Passphrases are a feature of BIP 39, the standard that describes how to convert raw wallet seeds into easy to read seed phrases.
What is a passphrase?
A passphrase is an extra word used to encrypt your BIP 39 seed phrase. This ‘word’ can be any string and may contain lower or upper case letters, numbers, symbols, and spaces. By default, it is set to an empty string. When combined with the original 12 or 24 words, it creates a completely new wallet seed—the set of addresses derived from the new seed will be completely unrelated to the original ones. This feature can be used to create a two-factor seed phrase, or to segregate funds for the sake of privacy, safety, or plausible deniability.
Most devices and software wallets on the market today are compatible with the BIP 39 specification, and offer passphrase features. They usually allow users to store a passphrase on the device—which will be protected by a different PIN code—or to use an unlimited number of “temporary passphrases”, which will be forgotten by the device at shutdown.
Why use passphrases?
Passphrases may be used for creating many secure wallets at no additional cost. Each passphrase results in a completely different wallet seed which cannot be linked to each other in any way. Passphrase can also be used to safely segregate private funds from non-private ones.
When stored outside the hardware device, and backed up separately from the seed phrase, passphrases provide a second authentication factor, decreasing the chances of an attacker finding the entire necessary material to access your funds. While multisig is the benchmark for self-custody experts, it is still too complex for most new users, who also may not wish to invest money in multiple hardware devices. They may put their funds at risk looking for extra security by using custom encryption, splitting their seed phrase, or giving their keys to trusted institutions.
Passphrases are easy and safe to use, and provide many benefits, since your seed words alone are not enough to gain access to your funds.
- An attacker stealing your seed phrase (or stealing your device and extracting the seed phrase) will only see an empty wallet.
- Decoys could be used—funds going missing on the wallet with no passphrase means the seed phrase has been compromised.
- An attacker does not know how many passphrases you have, which gives you plausible deniability, especially when combined with privacy best practices.
- Passphrases empower you to hide several copies of your seed word backup in various locations without worrying about money being stolen if one copy is found. This greatly reduces the risk of losing your seed in the event your only backup is lost or destroyed.
- Bad device entropy: users have to trust that their hardware wallet generates truly random seed words. It can be a pretty big leap of faith, especially when using closed source devices. Passphrases can be used to safely add entropy without having to trust the device or generate a seed “off-device” which is unsafe for most users.
Use with caution
Make sure you understand what you are doing when using passphrases. There is no way of recovering a lost passphrase. To avoid losing funds, passphrases, just like seed phrases, should be properly backed up in case of failure of a hardware device, or of your own memory. Make sure to avoid ambiguity with characters that look similar, such as “l, I, |”, and remember that passphrases are case-sensitive, for example “Satoshi” and “satoshi” will generate a completely different set of Bitcoin addresses and private keys.
It is always a good idea to double-check your backups (both seed phrase and passphrase) before sending any meaningful amount of money to a new wallet, and to conduct a test transaction in and out of the wallet to make sure the funds are accessible.
Refer to your wallet’s documentation on how to use passphrases. Most manufacturers have their own articles and guides on how to use passphrases with their devices.
Posted at block 796912
Bitcoin Bumblebee 
Leave a comment