Adding an additional layer of security to your Bitcoin wallet seems like an idea without any downsides. In the past, we noticed that some of our users would add an additional passphrase to their wallet within the BitBoxApp settings and activate the feature without completely understanding how it works. This could easily lead to a loss in funds.
This discovery led us to implement a brief explanation of how an optional passphrase works in the past BitBoxApp Planura update, which is displayed during the activation of the feature in the BitBoxApp. In this article, we are going to dive into a bit more detail and shed light on the benefits and risks that come with using a passphrase.
What is an optional passphrase?
Contrary to what its name suggests, a passphrase is not just another password for your hardware wallet. Instead, it is an additional secret to the recovery words (also called “seed phrase”) used to derive your private keys.
Modern wallets like the BitBox02 can generate a seemingly never-ending amount of new receive addresses from a single master secret. This secret is usually backed up using 24 words. When you unlock the hardware wallet, all your addresses (including the corresponding private and public keys) are derived again by the wallet by applying a standardized algorithm to your master secret.
To find out more information about how bitcoin addresses are created, check out our blog post on the topic.
An optional passphrase extends this master secret that goes into this standardized algorithm. This means that a passphrase is not a “password” for your hardware wallet, but rather an essential “part” of your master secret, which is represented by your 24 recovery words. Your recovery words will be useless if you do not also have your passphrase.
This is a powerful feature, but also dangerous. Because the passphrase changes the master secret, from which your wallet is derived, every passphrase is a valid passphrase. The wallet is not able to tell if you entered a wrong passphrase with a typo because there are no wrong passphrases.
As every passphrase leads to a different wallet, you need to know your exact passphrase to access your funds again. If you enter a different passphrase (willingly or by mistake), you’ll simply find yourself in an empty wallet.
What are the benefits of an optional passphrase?
Distributed backups
Using a passphrase with your recovery words or microSD card backup makes it possible to distribute your backup in two different locations. This means that even if somebody breaks into your house and steals your backup, they cannot necessarily steal your coins because your passphrase is stored in another location.
For this to work, your passphrase must be complex. Otherwise, it can be cracked using brute force. A common recommendation is to use 12 random uppercase and lowercase letters and numbers.
Duress wallets
Because you can have multiple passphrases and different passphrases unlock different wallets, you can use the passphrase functionality of the BitBox02 as a duress wallet. By putting some coins in a wallet with passphrase B, you could fool an attacker into thinking that this is your main wallet. In case of a “$5 wrench attack”, instead of typing in your passphrase A (which leads to your main wallet), you type in passphrase B, which leads to your duress wallet.
Physical security
In the unlikely event that a flaw in your hardware wallet is found, which allows someone with physical access to extract your private keys from the device, requiring one additional secret that’s not stored on the device could potentially increase your security.
Even though the BitBox02 architecture makes this extremely unlikely, this attack is very much possible on other hardware wallets.
What are the risks?
Forgetting your passphrase
If you have a sufficiently secure passphrase (which is not bruteforce-able) and you forget it or lose it - you will not be able to recover your wallet and lose access to your funds.
It’s easy to assume that this only happens to “other people”, but the BitBox02 support team can attest that confusion about the passphrase is quite a common issue.
Short passphrases might be recoverable, though this process can only be done by advanced users who are familiar with command line tools. It also compromises the security of your wallet, as you will be required to enter your recovery words on a computer.
Mistyping your passphrase
When you create a new wallet using a new passphrase, you might have made a typo and still generate a new and empty wallet. This is especially easy since passphrases are case-sensitive and don’t notify you if you make a mistake. Since the wallet is new, you will be expecting a zero balance - something that would usually indicate a typo in your previously used passphrase. You create an address and receive a transaction. When you try to open your wallet again you will find it empty, since you did not enter the passphrase with the same typo again.
To mitigate typos in your passphrase, the BitBox02 display once again shows your passphrase after you have entered it.
Conclusion
An optional passphrase can be a powerful tool to increase your security, but at the same time, it can drastically increase the chances of you losing your coins. As the BitBox02 architecture already includes features that protect the device physically, the benefits of using a passphrase are limited.
If you think about using such an advanced feature, make sure you understand all aspects of it and keep a safe backup of both your recovery words and your passphrase.
Do I need to use an optional passphrase?
You do not necessarily need to use an optional passphrase. If you use a hardware wallet that includes physical protection, such as a secure element, there are only limited benefits of using a passphrase.
Can I reset or change my optional passphrase?
Since the passphrase is used to derive your bitcoin addresses, you cannot change or reset it. If you would like to use a different one, you will have to send your coins from the old passphrase wallet to the new one.
Can I recover my wallet without the passphrase?
If you used an optional passphrase for your wallet, you will need to use the exact passphrase again to recover your wallet. In that case, keeping a copy of your passphrase is just as important as keeping one of your seed words.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.