PINs

PINs (Personal Identification Numbers) on COLDCARD^® devices are fundamental for both security and user interaction. The Main PIN serves as the primary barrier against unauthorized access, making any tampering evident. Trick PINs offer advanced protective measures, particularly in duress situations, enhancing security by potentially hindering malicious attempts.

Main PIN

The Main PIN is your primary line of defense against unauthorized access to your COLDCARD. It is essential for unlocking the device to perform any operations. The Main PIN is composed of two parts:

• Prefix: The first part of your PIN, consisting of 2 to 6 digits. Entering this triggers the display of anti-phishing words, ensuring you're on the legitimate device.
• Suffix: The concluding part of your PIN, also ranging from 2 to 6 digits, which you enter after confirming the anti-phishing words are correct.

This dual-component system not only adds security but also acts as a deterrent against physical tampering. If someone attempts to access your COLDCARD, they would need both parts of the PIN, and any tampering would be evident through mismatched anti-phishing words. The Main PIN ensures:

• Privacy: Keeps your wallet's contents confidential unless you authorize access.
• Security: Protects against both physical and digital threats by requiring precise knowledge of the split PIN to unlock the device fully.
• Tamper Evidence: The anti-phishing words provide an immediate visual cue if the device has been compromised.

Remember, the effectiveness of this security measure is contingent on the secrecy and complexity of your Main PIN. Avoid using easily guessable combinations, and consider changing it periodically or after any potential security breach.

Anti-Phishing Words

Anti-phishing words are a unique security feature of the COLDCARD that adds an additional layer of verification. After entering the prefix of your Main PIN, the device displays a set of words that are specific to your COLDCARD. These words:

• Confirm Device Integrity: They act as a canary in the coal mine for any device tampering. If these words do not match what you expect, it's a clear sign that your device might have been compromised or replaced.
• Prevent Phishing: By providing a unique set of words that only you should know, these words help in identifying whether you are interacting with your genuine COLDCARD or a lookalike attempting to deceive you into revealing your PIN.

You should memorize these words and keep them securely backed up, as they are crucial for ensuring you're not falling victim to a phishing attack or using a tampered device.

If Your Anti-Phishing Words Have Changed

If your anti-phishing words have changed after entering your PIN prefix, DO NOT enter your PIN suffix. In this case your device has most likely been tampered with in some way, and is no longer trustworthy. You should securely dispose of the old device, and use a backup to restore on a new COLDCARD.

Video: Q: Create PIN Video: Mk4: Create PIN

Create Main PIN

Upon initializing a new COLDCARD, one of the first steps is to establish the Main PIN. This PIN is pivotal, serving as your key to unlock the device every time you power it on. The Main PIN is split into two segments, a prefix and a suffix, each 2 to 6 digits in length.

After choosing your PIN prefix, your COLDCARD will derive your anti-phishing words, and then you'll select your PIN suffix.

It is very important for the Main PIN and the anti-phishing words to be backed up and stored securely.

Do Not Forget Your Main PIN

There is ABSOLUTELY NO WAY to "reset the PIN" or "factory reset" the COLDCARD if you forget the Main PIN. Write it down as a backup.

Steps to Create Main PIN

1. From the Main Menu of a new COLDCARD select: Choose PIN Code.

   

2. Read the information about the PIN code, and press OK/ENTER to move on.

3. There's one more warning to read. Be sure you understand that there is no way to reset a forgotten PIN. Press the correct key to prove you've read the entire message.

   

4. It's now time to choose your Main PIN prefix. Select between 2 and 6 digits and write them down on your backup.

5. After backing up your Main PIN prefix, enter it into your COLDCARD and push OK/ENTER.

   

6. The COLDCARD will generate your anti-phishing words and show them to you on the screen. Write these down as a backup. You will verify that these words haven't changed each time you use your COLDCARD to ensure your device has not been tampered with.

7. Once your anti-phishing words have been backed up, it's time to move on to creating the Main PIN suffix. On the Mk4, tap OK to continue. The Q is ready for the PIN suffix without pressing anything.

