Bitcoin Bumblebee

Passphrases are a feature of BIP 39, the standard that describes how to convert raw wallet seeds into easy to read seed phrases.

What is a passphrase?

A passphrase is an extra word used to encrypt your BIP 39 seed phrase. This ‘word’ can be any string and may contain lower or upper case letters, numbers, symbols, and spaces. By default, it is set to an empty string. When combined with the original 12 or 24 words, it creates a completely new wallet seed—the set of addresses derived from the new seed will be completely unrelated to the original ones. This feature can be used to create a two-factor seed phrase, or to segregate funds for the sake of privacy, safety, or plausible deniability.

Most devices and software wallets on the market today are compatible with the BIP 39 specification, and offer passphrase features. They usually allow users to store a passphrase on the device—which will be protected by a different PIN code—or to use an unlimited number of “temporary passphrases”, which will be forgotten by the device at shutdown.

Why use passphrases?

Adding a passphrase results in a completely different wallet. When stored separately from the hardware device and seed phrase, a passphrase provides a second authentication factor, reducing the likelihood of an attacker accessing all necessary materials to steal your funds. While multisig is the benchmark for self-custody experts, it remains too complex for most new users, who might also be reluctant to invest in multiple hardware devices.

Passphrases can have many benefits:

• An attacker who steals your seed phrase (or your device and extracts the seed phrase) will only see an empty wallet if they don’t have the passphrase.
• An attacker won’t know how many passphrases you have, giving you plausible deniability, especially when combined with privacy best practices.
• Passphrases allow you to hide multiple copies of your seed word backup in different locations without worrying about theft if one copy is found. This significantly reduces the risk of losing access to your funds if your primary backup is lost or destroyed.
• Trusting a hardware wallet to generate truly random seed words can be concerning, especially with closed-source devices. Passphrases can safely add extra randomness (entropy) without needing to trust the device entirely.
  
  
  

Creating a Strong Passphrase

A strong passphrase should:

• Be lengthy (at least 12 characters long).
• Include a mix of upper and lower case letters, numbers, symbols, and spaces.
• Avoid common words, phrases, or easily guessable information (like birthdays or common passwords).

One effective way to generate a strong passphrase is by using the EFF wordlist. This method involves rolling dice to randomly select words from a list, ensuring high entropy and randomness. For example, you could roll five dice and match the resulting number to a word in the list. Repeating this process several times will provide a strong passphrase.

Using Passphrases with Caution

While passphrases enhance security, they must be used responsibly:

• No Recovery: There is no way to recover a lost passphrase. Ensure that your passphrase, like your seed phrase, is properly backed up on paper or metal.
• Avoid Ambiguity: Be careful with characters that look similar (e.g., “l, I, |”) or spaces.
• Backup Verification: Always double-check your backups before sending any significant amount of money to a new wallet. Conduct test transactions to ensure accessibility.

By understanding the importance of a strong passphrase and following these guidelines, you can effectively utilize passphrases to enhance the security of your Bitcoin wallet. Refer to your wallet’s documentation for detailed instructions on using passphrases, as each manufacturer may have specific guidance and best practices.

Posted at block 796912

---

• Twitter
• Mail