Passphrase is an optional feature of the Trezor device which allows users to create hidden wallets. Passphrases serve as a function of second-factor protection of the recovery seed and are an ultimate protection against attacks involving physical access to the device or the recovery seed.
- The passphrase is not stored anywhere on the device. It is only used temporarily whenever you enter it.
- A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
- Passphrases are case-sensitive - lowercase and uppercase characters are distinguished and count as different.
- A space (blank) is a valid character.
- The passphrase and recovery seed belong together. Neither can be used without the other if you sent your coins to a passphrase protected wallet.
How does it work?
When first initialized, a Trezor device generates a random number which is converted into a mnemonic sentence (recovery seed) and stored in the memory. Subsequently, whenever the device is used, it derives a cryptocurrency wallet from a magical formula;
mnemonic+passphrase (extremely simplified).
If the user did not input any passphrase (default setting), an empty string
"" is used. When the feature is activated, the user is prompted to enter the passphrase which is then combined with the recovery seed on the device, and a new wallet is generated.
For you, the user, this means:
Once the passphrase feature is activated on the device, you can provide any input of your choosing and it will be used to generate a completely new wallet. To access this hidden wallet repeatedly, you will have to use the exact same passphrase in combination with the recovery seed on the device. Using the same seed with a different passphrase will generate a different wallet. Using a different seed with the "correct" passphrase will generate a different wallet.
If you get a new Trezor device and wish to access the hidden wallet, you will have to recover your previously used recovery seed, activate the passphrase feature, and enter the exact same passphrase as before.
Mistyping the passphrase will generate a completely new wallet. There is no such thing as an "incorrect passphrase", so whatever you provide as your input will be used in the process of deriving a wallet.
If you enter an empty passphrase (no passphrase at all), the device will proceed exactly as if the passphrase feature had not been activated at all, and generate a wallet from your recovery seed stored on the device.
Trezor Model T users can choose to enter the passphrase either on the host device (a computer, phone) or directly on the Trezor by using the touchscreen. Trezor One only offers the option to enter the passphrase using the web browser at the moment.
Security benefits and risks
Just as the PIN is used to protect your device, we can say that the passphrase serves as second-factor protection for your seed.
It only exists in your head
Because the passphrase is not stored anywhere on the device, it is impervious to any attacks involving physical access and tampering with the chip. Furthermore, if somebody compromised your physical copy of the recovery seed, they still would not be able to access your passphrase protected wallet unless they knew the passphrase.
Passphrases are free. You can create as many passphrases in combination with your recovery seed as you like. This ease of creating a new wallet lets you gain a secondary advantage of hidden wallets = plausible deniability.
Once you get familiar with the feature and feel confident using it, you can consider creating "decoy wallets".
If burglary and physical danger is in your threat model, you might want to leave some pocket money in the basic "non-passphrase" wallet, then move a portion of your funds to one passphrase; and lastly, the most significant portion of your funds to another passphrase-protected wallet.
The idea behind this is that if you ever find yourself in a situation where somebody is trying to extort a ransom from you or puts you under duress, you can safely give up the PIN or even the decoy passphrase.
The ability to create an almost unlimited number of wallets provides some practical advantages too. You can share one recovery seed with a significant other (sort of like a mutual account) and distinguish your private wallets using a personal passphrase. Using this technique, you can share a mutual wallet within your household, with colleagues, or friends according to your preferences and needs.
Potential risks when using passphrases
By using the passphrase feature, you, the user, gain lots of additional personal responsibility in direct proportion to the security enhancements.
Because the passphrase is not stored anywhere, you need to take all necessary precautions in order to preserve the passphrase safe, be it a physical backup or just a memory.
If the passphrase is lost, it can only be found by guessing (brute-forcing) which is often technologically and economically infeasible (read impossible). The difficulty of guessing the passphrase varies depending on the strength (complexity) of the passphrase.
How to choose a good passphrase?
Ideally, the strength of your passphrase should correspond with the level of risk your seed backups are facing. Of course, this is very hard to estimate.
Continue to our blog post "Is your passphrase strong enough?" for an extensive analysis of appropriate passphrase difficulty.