ledger-nano-guide.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Passphrase (25th word) — benefits, risks & configuration

Carmen Chen Carmen Chen
Try Tangem secure wallet →

Passphrase (25th word) — benefits, risks & configuration

A passphrase (often called the "25th word") is an optional extra secret you can add to your seed phrase to create a separate, hidden wallet. Short version: it increases security if used correctly, and it increases the chance of permanent loss if used carelessly. I believe most people should understand both sides before deciding.

What is a ledger passphrase (25th word)?

A "ledger passphrase" refers to the BIP39 passphrase feature as implemented by Ledger-compatible hardware wallets. Technically, BIP39 combines a mnemonic seed phrase with an optional passphrase to derive the master seed. That additional secret acts like a 25th word appended to a 24-word seed (or a 13th to a 12-word seed), but it can be any text sequence, not necessarily a single dictionary word.

Think of your seed phrase like a master key. The passphrase creates a second master key derived from the same words, but only accessible when the passphrase is supplied. This is how "hidden wallet ledger" setups are achieved.

(Why would you do this? Read on.)

Try Tangem secure wallet →

How the BIP39 passphrase works (technical overview)

BIP39 defines a process that takes two inputs: the mnemonic (seed phrase) and an optional passphrase. These are combined using a key stretching function (PBKDF2) to produce a 512-bit seed. That seed is then used with BIP32/44 derivation paths to create accounts and private keys on the blockchain. See the BIP39 specification for the exact math: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

Because the passphrase is a separate input, the same 24-word seed will map to different private keys depending on the passphrase used. That’s the core behavior exploited to make per-passphrase hidden wallets.

Benefits: why people add a passphrase

  • Extra layer of security against physical theft. If someone steals your hardware wallet and the attacker has only the seed phrase but not the passphrase, they may not access funds stored in hidden wallets.
  • Plausible deniability. You can keep a small, obvious wallet unlocked by the seed alone and a separate high-value hidden wallet protected by a passphrase (note: plausible deniability has limits — see Risks).
  • Flexible partitioning. You can use different passphrases for distinct purposes (savings, business, test accounts) while retaining one seed phrase.

In my experience, the passphrase is valuable for high-value cold storage where an extra human-secret separation makes sense. But it’s not a universal fix.

Risks and failure modes of using a passphrase

  • Single point of catastrophic failure: lose or forget the passphrase, and the hidden wallet cannot be recovered even with the seed phrase.
  • Human error: typos, different character case, accidental leading/trailing spaces, or different keyboard layouts can make the entered passphrase produce a different wallet.
  • Operational risk: entering your passphrase on a compromised computer or using a host entry method that caches the passphrase increases exposure.
  • False sense of safety: passphrase protection is not a substitute for multi-signature setups or sound operational security.

But remember: a passphrase increases complexity. Complexity causes mistakes. That’s an empirical fact I’ve observed across many users.

How to enable and use a ledger passphrase — step by step

Note: device UIs differ. Consult your device-specific guide for exact button presses (nano-s-guide, nano-s-plus-guide, nano-x-guide). The steps below are a safe, general approach.

  1. Decide whether you really need a passphrase. Consider alternatives first (multisig, geographically separated seed copies, metal backups).
  2. Compose a high-entropy passphrase. Prefer a multi-word diceware-style phrase or a long random string — not a single, guessable word (example: "blue horse correct 7?" is weak; "rain-8123-coffee-bottle-tiger" is stronger).
  3. Enable the passphrase feature on your hardware wallet per the device manual. When prompted, choose to enter the passphrase on the device rather than on a host app whenever possible.
  4. Create a hidden wallet by entering the passphrase. Confirm that the derived accounts show expected addresses.
  5. Send a small test amount to the hidden wallet to confirm full access and correct backups.
  6. Back up the passphrase securely (see next section). Then, treat the passphrase like any other critical secret: never store it in a cloud note or plaintext file.

And test recovery with a spare device or in a safe environment. If you can’t restore from a separate device, you don’t have a reliable backup.

Entry modes: on-device vs host entry

  • On-device entry: type the passphrase directly on the hardware wallet screen. This is the safest option because the passphrase does not pass through your computer.
  • Host entry (companion app/desktop): more convenient on small-screen devices but increases attack surface (keylogging, malware). Avoid host entry unless you fully trust your host and understand the trade-offs.

Backup and recovery with a passphrase

The passphrase must be treated as part of your backup set. Recovery requires both the seed phrase and the exact passphrase string. If you use a passphrase with a 24-word seed, the combination is what restores your hidden wallet. See the general restore process at [/restore-recovery].

Secure backup options:

  • Metal backup plates (for the seed phrase and separately for the passphrase). See [/metal-backup-plates].
  • Shamir backups (SLIP-39) as an alternative secret-splitting scheme: [/shamir-backup-slip39].

Do not store your passphrase as an unencrypted cloud note or on a photo in your phone. But do ensure trusted people know inheritance instructions (see [/inheritance]).

Who should use a passphrase?

  • Advanced users who understand the extra operational burdens and are willing to maintain a tested backup process.
  • People who need plausible deniability or want multiple hidden wallets from a single seed.

Who should probably not use it:

  • Beginners or anyone who has not yet mastered seed phrase backups and recovery. Multisig or professional custody can be safer alternatives for many users. See [/multisig] for alternatives.

Common mistakes to avoid

  • Using short, guessable passphrases.
  • Writing the passphrase to a cloud-synced note or emailing it to yourself.
  • Failing to test restore on a separate device.
  • Assuming the passphrase is the same as the device PIN (they are different).

But the most common mistake I see is incomplete backup planning: people back up the seed phrase and forget the passphrase.

Quick comparison table: Pros vs Cons

Feature Pros Cons
Security against physical theft Adds extra secret required to unlock hidden wallet If lost, funds irrecoverable
Plausible deniability Allows a decoy wallet without the passphrase Deniability can fail under sophisticated coercion
Convenience Multiple wallets from one seed Higher operational complexity (typography, storage)

Diagram: seed phrase + passphrase => derived wallets (placeholder image)

FAQ

Q: Can I recover my crypto if the device breaks? A: Yes—if you have the seed phrase and the exact passphrase you used to create the hidden wallet. Restore the seed on a compatible device or use a recovery procedure described at [/restore-recovery]. Without the passphrase, hidden-wallet funds are unrecoverable.

Q: What happens if the company behind my hardware wallet goes bankrupt? A: Your recovery relies on open standards (BIP39/BIP32); as long as the standards and compatible tools remain, you can restore using other compatible hardware or software that supports the same derivation scheme. See [/company-risk] for a fuller discussion.

Q: Is Bluetooth safe for inputting a passphrase? A: Bluetooth introduces extra attack surface compared with a wired, on-device entry. If you plan to use a passphrase, prefer direct on-device entry (or a physically air-gapped workflow). See [/connectivity-usb-bluetooth-nfc] for connectivity trade-offs.

References & next steps

If you decide to use a passphrase, test restore before moving significant funds. I’ve tested both on-device and host-entry methods; on-device entry reduced my operational worry the most. And remember: a passphrase is powerful, but only if you treat it like a permanent secret.

Ready for the next step? Follow the model-specific setup guides linked above, then verify firmware and perform a controlled restore from your backups: see [/verify-firmware] and [/restore-recovery] for step-by-step instructions.

Try Tangem secure wallet →