosafe" would be recognized as two distinct passphrases, leading to different wallets.
- Complexity: Managing multiple passphrases can be challenging and may increase the risk of user error.
Setting Up an optional passphrase on your BitBox02
- Backup your wallet: Ensure you have securely backed up your 24 recovery words.
- Enable the feature: In the BitBoxApp, navigate to "Device Settings" and select "Enable optional passphrase."
- Enter your passphrase: When prompted, input your chosen passphrase directly on the BitBox02 device. Confirm the passphrase as displayed on the device screen.
- Access your wallet: After entering the passphrase, your unique wallet will be accessible. Remember, each distinct passphrase unlocks a different wallet.
Important: Always store your passphrase securely and separately from your recovery words. Without both, wallet recovery is impossible.
For a more detailed exploration of optional passphrases, refer to our article on the benefits and risks of using an optional passphrase.