8. Choose a Main PIN suffix between 2 and 6 digits and write it down on your backup.

9. Now that you have chosen your Main PIN suffix and backed it up, enter it on your COLDCARD. Press OK/ENTER when you're done to begin the confirmation phase.

   

10. To make sure there were no mistakes you will need to confirm your PIN. Re-enter your Main PIN prefix, push OK/ENTER, and check that your anti-phishing words are the same as on your backup.

    

    • If you do not recognize your anti-phishing words during this confirmation, you probably entered the Main PIN prefix incorrectly. In that case, tap X/CANCEL to re-confirm your Main PIN prefix.
    • If you continuously get incorrect anti-phishing words, then you may have written down the wrong PIN prefix during PIN creation. You can press X/CANCEL two times to get back to the Main Menu and start these steps over at the beginning of this section.

11. The next step of this process is to confirm your Main PIN suffix. On the Mk4, press OK to move on to the PIN suffix. The Q is ready to enter the suffix without pressing any keys.

12. Enter your Main PIN suffix, and push OK/ENTER. If you entered your PIN suffix correctly, you will be sent to the new Main Menu. You have successfully created your Main PIN!

    

    • If you encounter the following screen, you entered the PIN confirmation incorrectly. You can hit 2 to retry the confirmation process, or press X/CANCEL to get back to the Main Menu and start these steps over at the beginning of this section.

      

Failed PIN Attempts

The COLDCARD tracks each consecutive failed attempt to enter the Main PIN, serving as a guard against brute-force attacks. After 13 failed PIN attempts the COLDCARD will always brick itself, regardless of any other settings. This ensures that in a worst case scenario an attacker only has a total of 13 tries to guess your PIN. The failed attempt counter is reset after the correct Main PIN is entered.

You can customize optional consequences for less failed PIN attempts, which is described below.

Failed PIN Attempt Examples

• After each failed PIN attempt you will receive a warning that will show how many attempts are left before bricking and how many have been tried.

  

• The counter will also be displayed on the next attempt at PIN entry.

  

• If you have many failed attempts you will get a more serious message that now also includes the PIN you are trying to enter. At this point it may be a good idea to take a break before trying again. Check the PIN you entered against your backup.

  

Video: Q: Change PIN Video: Mk4: Change PIN

Change Main PIN

COLDCARD gives you the ability to change the Main PIN of an unlocked device. Your anti-phishing words are based on your PIN, therefore you will also have new anti-phishing words after you change your PIN.

Be sure to create backups of your new Main PIN and your new anti-phishing words.

Do Not Forget Your Main PIN

There is ABSOLUTELY NO WAY to "reset the PIN" or "factory reset" the COLDCARD if you forget the Main PIN. Write it down as a backup.

Steps to Change Main PIN

1. From the Main Menu, go to: Settings > Login Settings > Change Main PIN.

   

2. Read the warning, press OK/ENTER to move on.

   

3. Enter your current Main PIN prefix and hit OK/ENTER.

   

4. Check that the anti-phishing words are correct. On the Mk4, press OK to move on. The Q is ready for the next step without pressing any keys.

   • If the anti-phishing words are not correct, you most likely made a mistake entering your current Main PIN prefix. Push X/CANCEL to try again.

5. Now key in your current Main PIN suffix, and hit OK/ENTER.

   

6. The next step is to choose the new Main PIN prefix. Select between 2 and 6 digits, and write them down as a backup.

7. After your new Main PIN prefix is backed up, type it into your COLDCARD and press OK/ENTER.

   

8. The COLDCARD will generate your new anti-phishing words and show them to you on the screen. Write these down as a backup. You will verify that these words haven't changed each time you use your COLDCARD to ensure your device has not been tampered with.

9. Once your anti-phishing words have been backed up, it's time to move on to creating the new Main PIN suffix. On the Mk4, tap OK to continue. The Q is ready for the PIN suffix without pressing anything.

10. Select a Main PIN suffix between 2 and 6 digits and write it down on your backup.

11. Now that you have chosen your new Main PIN suffix and backed it up, enter it on your COLDCARD. Press OK/ENTER when you're done to begin the confirmation phase.

