Recovery Seed, Passphrase. PIN and Password. These are basic security features used by cryptocurrency wallets. If you are new to Bitcoin and crypto space then all of these terms might sound scary.
It can get confusing for new Bitcoiners who are setting up their wallet for the first time. Many new users keep thinking what happens if I lose my seed phrase? What is a passphrase and what goes wrong if I lose it? And what is the difference between seed phrase and passphrase?. Many are using passphrase without knowing that they are using one. Often they confuse this with password. Then there is the PIN if you are using hardware wallets. With so many things to remember it can get quite complicated until you get your head around it.
Being your own bank is hard and is not for everyone. With that said, anyone can learn and understand what these things are and where they fit in terms of security, backups, etc.
When it comes to your crypto wallet you got your seed phrase, passphrase, pin and password. To better understand how to secure your crypto assets you need to learn the difference between seed phrase, passphrase and PIN. What are they & how they keep your crypto wallet secure?
Here in this post we’ll explain how each of them are different. Which one is the most important that is which ones you really need to secure and how important they are in terms of backup. The following information is valid for hardware wallets, mobile, desktop software wallets and most online wallets.
Recovery Seed, Passphrase, PIN and Wallet Password
Bitcoin seed words, passphrase & PIN code: What’s the difference between them? Here’s a short TLDR Summary: to help you quickly understand the differences. How they used in practice and how they work together to keep your crypto assets secure. This concept applies to both software and hardware wallets. Basically all of the self-custody wallets such as Ledger Nano, Trezor, Coldcard, Keepkey, Electrum, Metamask, MyEtherWallet etc.
1. Seed Phrase (Also known as Recovery Phrase, Mnemonic Seed, Backup Recovery Sentence). Most critical part of your crypto wallet. All your accounts / addresses and private keys of all coins are derived from your recovery seed. So its at most important that you backup your seed phrase. Only offline physical backups. Write it on paper or engrave it on a steel plate. Have two or more backups securely stored in different locations. No one except you should have access.
2. Passphrase (Also known as Wallet Seed Extension. 25thword protection or Extra word). This is optional advanced security feature. You can enable it and use passphrase on top of your recovery phrase to unlock hidden wallets. Passphrases adds extra layer of encryption to your wallet and protects your seed phrase from physical attack.
If you are using Passphrase then it is at-most important that you backup that as well. Write in a paper or you can even use password manager for this. But do not store where you keep your seed phrase. Keep it separate from the seed phrase backup.
3. PIN: Only applicable for those who are using hardware wallets and mobile wallet. It is only specific to your device. PIN only keeps your device safe from unauthorized access. You need to enter PIN to access your device or mobile wallet.
Not so important to backup. Because it has nothing to do with your wallet accounts or address. Just keep in mind and if you forget it you can just wipe the device and restore device using recovery phrase. While its less important, you still don’t want a thief, or someone to have it or know it. It gives them access to transfer assets from your hardware wallet.
4. Wallet Password: It is the least important of all and it only applies to specific wallet types. For example Ledger Live, Electrum etc. Password is only used to unlock the software wallet interface and it prevents someone from opening the software. This protects your privacy. This is when you are using hardware wallet. However if you are only using software wallet such as electrum then password acts like hardware wallet PIN. Anybody with access to your wallet file and password can access your Bitcoin.
To understand all of this better let’s start from the basics.
Paper wallet, private keys, key store files
Alright! You setup a Bitcoin wallet and the wallet displays your Bitcoin address. You can share the address with anyone to receive BTC or you can transfer BTC on your own to your address. Once the Bitcoin is received your wallet shows the balance. You might think that your wallet holds the funds, but in fact the funds are in Bitcoin blockchain. Your wallet only holds the private key of that particular address which allows you to spend coins.
Back then before hardware wallets; Bitcoiners were using paper wallet as cold storage. Paper wallets generate a single private key and a public address. Users who use such wallets have to copy both the public address and private keys safely. You see private keys is basically a long string of random characters which allow the user to send or spend Bitcoin, Ethereum, or other crypto from the address they own.
Now think of securing the private key for each and every address for every coins they own. It can get complicated and many users misplaced the private keys losing access to their crypto permanently. There are security issues and also privacy concerns if you are only using one address for all the transactions. There are many risks with paper wallets and they are no longer used Today.
