This guide will walk you through the practical steps of enabling and using an optional passphrase on your BitBox02, along with crucial advice on how to create a strong and secure passphrase.
Before you begin, ensure you have your 24-word recovery words securely backed up and stored offline. Your passphrase will not be part of these words, and you must manage it separately. For a deeper understanding of optional passphrases, their benefits, and risks, please refer to our article on BitBox02 Optional Passphrase: Security & Risks.
Enabling the Optional Passphrase Feature
- Open the BitBoxApp: Connect your BitBox02 to your computer and open the BitBoxApp.
- Navigate to Device Settings: In the BitBoxApp, go to the "Manage device" section.
- Enable Passphrase: Click on “Enable optional passphrase.”
-
Review Details:
- A screen titled "Review Details regarding the optional Passphrase" will appear in the BitBoxApp.
- This screen provides crucial information about the optional passphrase.
- Read it carefully to ensure you understand the implications of using a passphrase, especially the risk of irrecoverable funds if forgotten.
- Continue until you get to the summary, where you'll find the "Enable passphrase" button.
- Confirm on BitBox02: Your BitBox02 device will prompt you to confirm that you want to enable the feature. Tap the sensor on your device to confirm.
-
Passphrase Enabled & Reconnect: Congratulations, you've now enabled the optional passphrase feature.
- You'll need to disconnect your BitBox02 and then reconnect it.
- When you reconnect, you'll first be asked for your device password as usual, and then, as an additional option, the optional passphrase.
Choosing a Strong Passphrase
Creating a robust passphrase is just as important as keeping it secret. Its strength determines how resistant your hidden wallet is to brute-force attacks.
Length and Complexity
The strength of your passphrase is primarily determined by its length and the variety of characters it contains. Longer passphrases with a mix of different character types are significantly more secure.
- Prioritize Length: A passphrase should ideally aim for 12 characters or more.
- Embrace Randomness: Avoid easily guessable words, phrases from books or songs, or personal information. True randomness (e.g., a string of random words, or a random mix of characters) provides the highest security.
-
Example Recommendations:
- Random Word Sequence: Four or five unrelated words (e.g., "table lamp ocean blue") can create a very strong and relatively memorable passphrase.
- Mixed Character Combination: If you prefer a more traditional "password" style, aim for at least 12 characters combining uppercase letters, lowercase letters, numbers, and special characters.
For an insightful deep dive into what makes a passphrase truly strong and how to estimate its resilience against attacks, you might find this article from Trezor helpful: Is your passphrase strong enough?
Which Characters Can a Passphrase Contain?
Your optional passphrase offers a wide range of characters, allowing for high complexity:
- Uppercase letters:
A-Z - Lowercase letters:
a-z - Numbers:
0-9 - Special characters:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ { | } ~ - Spaces: A space character (
Using a diverse mix of these character types will maximize your passphrase's entropy and security.
Best Practices for Passphrase Creation
- Do Not Reuse: Never use a passphrase that you have used for any other account or purpose.
- Make it Unique: Ensure your chosen passphrase is distinct from your BitBox02 device password. The brute-force protections on the device password do not apply to the passphrase.
- Avoid Common Patterns: Steer clear of keyboard patterns (e.g., "qwerty"), sequential numbers (e.g., "12345"), or simple dictionary words.
- Record Securely: Write down your exact passphrase. Double-check for accuracy, paying close attention to case sensitivity and any special characters or spaces. Store this record in a highly secure, offline location separate from your 24-word recovery words.
Using Your Passphrase
After enabling the feature, each time you unlock your BitBox02 with your device password, you will be prompted to enter a passphrase.
- Accessing Your Standard Wallet: To open the wallet associated with just your 24 recovery words (your main, non-passphrase-protected wallet), simply confirm the empty passphrase field on the BitBox02. You do not need to type anything.
- Accessing a Passphrase-Protected Wallet: To access a wallet secured by a passphrase, carefully enter your chosen passphrase into the BitBoxApp when prompted. The BitBox02 will display what you've typed for verification. Confirm it matches exactly, then tap the sensor on your device to proceed.
Remember, if the passphrase you enter (or don't enter) does not exactly match one you've previously used to send funds to, you will be presented with a new, empty wallet. No error message will appear, as every passphrase creates a valid wallet.
Disabling the Optional Passphrase Feature
If you decide you no longer wish to be prompted for a passphrase each time you unlock your device, you can disable the feature:
- Open the BitBoxApp: Connect your BitBox02 and open the BitBoxApp.
- Navigate to Device Settings: Go to "Manage device."
- Disable Passphrase: Click on “Disable optional passphrase.”
Important Note: Disabling the feature only removes the prompt; it does not delete any data or make passphrase-protected funds inaccessible. Since the passphrase is not stored on the device, you can re-enable the feature at any time to access your passphrase-protected wallets by simply entering the correct passphrase during unlock.