All articles

Passphrases and hidden wallets

The passphrase feature in Trezor Suite is a method used to increase the security of your assets by creating unique hidden wallets. This helps to protect your accounts from unauthorized access.
 
  

Passphrase basics

  • A passphrase functions like an extra word added to your wallet backup (formerly recovery seed)
  • Using your wallet backup alone grants access to your Standard wallet 
  • Each unique combination of 'backup + passphrase' grants access to a corresponding unique Passphrase wallet
  • You must have access to your passphrase, as it is never stored on your Trezor device! If you lose access to a passphrase, you will lose access to the associated funds. 
 
Only use a passphrase once you understand how it works. Funds secured by a passphrase can't be recovered without it!

We recommend you write down your passphrase and keep it separate from both your wallet backup and Trezor device. Decide how many copies you want to make, but consider creating an extra copy stored in a different location for added security. Do not store any of these copies digitally - this includes as a picture on your phone, a file on your computer, or in your password manager. 

If you choose not to write down your passphrase, consider creating a hint that reminds you of it. Be cautious: if the hint is too hard to decipher and you forget the passphrase, or if beneficiaries need to guess it, you will lose access to your funds. Make sure the hint is clear and memorable, accounting for details like case sensitivity, spaces, or punctuation.
 

Important characteristics of passphrases

  • Passphrases are not stored anywhere on your Trezor.
  • It is only used temporarily whenever you enter it.
  • A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
  • Characters from the extended ASCII character set cannot be entered using the Trezor device itself. If you create a passphrase including characters from the extended ASCII character set - i.e., decimal 128 (€) to 255 (ÿ) - these can only be entered when using Trezor Suite on a trusted computer.
  • Moreover, these characters may not be rendered correctly on the Trezor display.
  • Passphrases are case-sensitive. Lowercase and uppercase characters are distinguished and count as different.
  • A space (blank) is a valid character.
  • The passphrase and wallet backup belong together. Neither can be used without the other if you sent your coins to a passphrase-protected hidden wallet.
 
Passphrases can't be hacked, as they're not stored on the device.

Each passphrase creates a new hidden wallet, so always check you're entering the passphrase correctly.

A strong passphrase keeps your coins extra safe: learn more in our Is your passphrase strong enough? blog post.
 

How does it work?

As part of the initialization process, your Trezor device generates a random number which is converted into a wallet backup and stored in the memory. Your Trezor uses this string of standard English words to generate your private keys, serving as a kind of 'master access key' for unlocking access to your bitcoin and crypto funds.

 

By using a passphrase, you're effectively adding an extra word to the wallet backup, creating a brand new Passphrase wallet, which are often referred to as 'Hidden' wallets.

 

In fact, you can generate as many Passphrase wallets as you like, but you must be extremely careful not to lose any of your passphrases.

 

Essentially, whenever a Trezor device is used, it derives a cryptocurrency wallet using the following (extremely simplified) formula: 
 
Wallet backup + passphrase = hidden wallet

 

which can be summarized using the following schematic:
 

 

In this schematic, wallets "A" through "E" are all unique passphrase-protected hidden wallets; the (minor) differences between each separate, valid passphrase are highlighted in green.

 

Passphrases are used to create unique hidden wallets and control access to them, without requiring a second hardware wallet or wallet backup. This means your funds are safe, even if your wallet backup is compromised.

 

Choosing a passphrase

Whereas your wallet backup is randomly generated, you choose your own passphrase:

  • It can be any memorable word / phrase / sentence up to 50 bytes (about 50 ASCII characters)
  • It is case sensitive i.e. "Hello  World" is not the same as "Hello  world"
  • Spaces are valid characters - every character matters
  • An empty passphrase is the same as 'seed-only' access to your Standard Wallet

 

To access a hidden wallet, you must enter the passphrase with 100% accuracy.

If you enter anything else, you will create a brand new Passphrase wallet. If you lose access to your passphrase, the associated wallet is irretrievable. Write down your passphrase and keep it separate from both your wallet backup and Trezor device.

 

Disabling / re-enabling the passphrase feature

The passphrase feature can be toggled off or on via the Device settings page in Trezor Suite:

  • First, connect your Trezor and unlock it using your PIN.
  • Once connected and unlocked, navigate to Device settings and scroll down to the Wallet loading section; here you can change the default wallet loading behavior to either Standard or Passphrase:

 

Using passphrase in other apps

By using the same combination of wallet backup and passphrase, the same wallet with identical addresses is derived - no matter which application is used:
 
 

Passphrase FAQs

I've lost my Trezor! Can I recover a passphrase protected wallet?
First, there’s no need to panic. You can use a second Trezor device to recover your existing accounts using the same wallet backup and passphrase combination. Enable the passphrase feature and then enter the exact same passphrase you originally used when creating the passphrase-protected hidden wallet.

 

What are the benefits of using the passphrase feature?
A passphrase adds an extra layer of protection to your bitcoin and crypto. Given that passphrases are not stored on your Trezor, even if your wallet backup is compromised, your accounts remain protected and can only be accessed using the specific passphrase.

You can create any number of new Passphrase wallets. This means you can redistribute balances for added security, or simply to help you organize your accounts.

 

What are the risks of using the passphrase feature?
Please take all necessary precautions in order to preserve your passphrase(s) for future reference, and above all else, remember:
 
If you lose a passphrase, you lose access to any associated funds!