ShopA Bitcoin "passphrase" is an optional word or phrase that can be added to a seed phrase during key derivation. A 24 word seed phrase combined with any passphrase produces an entirely different set of keys and a completely separate wallet.
The passphrase is sometimes called the "25th word," though it can be any word, phrase, or string of characters. If used, it becomes a consequential part of your security, as a forgotten passphrase causes permanent, unrecoverable loss of the passphrase-protected wallet.
If you want to understand the seed phrase before adding a passphrase to it, What is a Bitcoin Seed Phrase? covers the foundation. How to Store Your Seed Phrase covers the backup implications when a passphrase is in use.
What is a Bitcoin Passphrase and How Does It Work?
The passphrase is not a PIN and it is not stored on the hardware device. It is a cryptographic input combined with the seed phrase during key generation using a function called PBKDF2, producing a 512-bit master seed.
If you change the passphrase, the master seed changes completely, resulting in a wallet that shares no connection to the one produced by the same seed phrase without the passphrase.
The same 24 words produce a different wallet for every distinct passphrase, and the same 24 words with no passphrase also produce a valid wallet. There is no "wrong" passphrase, as any input, including an empty one, produces a valid wallet with its own set of keys and addresses.
Each time the device is unlocked, the passphrase must be entered to access the passphrase-protected wallet. If it is not entered, the device loads the seed-only wallet instead. Losing the passphrase means losing access to the passphrase-protected wallet permanently, not the seed-only wallet.
A seed phrase restored into wallet software without the corresponding passphrase will appear as an empty wallet or generate unfamiliar addresses. How Bitcoin Derivation Paths Work covers the key derivation process in more detail.
Why Would I Use a Passphrase?
There are a few reasons to add a passphrase.
-
Protection against seed backup theft. If the seed phrase backup is found, stolen, or exposed in some manner, the passphrase-protected funds remain inaccessible. The attacker needs both the seed phrase and the passphrase to take the funds. The passphrase is stored separately, offline, and at a location the attacker does not have. Without it, the discovered seed phrase opens only the seed-only wallet, which may hold a small balance or nothing at all. This is the primary security use case.
-
Plausible deniability. The seed-only wallet is a fully functional wallet. A holder under physical coercion can reveal the 24 words and the seed-only wallet, which holds a plausible small balance. The passphrase-protected wallet with the main holdings remains unknown. Coldcard's implementation allows both wallets to be accessible from the same device: the passphrase wallet when the passphrase is entered, the seed-only wallet when it is not. This overlaps with the duress wallet concept covered in Seed Phrase Storage and Physical Security.
-
Anti-extraction protection. The passphrase is not stored on the hardware device. Even if the device's seed storage is physically extracted through a voltage glitch attack (an attack vector on some hardware devices), the passphrase cannot be extracted because it was never stored there. The passphrase adds a protection layer that survives physical device compromise.
The primary motivation for most users is seed backup theft protection. The plausible deniability benefit requires maintaining a credible balance in the seed-only wallet, which adds an ongoing management task.
What Are the Risks of a Passphrase?
A forgotten or lost passphrase causes permanent, unrecoverable loss of every bitcoin held in the passphrase-protected wallet. There is no reset, no recovery mechanism, and no exception.
This differs from other backup failures. A lost hardware device is recoverable from the seed phrase, and a damaged seed phrase backup is recoverable from a second copy, but a forgotten passphrase is not recoverable from anything.
The passphrase therefore creates a second critical backup item. It must be backed up on durable physical media (such as steel), maintained with the same care as the seed phrase backup, and stored at a different location. Storing the passphrase backup and the seed phrase backup together reduces the security benefit, because an attacker who finds both gains full access.
This added complexity carries its own risk. The passphrase adds a step to every wallet interaction. It adds an item to every future recovery and an element to the inheritance plan as well. Users who are not confident they will manage the passphrase backup correctly and keep it updated are better served by a strong physical backup and storage system without one.
Inheritance is perhaps the most commonly overlooked risk. Heirs who do not know the passphrase exists cannot access the passphrase-protected funds, even with the seed phrase, the hardware device, and written recovery instructions. They may successfully recover the seed-only wallet, only to find no associated bitcoin and assume the funds are gone. The passphrase must be included in the inheritance plan to ensure the actual funds are recoverable. Bitcoin Inheritance Planning covers how to structure that.
How Should I Use a Passphrase Safely?
If you decide to use a passphrase, four practices determine whether it adds security or creates a new point of failure.
-
Enter the passphrase on the hardware device, not the host computer. Typing a passphrase on a keyboard connected to a computer exposes it to keyloggers and screen-capture malware. Hardware wallets with on-device passphrase entry, including Coldcard, allow the passphrase to be typed directly on the device keypad.
-
Back up the passphrase on durable physical media at a separate location from the seed phrase. Apply the same durability standard as the seed phrase backup, with metal as the preferred option for long-term storage. Keep the passphrase backup at a different physical location from the seed phrase backup. If both are found together, the passphrase provides no additional protection.
-
Verify the passphrase wallet after creation. Before depositing significant funds, confirm that the seed phrase combined with the passphrase generates the intended wallet and the expected receive address. An error in the passphrase during setup, never caught, means depositing into a wallet that cannot be recovered from the backup as written.
-
Include the passphrase in the inheritance plan. The passphrase backup location, and instructions for using it in combination with the seed phrase, must be part of the inheritance documentation. A trusted person who helps heirs with recovery must know the passphrase exists.
If the added complexity creates maintenance risk, the base seed phrase backup system without a passphrase remains a strong, well-understood approach. Common Bitcoin Backup Mistakes covers the most frequent errors in passphrase management.
Related articles
What is a Bitcoin Seed Phrase?
The sequence of 12 or 24 words that generates every key in a Bitcoin wallet, and the foundation the passphrase builds on.
How to Store Your Seed Phrase
The complete backup system, including the implications of adding a passphrase to the backup model.
What is a Bitcoin Private Key?
How private keys are derived and how the passphrase affects that derivation.
Common Bitcoin Backup Mistakes
The most consequential passphrase errors and how to avoid them.