Passphrase: Ledger’s Advanced Security Feature

Ledger signers protect you from all kinds of cyber threats. But what if someone is aware about your portfolio or the assets that you store and somehow confront you as a physical threat in the real world? 

This is where Ledger Passphrase comes in. The passphrase is an advanced security feature that takes security on your Ledger signer to a new level.

In essence, it adds an extra word of your own choosing to your already existing secret recovery phrase to unlock a brand-new set of accounts. Let’s take a closer look at how passphrases work, what they do, and some best practices for using one.

Introducing Ledger Passphrase

As you might be aware, your 24-word secret recovery phrase is the backup to all of your crypto assets. It’s absolutely key to store your 24 words securely and to never expose it over a smartphone, computer or other device that can connect to the internet. 

If someone manages to get a hold of your set of 24 words, they can steal all of your cryptocurrencies. But the Ledger Passphrase feature allows you to covertly unlock a whole new account that cannot access the assets on your main Ledger Wallet™ account.

This  is an advanced feature that allows you to add an additional word to your secret recovery phrase. For this reason, it’s also commonly referred to as the 25th word. 

Unlike the regular secret recovery phrase that shows up on your initial device setup, you get to choose the 25th word. There are no limitations for which word you’d like to choose. As a matter of fact, the only limitation is using a maximum of 100 characters. The passphrase is also sensitive to caps and can be composed of numbers and signs as well.

When you use a Ledger Passphrase on top of your usual settings, it will open a brand-new set of accounts on your device. It’s like having two completely different secret recovery phrases.

Why would you want to use a passphrase and have a brand-new set of cryptocurrency addresses, however?

Using a Ledger Passphrase: Key Advantages

Firstly, as the passphrase adds an additional security layer, and using it would mean that someone having your 24-word secret recovery phrase would still not get access to your assets.

One would need your 24-words and your Ledger Passphrase aka your 25th word to access your crypto assets. Think of it like creating a decoy account. If they only have your 24 words, they can only access your regular accounts. This is why the accounts managed with a Ledger Passphrase are often called hidden accounts.

Not only does it create another layer, it also adds more randomness to your backup. Now, the standard 24-word secret recovery phrase is already extremely random and highly secure because there are 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (that’s 115.79 quattuquindecillion) possible combinations; that’s more than the number of stars in the observable universe!

This number is so big that it’s nearly impossible for two people to ever have the same secret recovery phrase by chance.

These words are, however, from a set list known as the BIP39 word list. 

Now, with a 25th word, you are cranking this humongous number of potential combinations to a whole new level. 

Also this introduces a human element to the mix as well. Rather than relying on a set of 24 words, you are adding a random word of your choice.

Although, only using a secret recovery phrase created by a Ledger signer is highly secure as well. Ledger signers have the highest certificate when it comes to the quality of  Ledger’s True Random Number Generator (TRNG) used to create your secret recovery phrase. Lastly, using a passphrase would grant you plausible deniability. Let’s take a closer look at why that could be important.

Plausible Deniability 

Much like with anything of value, there will always be people trying to steal it by any means possible. Unfortunately in the world of crypto, we have seen rare occasions where individuals known to possess wealth in crypto to be the target of physical robbery, kidnapping, and threats. 

The Ledger Passphrase could offer a limited amount of protection for your cryptocurrencies in such an event.

For clarity, plausible deniability is the ability to convincingly deny something, even if it’s not the whole truth. With a passphrase tied to your device, you will always have a way out of a tricky situation, so you can stay in control and avoid getting into trouble, especially when things get tense. 

With a passphrase, you will be able to make someone else think they now have access to your digital assets or your cryptocurrencies.

For example, someone could be putting you under duress to hand out your secret recovery phrase or unlock your Ledger signer. With its usual settings, it would only give access to your regular accounts. Especially if there is a bit of a balance on your regular accounts while the majority of your crypto rests on hidden accounts, this could be pretty convincing in a tough situation. 

To make things even more secure, you could even use multiple hidden accounts with different passphrases. This can be useful if the attacker is aware of the Ledger Passphrase feature.

Ledger signers let you do all of this seamlessly.

Using Passphrases on Ledger’s Next-Gen Devices

Compared to previous gen Ledger signers, using the passphrase feature on a Ledger Flex or Ledger Stax offers distinct advantages due to their larger, more user-friendly Secure Touchscreens. 

These bigger displays make it easier to navigate and manage passphrase entries, reducing the risk of mistakes when entering or setting up your passphrase. 

Smaller screens can sometimes make entering complex passphrases a bit more cumbersome and prone to errors. The larger screens on Ledger Flex and Ledger Stax also enhance overall usability, allowing for clearer, more intuitive interactions and a smoother experience when managing multiple accounts or passphrases. 

Setting Up A Passphrase on Your Ledger Device

Yes, you can! Quite a few other hardware wallets do allow for a passphrase but you may have to enter it on your computer. This leads to your passphrase being vulnerable to online attacks. 

With Ledger, you can enter your passphrase directly on your Ledger signer to enable a hidden account. This would prevent your passphrase from falling into the wrong hands.

Embed video –  How to Set Up Advanced Ledger Passphrase | Official Step-by-Step Guide

Set Temporary Passphrase

You actually have two options for setting up a Passphrase with Ledger. 

One way is to enter it manually on your signer every time you want to access your hidden accounts; this is called the temporary passphrase.