    

12. To make sure there were no mistakes you will need to confirm your new PIN. Re-enter your new Main PIN prefix, push OK/ENTER, and check that your anti-phishing words are the same as on your backup.

    

    • If you do not recognize your anti-phishing words during this confirmation, you probably entered the new Main PIN prefix incorrectly. In that case, tap X/CANCEL to re-confirm your new Main PIN prefix.
    • If you continuously get incorrect anti-phishing words, then you may have written down the wrong PIN prefix during PIN creation. You can press X/CANCEL two times to get back to the Login Settings Menu, and start these steps over at the beginning of this section.

13. The next step of this process is to confirm your Main PIN suffix. On the Mk4, press OK to move on to the PIN suffix. The Q is ready to enter the suffix without pressing any keys.

14. Enter your new Main PIN suffix, and push OK/ENTER. If you entered your PIN suffix correctly, you will be sent to the Login Settings Menu. You have successfully changed your Main PIN!

    

    • If you encounter the following screen, you entered the PIN confirmation incorrectly. You can hit 2 to retry the confirmation process, or press X/CANCEL to get back to the Login Settings Menu. From there you can start these steps over at the beginning of this section.

      

Trick PINs

Video: Trick PINs Tutorial

COLDCARD has an advanced security feature called Trick PINs. These are decoy PIN codes that are configured to perform specific actions when entered in place of the Main PIN. The COLDCARD can have numerous Trick PINs, each customized for unique security measures.

Trick PINs can be any PIN other than the Main PIN, and when entered are setup to trigger actions like:

• Brick the device
• Wipe the seed
• Access a duress wallet

The Trick PINs Menu can be found by going to: Settings > Login Settings > Trick PINs

Add a New Trick PIN

Adding a new Trick PIN is a simple process that can increase user security significantly. With the ability to set several Trick PINs on each COLDCARD, you can create outcomes that are finely tuned for your lifestyle, and also cover general best practices.

Steps to Add a New Trick PIN

1. From the Trick PINs Menu, choose Add New Trick.

2. You will be presented with a screen to enter the prefix of your new Trick PIN. Enter your preferred Trick PIN prefix and press OK/ENTER.

3. The next screen will show your Trick PINs anti-phishing words. To continue hit OK/ENTER.

4. You will now be asked to enter the suffix of your Trick PIN, do so and push OK/ENTER.

5. The next step will show the Trick PIN you set at the top (0000-0000 in this example) and give you options for what happens when this PIN is entered. These are your choices:

   

Video: Proper COLDCARD Disposal

• Brick Self: The device becomes completely useless, and will only display the word Bricked forever.
• Wipe Seed: Wipe the seed, or pretend to, via one of the following options:
  • Wipe & Reboot: The seed is wiped, and the COLDCARD reboots without any notice.
  • Silent Wipe: The seed is silently wiped, and the COLDCARD acts as if the PIN was just entered incorrectly.
  • Wipe -> Wallet: The seed is silently wiped, and the COLDCARD logs into a duress wallet of your choice. The duress wallet can be 1 of 3 BIP-85 wallets, or a legacy wallet.
  • Say Wiped, Stop: The seed is wiped and the COLDCARD will display a message saying: Seed is wiped, Stop.

Consequences of Wiping Seed Words

Wiping your seed words will result in the loss of access to your Bitcoin, passwords, notes, and settings stored on your device. You can regain access to them by restoring your seed words from backup.

• Duress Wallet: This leads to a duress wallet only, but the COLDCARD acts as if the true Main PIN was entered. The main wallet is not accessible. The duress wallet can be 1 of 3 BIP-85 wallets, or a legacy wallet.

Duress Wallets Derivation Paths

The BIP-85 duress wallet will have a derivation path index of 1001, 1002, or 1003 for wallets 1-3, if you have a 24 word seed. With a 12 word seed, the derivation path will have an index of 2001, 2002, or 2003 for wallets 1-3. Legacy wallets have the fixed derivation path: m/2147431408h/0h/0h. The duress wallet seed will be the same length as the main seed.

