The passphrase feature in Trezor Suite is a method used to increase the security of your assets by creating unique hidden wallets. This helps to protect your accounts from unauthorized access.
Passphrase basics
- A passphrase functions like an extra word added to your wallet backup (recovery seed)
- Using your wallet backup (recovery seed) alone grants access to your Standard wallet
- Each unique combination of 'backup + passphrase' grants access to a corresponding unique Passphrase wallet
- You must remember your passphrase, as it is never stored on your Trezor device! If you forget a passphrase, you will lose access to the associated funds
Only use a passphrase once you understand how it works. Funds secured by a passphrase can't be recovered without it!
Important characteristics of passphrases
- Passphrases are not stored anywhere on your Trezor.
- It is only used temporarily whenever you enter it.
- A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
- Characters from the extended ASCII character set cannot be entered using the Trezor device itself. If you create a passphrase including characters from the extended ASCII character set - i.e., decimal 128 (€) to 255 (ÿ) - these can only be entered when using Trezor Suite on a trusted computer.
- Moreover, these characters may not be rendered correctly on the Trezor display.
- Passphrases are case-sensitive. Lowercase and uppercase characters are distinguished and count as different.
- A space (blank) is a valid character.
- The passphrase and wallet backup (recovery seed) belong together. Neither can be used without the other if you sent your coins to a passphrase-protected hidden wallet.
Passphrases can't be hacked, as they're not stored on the device.
Each passphrase creates a new hidden wallet, so always check you're entering the passphrase correctly.
A strong passphrase keeps your coins extra safe: learn more in our
Is your passphrase strong enough? blog post.
How does it work?
As part of the initialization process, your Trezor device generates a random number which is converted into a recovery seed and stored in the memory. Your Trezor uses this string of standard English words to generate your private keys, serving as a kind of 'master access key' for unlocking access to your bitcoin and crypto funds.
By using a passphrase, you're effectively adding an extra word to the wallet backup (recovery seed), creating a brand new
Passphrase wallet, which are often referred to as 'Hidden' wallets.
In fact, you can generate as many Passphrase wallets as you like, but you must
be extremely careful not to lose any of your passphrases.
Essentially, whenever a Trezor device is used, it derives a cryptocurrency wallet using the following (extremely simplified) formula:
recovery seed + passphrase = hidden wallet
which can be summarized using the following schematic:
In this schematic, wallets "A" through "E" are all unique passphrase-protected hidden wallets; the (minor) differences between each separate, valid passphrase are highlighted in green.
Passphrases are used to create unique hidden wallets and control access to them, without requiring a second hardware wallet or recovery seed. This means your funds are safe, even if your recovery seed is compromised.
Choosing a passphrase
Whereas your wallet backup (recovery seed) is randomly generated, you choose your own passphrase:
- It can be any memorable word / phrase / sentence up to 50 bytes (about 50 ASCII characters)
- It is case sensitive i.e. "Hello World" is not the same as "Hello world"
- Spaces are valid characters - every character matters
- An empty passphrase is the same as 'seed-only' access to your Standard Wallet
To access a Hidden wallet, you must enter the passphrase with 100% accuracy
If you enter anything else, a brand new Passphrase wallet will be created
If you forget your passphrase, the associated wallet is irretrievable
Disabling / re-enabling the passphrase feature
The passphrase feature can be toggled off or on via the Device settings page in Trezor Suite:
- First, connect your Trezor and unlock it using your PIN.
- Once connected and unlocked, navigate to Device settings and scroll down to the Wallet loading section; here you can change the default wallet loading behavior to either Standard or Passphrase:
Using passphrase in other apps
By using the same combination of wallet backup (recovery seed) and passphrase, the same wallet with identical addresses is derived - no matter which application is used:
Passphrase FAQs
I've lost my Trezor! Can I recover a passphrase protected wallet?
First, there’s no need to panic. You can use a second Trezor device to recover your existing accounts using the same wallet backup (recovery seed) and passphrase combination. Enable the passphrase feature and then enter the
exact same passphrase you originally used when creating the passphrase-protected hidden wallet.
What are the benefits of using the passphrase feature?
A passphrase adds an extra layer of protection to your bitcoin and crypto. Given that passphrases are not stored on your Trezor, even if your wallet backup (recovery seed) is compromised, your accounts remain protected and can only be accessed using the specific passphrase.
You can create any number of new Passphrase wallets. This means you can redistribute balances for added security, or simply to help you organize your accounts.
What are the risks of using the passphrase feature?
Please take all necessary precautions in order to preserve your passphrase(s) for future reference, and above all else, remember:
If you forget a passphrase, you lose access to any associated funds!