With this option, the passphrase only stays active while your Ledger is powered on. Once the device turns off, it’ll return to accessing your regular accounts. To use your hidden accounts again, you’ll need to re-enter the temporary passphrase.

Suppose you’re traveling or using your Ledger in a shared environment, this is a good option to manage your assets if you’re looking for extra security on a temporary basis. 

However, it’s essential to remember or securely back up your temporary passphrase because Ledger does not store it anywhere. If you lose or forget it, your hidden accounts become inaccessible.

Set A Passphrase Connected To Your Ledger PIN Code

Another option is to link a passphrase of your choosing to a secondary PIN code. 

When you choose this option, you first create a passphrase directly on your Ledger signer. Next, you select a secondary PIN code for your Ledger signer. After this, each time you turn on your signer, you can choose between entering your normal PIN code or your secondary PIN code.

If you enter your secondary PIN code, you’ll gain access to your passphrase-protected accounts.

For example:

• Regular PIN code: 1653 → Normal accounts
• Secondary PIN code: 8530 → Hidden accounts

You can read more about using a Passphrase for your Ledger signer in this article as well.

Best Practices for Ledger Passphrase

A passphrase is considered an advanced feature for a few simple reasons. Firstly, you must remember your passphrase perfectly. Mixing up just a single character would give you access to a completely different set of accounts. Even changing one character from uppercase to lowercase will do this.

If you don’t remember your passphrase character for character, you cannot gain access to the crypto you managed with it. As such, it’s key that you enter it correctly the first time you set it up and remember it perfectly.

Passphrase Complexity

Remember, not all passphrases are equally secure. Longer, more complex passphrases (like those that mix strings of numbers, letters, or symbols) give you stronger protection for your accounts.

Your Ledger Passphrase can be as long as 100 characters and you can choose whether you want to use capitalized characters, numbers and/or signs. 

Ideally, treat it like a password where you try to make it as complex as possible and not use words directly.

For example:

• Passphrase 1: password → Very insecure due to short length, no random characters or caps.
• Passphrase 2: IReallyLikeMyBitcoins → A bit more secure: longer and uses caps, but still uses common English words and no numbers or signs. 
• Passphrase 3: H05!xp4e2i6dAnV?esRjfap953nxZprsi495nAASF5n,!f01.?d → Even more secure: lengthy, wide mix of caps, numbers and signs and does not use actual words. 

While Passphrase 3 can be seen as the most secure of the bunch, it’s also extremely hard to remember. For best practice, it is recommended to use a passphrase that is equally complex and memorable to you. 

You could make it a form of cryptographic puzzle. For example: Iret3LSDtUBgm! concerns the first letters and special characters/numbers of the sentence “I really enjoy the 3 Ledger Stax Devices that Uncle Bob gave me!”.

We would like to stress that your Passphrase is sensitive information. As such, we recommend treating it with the same kind of care as you would treat your secret Recovery Phrase:

• Never share your Passphrase with anyone, Ledger will never ask for this
• Never enter your Passphrase on a computer, smartphone, or other internet-connected device

You can read more on these best practices here.

Keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video 3 Ways to Earn Passive Income from Crypto.

Frequently Asked Questions About Passphrase

What’s the difference between a password and a passphrase?

A password is short and often used for single accounts, while a passphrase is longer and more complex, offering better security due to its length and variation of characters, numbers, and symbols.

What happens if I forget my Ledger Passphrase?

If you forget your passphrase, access to the associated hidden wallet is permanently lost, as Ledger does not store or back up passphrases. It’s crucial to store your passphrase securely and ensure you can recall it accurately. 

Can I add a passphrase to an existing Ledger device?

Yes, you can add a passphrase to an already set-up Ledger signer. This will create a new set of accounts linked to the passphrase, separate from your original accounts. Ensure you securely store the new passphrase, as it will not be recoverable if lost.

Can my passphrase be guessed or cracked?

A passphrase is much harder to crack than a regular password because of its length and complexity, especially when used with secure signers like Ledger’s Flex or Stax, adding multiple layers of protection.

The Shift: From Hardware Wallet to signer 

Crypto may have begun as a bold experiment, but adoption has grown as the technology and user experience have rapidly evolved; the language used to describe it, has however, stayed stuck in its infancy.

We called our devices “hardware wallets,” mislabelling the role of secure hardware, and obfuscating the role of software (Ledger Live). Along the way, users were left behind.

People believed:

• That value was stored on the device (it isn’t).
• That if you lose the device, you lose your assets (you don’t).
• That the device itself was the endgame (it’s not).
• That those 24 words were a burden only tech-savvy users could manage (not true anymore).

These are more than misconceptions. They are adoption blockers. So at Ledger, we believe that clarity is essential for the next stage of adoption

We’re changing how we speak about our products. And by doing so, we’re changing how people understand digital ownership itself.

Hardware wallets  → signers

Ledger devices don’t store value. They sign transactions. They prove intent. They verify identity. They’re not vaults, they’re the secure bridge between who you are and what you do online. They don’t just hold keys. They empower you to trust yourself.

We call them signers now, because that’s what they truly are.

In a world where AI grows more powerful every day, proof of humanity matters more than ever. A signer is more than a security device, it’s your cryptographic proof of you. It gives you a secure foundation to own, authorize, and protect your digital life without relying on anyone else. From sending a transaction to signing a contract or verifying your credentials, your signer  ensures you, and only, can provide digital consent – proof of you.Together, signer and Ledger Wallet redefine what digital ownership looks like, clear, secure, and free from compromise.