Settings menu allows you to set your preferences for a number of COLDCARD® functions.
The menu options shown are current as of firmware version 4.1.3.
Most people use their COLDCARD to authorize a transaction and then put it away. Typical usage times are brief. Setting the Idle Timeout to match your expected usage time helps prevent "evil maid attacks" where a device left unattended can be compromised.
The default setting for Idle Timeout is four hours. There are six preset time limits to select, ranging from 2 minutes to 8 hours. You can turn off Idle Timeout by selecting
When the chosen time limit has passed, the screen will display
Cleanup . . . as it logs out. The
Logout Done screen shows after logout and persists until the COLDCARD is turned off.
Login Countdown lets you force a time delay when logging in to a COLDCARD. Once enabled, entering your PIN will bring up the
Wait . . . screen before displaying
Login countdown in effect. Must wait: with the selected delay period counting down.
Your delay choices are:
- 5, 15, or 30 minutes
- 1, 2, 4, 8, 12, 24, or 48 hours
- 3 days
- 1 week
- 28 days later
When the delay period has elapsed, enter your PIN to unlock your COLDCARD.
Plan ahead when selecting long delays. The COLDCARD requires continuous power for the entire delay period. Consider using an AC power source, charging a battery pack, or connecting to an uninterruptible power supply (UPS).
Unlike most of our security features, the secure element does not impose the delay. Bypassing the delay by opening the plastic case and interacting directly with the hardware may be possible. We still consider it a good defence against $5 wrench attacks, as physical attackers are not necessarily technical people.
Max Network Fee#
Transactions signed by a COLDCARD usually include a small network fee. The network fee goes to the miner validating your transaction. Your COLDCARD will refuse to sign transactions with a fee higher than the percentage you set. Typically, network fees are minimal compared to the transaction values. Your COLDCARD will always warn you if the transaction fee exceeds 1% of the output value.
The default hard limit is 10%. You also have the options of 25%, 50%, or no limit. Changing or removing network fee limits does not remove the 1% warning. If the warning appears, you can approve the transaction as usual.
Change Main PIN#
This option changes the PIN you use to unlock your COLDCARD, both prefix and suffix. Your PIN affects your anti-phishing words. Changing your PIN also changes your anti-phishing words.
Change Main PIN displays a warning screen:
Main PIN You will be changing the main PIN used to unlock your Coldcard. It's the one you just used a moment ago to get in here. THERE IS ABSOLUTELY NO WAY TO RECOVER A FORGOTTEN PIN! Write it down. We strongly recommend all PIN codes used be unique between each other.
Changing the Main PIN#
- Press OK (✔) after reading the warning screen.
- Use your current PIN to complete the typical login process.
- Enter your new main PIN prefix and write down your new anti-phishing words.
- Enter your new PIN suffix and repeat the login process with your new main PIN. Your COLDCARD will save and verify the change and return to the
Use this to set the PIN for your duress wallet.
The duress wallet is a personal safety feature: Create a duress wallet and add funds you are willing to lose. If you must reveal a PIN under duress, give the duress PIN instead of your main PIN. To avoid alerting attackers, the COLDCARD will function as usual. Be aware that an attacker with enough technical expertise could detect the difference.
Brick Me PIN#
Using the Brick Me PIN at any prompt will tell the COLDCARD to destroy itself, including stored secrets. It becomes a useless brick.
Please be careful with the brick me PIN. The destruction process is quick and irreversible. You cannot reuse a bricked COLDCARD; discard it as e-waste.
Not to be confused with Login Countdown.
The Countdown PIN menu allows you to
Enable Feature and set a Countdown PIN, set the
Countdown Time, and choose one of three
Brick Mode options when the countdown ends:
Brick- Renders the COLDCARD unrecoverably unusable.
Final PIN- Consumes all but your final PIN attempt. You must enter your pin correctly to avoid bricking your COLDCARD.
Test Mode- Puts the COLDCARD into Test Mode, doesn't damage the device.
Immediately reboots your COLDCARD and starts the normal login process.
Forgotten PIN Code#
This isn't a menu option, but it is necessary to know. If you've forgotten your PIN, we can't help you. Even if you gave us your COLDCARD and we put all our resources into it, we couldn't crack or break the COLDCARD to get the seed out without the PIN. Our design uses a specialized key storage chip. Your wallet secret (usually seed words) is effectively encrypted by the PIN and held in that chip.
This submenu allows you to manage the multisig wallets known to the COLDCARD.
You can give your COLDCARD a personalized name. Once set, it will show this name immediately after turning on your COLDCARD. Just press any key to proceed to the normal login process.
Enabling this feature randomizes the numbers associated with the buttons on the keypad. Cameras and shoulder-surfers watching won't figure out your PIN based on the keys you press.
The scrambled keypad changes for each part of your PIN.
Blank and securely erase input PSBT files when they are no longer needed. While this should prevent MS-DOS tools from undeleting the data, more sophisticated tools may be able to get data from the microSD card.
This feature also renames signed transactions as their hexadecimal transaction ID and saves them as a
.txn file to prevent PSBT information leakage.
New COLDCARD Mk4 menu wraparound settings which allow you to scroll past top and bottom of any menu.
If you plan to operate exclusively in air-gapped mode, you may disable the USB port using this setting. The effect is immediate.
View your funds as
Touch Settings (Mk1 only)#
The number pad uses capacitive touch technology. Adjust the touch sensitivity with this menu. In warm or humid environments, or in cases where you see phantom keypresses, choose
-2 Sensitive (least sensitive). There is
+2 Sensitive for the impatient, which feels quicker and more responsive.
The latest version of the firmware includes five different levels of sensitivity. Please note that less-sensitive modes are a little slower to respond to your touch.
(Removed on Mk2 hardware)
Secondary Wallets (Mk1, Mk2 only)#
In earlier makes of the COLDCARD, there was a concept of a secondary wallet that had most of the features of the main wallet but a separate PIN code and seed words. Due to hardware limitations and security-related changes, we removed this from the Mk3 COLDCARD.
(Removed after Mk2)