Wallets such as Bitcoin core existed from early days of Bitcoin and it is still the preferred wallet for most OG Bitcoiners. Bitcoin core wallet client unlike paper wallet generates and manages 100s of Bitcoin addresses. To backup core wallet all one need to do is backup the wallet.dat file which is similar to the key store file used by many online wallets. The problem is the file can get corrupt or the user might misplace the file leading to loss of Bitcoin.
Now .dat files, key store files, and copy pasting private key to backup wallet are rarely used. Thanks to mnemonic codes or recovery seed that introduced an effective way for wallet backups.
What’s the difference between a recovery phrase and a private key? Private key is what allows you to spend coins from the corresponding address. But users no longer have to backup the private keys individually because they’re now algorithmically being derived from a single seed phrase which is human readable and easy to remember. The recovery seed phrase now gives you access to your wallet and controls all the private keys within the wallet.
Recovery Phrase – Seed Phrase, Mnemonic Backup
What is a recovery phrase? A recovery phrase also sometimes called as mnemonic code or seed phrase is a series of words generated by your crypto wallet. This is usually 12, 18 or 24 words long and is given to you when you setup wallet for the first time.
This string of 12 to 24 words is literally the key to all of your accounts and it gives access to all the crypto associated with that wallet. The 12, 18 or 24 words are easy to read, easy to transcribe and easy to store version of your wallet. This is the master key from which all private keys for every coins / tokens and every address / accounts on your wallet is derived from. So it is the single most important thing that you need to secure.
Think of your crypto wallet as a password manager. Wallet manages all your private keys for multiple coins whereas your password manager manages all your password for multiple websites. Now recovery phrase is like the master password. Anyone gaining access to your recovery phrase can have access to all of your cryptocurrency and can wipe out your account entirely.
It’s very important that you keep your recovery phrase secure and private at all times. Anyone who obtains this don’t need the wallet file or your hardware wallet device. They can easily clone your accounts on their own device (or software wallet) and spend your funds. Recovery phrase or seed phrases uses BIP39 standard and they are compatible across multiple wallets and multiple devices.
The recovery phrase idea was widely adopted in crypto space after 2013’s Bitcoin Improvement Proposal 39 (BIP39). This established the standard for HD wallet (Hierarchical Deterministic wallet) which most wallets are now. Most HD and hardware wallets uses your 12 or 24 word seed to deterministically generate millions of addresses for potentially unlimited coin types.
When you first set up your Bitcoin wallet or crypto wallet whether it is software wallet or hardware device; the wallet generates the seed words for you. It generates a string of simple words, represented as a series of 12 or 24 words which is your recovery phrase and you need to write it down in exact order. Recovery seed is of utmost importance that you keep this list of words secret and safe. It is your only backup!
Wallet uses your recovery phrase to algorithmically generate private keys which allow you to spend your crypto. The recovery phrase that is a series of 12 to 24 words are human readable and all follow bip39 standard. Check out this BIP39 English word-list. Each word from your 12 to 24 recovery phrase is pulled from this list of 2,048 simple words.
These words are uniquely and securely generated by your wallet, when you first set it up. You can also manually generate your own seed words from the list of 2048 words.
The seed words are not to be remembered, but rather should be stored safely. If your hardware device is lost or broke or if you lost access to your software wallet then you’ll need this recovery phrase to restore your wallet accounts. All you have to do is enter the list of 12 or 24 words of your seed in exact order as shown originally. For this you can use any Bitcoin wallet or crypto wallet that supports the BIP39 standard.
Check out the list of BIP39 wallets to know more.
Seed phrase – Do’s & Don’ts
1. First create a wallet and write down your recovery phrase. Make sure you have all the words spelled correctly and in the right order. It’s your key to unlocking your wallet in the future. If you lose this you lose your crypto so keep it somewhere safe and sound.
Never store your seed phrase online. Do not enter it into any online applications. Never take a photo copy of it. Do not store it in cloud drive. Do not email and never type it in any computer. Never give anyone your seed phrase even if someone claims to be a support person helping you with your wallet. This is a common scam. Lastly don’t ever lose it.
2. Next reset the hardware device or delete your software wallet and wipe the wallet completely. After deleting the entire wallet test the recovery process.
3. Try to restore the wallet from your recovery phrase which you backed up. If you are using hardware wallet then enter it directly into the device. Here is a guide to restore Ledger device from recovery phrase.
