Passphrase: Ledger’s Advanced Security Feature

Ledger devices protect you from all kinds of cyber threats. But what if someone is aware about your portfolio or the assets that you store and somehow confront you as a physical threat in the real world? 

This is where Ledger Passphrase comes in. The passphrase is an advanced security feature that takes security on your Ledger device to a new level. . 

In essence, it adds an extra word of your own choosing to your already existing recovery phrase to unlock a brand-new set of accounts. Let’s take a closer look at how passphrases work, what they do, and some best practices for using one.

Introducing Ledger Passphrase

As you might be aware, your 24-word recovery phrase is the backup to all of your crypto assets. It’s absolutely key to store your 24 words securely and to never expose it over a smartphone, computer or other device that can connect to the internet. 

If someone manages to get a hold of your set of 24 words, they can steal all of your cryptocurrencies. But the Ledger Passphrase feature allows you to covertly unlock a whole new account that cannot access the assets on your main Ledger Live account.

This  is an advanced feature that allows you to add an additional word to your recovery phrase. For this reason, it’s also commonly referred to as the 25th word. 

Unlike the regular recovery phrase that shows up on your initial device setup, you get to choose the 25th word. There are no limitations for which word you’d like to choose. As a matter of fact, the only limitation is using a maximum of 100 characters. The passphrase is also sensitive to caps and can be composed of numbers and signs as well.

When you use a Ledger Passphrase on top of your usual settings, it will open a brand-new set of accounts on your device. It’s like having two completely different recovery phrases.

Why would you want to use a passphrase and have a brand-new set of cryptocurrency addresses, however?

Using a Ledger Passphrase: Key Advantages

Firstly, as the passphrase adds an additional security layer, and using it would mean that someone having your 24-word recovery phrase would still not get access to your assets.

One would need your 24-words and your Ledger Passphrase aka your 25th word to access your crypto assets. Think of it like creating a decoy account. If they only have your 24 words, they can only access your regular accounts. This is why the accounts managed with a Ledger Passphrase are often called hidden accounts.

Not only does it create another layer, it also adds more randomness to your backup. Now, the standard 24-word recovery phrase is already extremely random and highly secure because there are 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (that’s 115.79 quattuquindecillion) possible combinations; that’s more than the number of stars in the observable universe!

This number is so big that it’s nearly impossible for two people to ever have the same recovery phrase by chance.

These words are, however, from a set list known as the BIP39 word list. 

Now, with a 25th word, you are cranking this humongous number of potential combinations to a whole new level. 

Also this introduces a human element to the mix as well. Rather than relying on a set of 24 words, you are adding a random word of your choice.

Although, only using a recovery phrase created by a Ledger device is highly secure as well. Ledger devices have the highest certificate when it comes to the quality of  Ledger’s True Random Number Generator (TRNG) used to create your recovery phrase. Lastly, using a passphrase would grant you plausible deniability. Let’s take a closer look at why that could be important.

Plausible Deniability 

Much like with anything of value, there will always be people trying to steal it by any means possible. Unfortunately in the world of crypto, we have seen rare occasions where individuals known to possess wealth in crypto to be the target of physical robbery, kidnapping, and threats. 

The Ledger Passphrase could offer a limited amount of protection for your cryptocurrencies in such an event.

For clarity, plausible deniability is the ability to convincingly deny something, even if it’s not the whole truth. With a passphrase tied to your device, you will always have a way out of a tricky situation, so you can stay in control and avoid getting into trouble, especially when things get tense. 

With a passphrase, you will be able to make someone else think they now have access to your digital assets or your cryptocurrencies.

For example, someone could be putting you under duress to hand out your recovery phrase or unlock your Ledger device. With its usual settings, it would only give access to your regular accounts. Especially if there is a bit of a balance on your regular accounts while the majority of your crypto rests on hidden accounts, this could be pretty convincing in a tough situation. 

To make things even more secure, you could even use multiple hidden accounts with different passphrases. This can be useful if the attacker is aware of the Ledger Passphrase feature.

Ledger devices let you do all of this seamlessly. 

Using Passphrases on Ledger’s Next-Gen Devices

Compared to previous gen Ledger devices, using the passphrase feature on a Ledger Flex or Ledger Stax offers distinct advantages due to their larger, more user-friendly Secure Touchscreens. 

These bigger displays make it easier to navigate and manage passphrase entries, reducing the risk of mistakes when entering or setting up your passphrase. 

Smaller screens can sometimes make entering complex passphrases a bit more cumbersome and prone to errors. The larger screens on Ledger Flex and Ledger Stax also enhance overall usability, allowing for clearer, more intuitive interactions and a smoother experience when managing multiple accounts or passphrases. 