New users should opt for one of the three BIP-85 wallets, the legacy wallet should be used for compatibility reasons only.

• Login Countdown: The COLDCARD displays a login countdown timer for one hour, and does one of the following options:
  • Wipe & Countdown: The seed is wiped and then the countdown begins.
  • Countdown & Brick: Does the countdown, and then bricks the device.
  • Just Countdown: Does the countdown, and then resets. The seed is not wiped and the COLDCARD is not bricked.
• Look Blank: The COLDCARD will look and act as if it was just wiped, but will not actually wipe the seed.
• Just Reboot: The COLDCARD will just reboot. Nothing else happens.

• Delta Mode: Delta Mode is designed to defend against attackers that know the specific wallet they're looking for. This information is easy to leak via watch-only wallets on a users computer or phone. This is the most advanced option, and not recommended for novices.

  In Delta Mode the attacker will have access to the main wallet of the COLDCARD, and be able to do most things. However, they will not be able to spend funds from the wallet or view the seed. Attempting to view the seed will wipe it.

  To use Delta Mode the prefix of the Trick PIN must match the true Main PIN. Only the final four digits of the Trick PIN should be different from the true Main PIN.

6. Once you understand your options, select one (and possibly its sub-option) and press OK/ENTER.

Edit an Existing Trick PIN

Once created, existing Trick PINs can be found in the Trick PINs Menu. From there you can hide, delete, or change the Trick PIN. In the case where a Trick PIN is set to open a duress wallet, that wallet can be activated from here.

Steps to Edit Existing Trick PINs

1. To interact with an existing Trick PIN, select the pin you wish to make changes to from the menu and press OK/ENTER.

2. The next screen will show your selected PIN at the top, the action it's set to perform, and some options. These are your choices:

   

   • Activate Wallet: This option is only available if the Trick PIN is set to open a duress wallet. When selected, this will load the trick wallet onto the COLDCARD as a Temporary Seed so you can make transactions with it. To get back to the main wallet, use the Restore Master option from the COLDCARD menu.
   • Hide Trick: Hides the trick from the Trick PIN menu, but will not deactivate it. To restore the trick to the menu, attempt to add the PIN as a new trick.
   • Delete Trick: Deactivates and removes the Trick PIN from the COLDCARD.
   • Change PIN: Changes the PIN of a trick.

3. If you would like to perform any of these actions, select it and press OK/ENTER.

Create Actions for Wrong PIN Attempts

The COLDCARD will always brick after 13 failed PIN attempts, regardless of any other settings. However, you can set actions to occur at any lower number of wrong PIN attempts. This can be setup to wipe the seed phrase, brick the COLDCARD, or just reboot.

Steps to Create Actions for Wrong PIN Attempts

1. In the Trick PIN menu you will select Add If Wrong.

2. Read the explanation and press OK/ENTER.

3. Choose the number of wrong attempts that should trigger your next choice, press OK/ENTER.

4. The next step will show you the number you chose for incorrect attempts at the top, and give you options for what happens after this attempt. These are your choices:

   

• Wipe, Stop: The seed is wiped and the COLDCARD will display a message saying: Seed is wiped, Stop.
• Wipe & Reboot: The seed is wiped, and the COLDCARD reboots without any notice.
• Silent Wipe: The seed is silently wiped, and the COLDCARD acts as if the PIN was just entered incorrectly.

Consequences of Wiping Seed Words

Wiping your seed words will result in the loss of access to your Bitcoin, passwords, notes, and settings stored on your device. You can regain access to them by restoring your seed words from backup.

• Brick Self: The device becomes completely useless, and will only display the word Bricked forever.
• Last Chance: The seed is wiped, and the user is given one more try to get the correct PIN. If the PIN is entered wrong again, the device is bricked.
• Just Reboot: The COLDCARD will just reboot. Nothing else happens.

5. Once you understand your options, select one and press OK/ENTER.

Delete All Trick PINs and Wrong PIN Handling

The final option in the Trick PINs menu is Delete All. Selecting this will delete all of your Trick PINs and special wrong PIN handling.