You need to do this before sending any assets to your newly created wallet. Only if the recovery process is successful you need to transfer funds. You don’t want to have funds in wallet that you can’t restore in the future. If you are using the wallet already then here is how to test Trezor seed backup and here is how to check mnemonic seed on Ledger.
Remember there is no way to recover your seed phrase. Like email you don’t have “Forget my seed phrase” option. You can look at your coins all day and watch it grow in value, but that is all you’ll be able to do without your recovery phrase backup.
Tip: Recommend laminating your paper backup to make it water resistant. Or use a metal backup to make your recovery phrase both fire and water proof.
Note: Even after restoring your seed into your new device if you can’t find your funds then your derivation path of your wallet might be different from the original one you were using. Here you can find the supported derivation path of all major Bitcoin wallets: https://walletsrecovery.org/. Or you could be using a passphrase protected hidden wallet which needs your passphrase to access.
Passphrase – 25th Word, Seed Extension
A wallet can only handle one seed at a time. The 12 or 24-word recovery phrase which is generated during the initial setup is securely saved in your device / wallet. It fully backups up the private keys providing access to your accounts. Now what if you want to have a new set of accounts / addresses?
You can erase the current one and generate a new seed. But keeping track of multiple 12 to 24 word seed words and managing them can get more and more difficult. By accident if you misplace a single seed then you’ll lose portion of your assets stored in that wallet. Also you might be running out of places to hide your seed word. In real its difficult to keep track of which seed words holds what. But what if you can have multiple wallet accounts from single seed. This is where passphrase comes in.
Passphrases also referred to as “seed extension”, “25th word”, “extension phrase”, or “13th word” if you are using 12 word seed. Passphrase can be a single word or a phrase that is added next to your 12 or 24 word recovery phrase which creates whole new set of accounts. We’ve already explained how to setup passphrase on Ledger Nano and passphrase on Trezor hardware wallet. Both the posts clearly explains how passphrases work, what benefits they offer and how to properly use them. Anyways here it is again.
By default the passphrase feature is not enabled and your wallet uses a blank passphrase. Passphrase is like having 2fa (2 factor authentication) for your recovery phrase. It is an optional and advanced security feature that allows you to create brand new wallet accounts by just adding an additional word or a phrase next to your seed.
A passphrase can be a single word, set of letters / numbers or even a sentence and they are case sensitive (spaces count too). Once you enable and use passphrase all of the key pairs and address will be generated from recovery seed + passphrase combination. Adding a passphrase generates an entirely new set of accounts / address for every coins. So if you are using passphrase then it also becomes an essential component to your seed. With just your seed backup and without the passphrase you’ll not be able to access your hidden wallet.
Difference between recovery seed and passphrase
What is the difference between wallet seed and wallet passphrase? A passphrase is different from your 12 or 24 word seed phrase. The 24-word mnemonic is generated by your wallet and is equivalent as a 256-bit entropy value. Whereas the optional passphrase is an arbitrary string that is set by you. The combination of the 24-word mnemonic seed and your passphrase generates a 512-bit seed. All your accounts, addresses and the corresponding private keys are derived from this 512-bit seed.
Passphrase is part of BIP39 standard and is supported by all BIP39 wallets. It can be almost anything. Supports A-Z, a-z, 0-9 and even special characters I.e. ASCII characters. Each passphrase that you add to the end of your seed will generate a new wallet.
- Seed A = Wallet 1 = Standard Wallet
- Seed A + Passphrase B = Wallet 2 = Hidden Wallet 1
- Seed A + Passphrase C = Wallet 3 = Hidden Wallet 2
- Seed A + Passphrase D = Wallet 4 = Hidden Wallet 3
So basically you can have as many wallets with just one seed.
Things to note:
Passphrase is an optional feature that adds extra layer of security to your seed phrase and restricts access to your wallet. It adds an extra authentication to your wallet. It can act as a hidden wallet. Using multiple passphrase you can generate multiple wallets from the same seed which is useful for categorization, privacy and it also come in handy defense against physical attack.
Using passphrase you can enable a range of security setups that meets your personal situation. But do not over complicate things. Unless you understand how passphrase works you should not use one. Remember passphrase is a single point of failure if lost. There is a lot at stake. There is more chance of losing your Bitcoin if you forget your exact “passphrase”.