Setting Up A Passphrase on Your Ledger Device

Yes, you can! Quite a few other hardware wallets do allow for a passphrase but you may have to enter it on your computer. This leads to your passphrase being vulnerable to online attacks. 

With Ledger, you can enter your passphrase directly on your Ledger device to enable a hidden account. This would prevent your passphrase from falling into the wrong hands.

Embed video –  How to Set Up Advanced Ledger Passphrase | Official Step-by-Step Guide

Set Temporary Passphrase

You actually have two options for setting up a Passphrase with Ledger. 

One way is to enter it manually on your device every time you want to access your hidden accounts; this is called the temporary passphrase.

With this option, the passphrase only stays active while your Ledger is powered on. Once the device turns off, it’ll return to accessing your regular accounts. To use your hidden accounts again, you’ll need to re-enter the temporary passphrase.

Suppose you’re traveling or using your Ledger in a shared environment, this is a good option to manage your assets if you’re looking for extra security on a temporary basis. 

However, it’s essential to remember or securely back up your temporary passphrase because Ledger does not store it anywhere. If you lose or forget it, your hidden accounts become inaccessible.

Set A Passphrase Connected To Your Ledger PIN Code

Another option is to link a passphrase of your choosing to a secondary PIN code. 

When you choose this option, you first create a passphrase directly on your Ledger device. Next, you select a secondary PIN code for your Ledger device. After this, each time you turn on your device, you can choose between entering your normal PIN code or your secondary PIN code.

If you enter your secondary PIN code, you’ll gain access to your passphrase-protected accounts.

For example:

• Regular PIN code: 1653 → Normal accounts
• Secondary PIN code: 8530 → Hidden accounts

You can read more about using a Passphrase for your Ledger device in this article as well.

Best Practices for Ledger Passphrase

A passphrase is considered an advanced feature for a few simple reasons. Firstly, you must remember your passphrase perfectly. Mixing up just a single character would give you access to a completely different set of accounts. Even changing one character from uppercase to lowercase will do this.

If you don’t remember your passphrase character for character, you cannot gain access to the crypto you managed with it. As such, it’s key that you enter it correctly the first time you set it up and remember it perfectly.

Passphrase Complexity

Remember, not all passphrases are equally secure. Longer, more complex passphrases (like those that mix strings of numbers, letters, or symbols) give you stronger protection for your accounts.

Your Ledger Passphrase can be as long as 100 characters and you can choose whether you want to use capitalized characters, numbers and/or signs. 

Ideally, treat it like a password where you try to make it as complex as possible and not use words directly.

For example:

• Passphrase 1: password → Very insecure due to short length, no random characters or caps.
• Passphrase 2: IReallyLikeMyBitcoins → A bit more secure: longer and uses caps, but still uses common English words and no numbers or signs. 
• Passphrase 3: H05!xp4e2i6dAnV?esRjfap953nxZprsi495nAASF5n,!f01.?d → Even more secure: lengthy, wide mix of caps, numbers and signs and does not use actual words. 

While Passphrase 3 can be seen as the most secure of the bunch, it’s also extremely hard to remember. For best practice, it is recommended to use a passphrase that is equally complex and memorable to you. 

You could make it a form of cryptographic puzzle. For example: Iret3LSDtUBgm! concerns the first letters and special characters/numbers of the sentence “I really enjoy the 3 Ledger Stax Devices that Uncle Bob gave me!”.

We would like to stress that your Passphrase is sensitive information. As such, we recommend treating it with the same kind of care as you would treat your Recovery Phrase:

• Never share your Passphrase with anyone, Ledger will never ask for this
• Never enter your Passphrase on a computer, smartphone, or other internet-connected device

You can read more on these best practices here.

Keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video 3 Ways to Earn Passive Income from Crypto.

Frequently Asked Questions About Passphrase

What’s the difference between a password and a passphrase?

A password is short and often used for single accounts, while a passphrase is longer and more complex, offering better security due to its length and variation of characters, numbers, and symbols.

What happens if I forget my Ledger Passphrase?

If you forget your passphrase, access to the associated hidden wallet is permanently lost, as Ledger does not store or back up passphrases. It’s crucial to store your passphrase securely and ensure you can recall it accurately. 

Can I add a passphrase to an existing Ledger device?

Yes, you can add a passphrase to an already set-up Ledger device. This will create a new set of accounts linked to the passphrase, separate from your original accounts. Ensure you securely store the new passphrase, as it will not be recoverable if lost.

Can my passphrase be guessed or cracked?

A passphrase is much harder to crack than a regular password because of its length and complexity, especially when used with secure devices like Ledger’s Flex or Stax, adding multiple layers of protection.