Newbies often confuse passphrase with wallet PIN. These are both two different things. All PIN does is protect your device from access. PIN can be lost or forgotten and you can easily restore your wallet from 12 or 24 word seed phrase. However passphrase in addition to your recovery phrase is used in constructing your wallet.
Passphrase – Do’s & Don’ts
Passphrase are commonly referred to as the 25th word but you should not use just a single word. To make your passphrase more secure and seed from physical extraction attack you need to use more than just 1 word.
Users often memorize their passphrase. If you are not sure if you can remember them in future then have a backup like your recovery seed. Write it in a paper and leave it in safe place but not together with your recovery seed.
You can memorize your passphrase but be very careful. These are case sensitive strings up to 100 characters long. If you are using a long strong passphrase then it is not a good idea to just have it in your memory. By accident if you lose your memory then your crypto is gone.
Passphrases are not for everyone. It is recommended only for advanced users. If you are using one then you must also include it in your crypto backup plan.
Note: You can lose access to your software wallet. Your hardware wallet can get lost, stolen or destroyed. No problem. All you need is seed phrase backup and the passphrase (if you are using one). If you lose this then your Bitcoins are likely gone forever.
One of the best use case for passphrase is plausible deniability. It makes your recovery phrase backup and the device impervious to physical attack. If someone gains access to your hardware device or if your seed phrase is exposed they cannot steal your funds. Without the right passphrase they’ll not be able to gain access to your coins. Using two or more passphrase you can create multiple hidden wallets. You can use one as a dummy decoy wallet with low balance that would provide “plausible deniability”. In the event of physical attack (such as being held at a gunpoint or $5-wrench-attack) this can be very advantageous.
When you are just getting started with Bitcoin and hardware wallets it is advised to not use a passphrase. However as you understand things better and become more comfortable and savvy with wallets you can start using passphrase for added security.
Don’t confuse passphrase with wallet password.
Passwords are not applicable to most wallets. They are just a gatekeeper for your personal information. All they do is encrypt files and sensitive data that is stored on your PC. If you are using Ledger then you might be using Ledger Live. You can add password protection to your Ledger live to protect it from unauthorized access. It can contain upper and lowercase letters, numbers, and symbols. Passwords are least important and losing this does not mean you’ll lose your coins.
All it matters is your recovery phrase and passphrase (if you are using one). Next comes your device PIN.
PIN codes only apply to hardware wallets and mobile wallets. PIN stands for Personal Identification Number. Unlike passphrase or password, a PIN can only contain numbers of length varying from 4 to 9 digits.
PIN is a 4–9 digit numbers combination which you set during the initial wallet setup. All it does is protects the device or wallet from physically used by unauthorized people around you. It’s just like the PIN for your credit / debit card. Anyone with access to your device and the PIN will have access to all your coins. It is equivalent to handing someone your credit / debit card and pin code.
PIN has nothing to do with your wallet accounts or addresses. It is only there to prevent your device from unauthorized use. To access your device everytime you need to enter the PIN. If you forget it then no problem. You can restore your wallet complete using your seed phrase. Then you can set a new PIN of your choice.
Wallet PIN codes are highly sensitive and choosing a strong PIN is the key to your wallet security. Choose one that is hard to guess. If someone obtains your hardware wallet they can try all they want. The wallet will wipe of completely after 3 incorrect PIN attempts in a row. Or wallet such as Trezor will take longer and longer for each PIN attempt. If your device is wiped off you can restore it back using your recovery phrase.
Here are few tips from Ledger to keep your 24-word recovery phrase and PIN code safe.
Is 25th passphrase really necessary?
Are you wondering if someone can crack your 12 or 24 word seed? No, nobody can crack the recovery phrase. Its impossible in theory to brute-force 24, 18, or even 12 random words. They ones generated by your wallet are completely random and unknown. So why passphrase needed anyways? Isn’t my funds secure enough just with the recovery phrase?
Sure, it is. That’s not the worry. The point is what if someone finds your recovery sheet. They can easily access your money by just restoring the seed phrase. By adding passphrase you protect your device from plausible deniability and yourself against possible vulnerability. Just make sure to save the passphrase backup completely separate from your recovery seed backup.
With that said; don’t over-complicate things on security and get yourself locked. The best security setup is one that you can master and execute with confidence.
Hope this post explained the differences between Recovery seed, Passphrase and PIN. If you got any questions regarding this topic then do let us know in the comments below.