What Is a Passphrase? The “25th Word” Concept
Your Trezor wallet is controlled by a 24-word recovery seed (BIP-39). Every address and private key your wallet uses is mathematically derived from those 24 words. This is why backing up those 24 words means backing up your entire wallet.
A passphrase extends this by adding one more piece of input to the derivation. Sometimes called the “25th word,” the passphrase is combined with your 24-word seed to create a completely different root key — which means a completely different set of wallets.
Think of it this way:
Each passphrase produces a unique, fully independent wallet. The wallets share no keys, no addresses, and no funds. And crucially: there is no way to detect which passphrase is “correct” — any string you enter opens a valid (though possibly empty) wallet.
Why Use a Passphrase?
1. Plausible Deniability
If someone steals your Trezor and forces you to reveal your PIN, they’ll access your standard wallet (no passphrase). But your real funds can be stored in a passphrase-protected hidden wallet that they don’t even know exists.
You can keep a small amount of crypto in the standard wallet as a “decoy.” If coerced, you reveal the PIN and hand over the device. The attacker gets the decoy funds and has no way of knowing a hidden wallet exists.
2. Protection Against Seed Phrase Compromise
If your 24-word seed phrase is somehow discovered (someone photographs your metal backup, sees it over your shoulder, etc.), the passphrase acts as a second factor. Without the passphrase, the seed alone gives access only to an empty standard wallet.
3. Multiple Separate Wallets
Power users can maintain multiple hidden wallets for different purposes: one for long-term cold storage, one for DeFi interactions, one for business, one for family funds — each with its own passphrase, completely isolated.
How the Passphrase Differs from the PIN
These two features are frequently confused. Here’s the clear distinction:
| Feature | PIN | Passphrase |
|---|---|---|
| Purpose | Unlocks the physical device | Derives a separate wallet |
| What happens if wrong | Device wipes after X attempts | Opens an empty wallet (no warning) |
| Stored on device | Yes (as hash) | No — never stored anywhere |
| Recovery | Reset PIN via seed phrase | Must remember exactly |
| Changes wallets | No | Yes — different passphrase = different wallet |
The PIN is a physical security layer. The passphrase is a cryptographic layer. They solve different problems.
Setting Up a Passphrase in Trezor Suite
Step 1: Enable Passphrase on Your Device
- Connect your Trezor and enter your PIN
- Confirm the action on your Trezor device
Once enabled, you’ll be prompted to enter a passphrase each time you access your wallet.
Step 2: Choose Your First Passphrase
This is the most consequential step. Your passphrase can be any string of characters — letters, numbers, symbols, spaces. Trezor supports passphrases up to 50 characters long.
Choosing a good passphrase:
- Use something memorable but not guessable
- Avoid using only dictionary words in an obvious phrase (though a long, complex phrase is fine)
- Case matters: “Alpha” and “alpha” open different wallets
- Special characters matter: “password1!” and “password1” open different wallets
- Even a single space matters
What makes a bad passphrase:
- Something you could forget (complex string with no mnemonic)
- Something guessable to someone who knows you (your birthday, pet’s name)
- Something you’ve used for other accounts
Step 3: Entering the Passphrase
Trezor Suite offers two ways to enter your passphrase. You choose which method you want in the settings.
Option A — Enter on the host (computer/phone):
The passphrase entry box appears in Trezor Suite on your screen. You type the passphrase using your computer keyboard. This is faster and more convenient but carries a theoretical risk if your computer is compromised by a keylogger.
Option B — Enter on the Trezor device:
You enter the passphrase directly on the Trezor’s screen using the device’s interface. This is slower (especially on Model One) but ensures the passphrase is never typed into a potentially compromised computer. Recommended for maximum security.
On Trezor Safe 3 and Safe 5, the touchscreen makes device-entry practical. On Model One, it involves button navigation through a matrix.
Entering a Passphrase on the Device vs Host
| Method | Security Level | Convenience | Recommended For |
|---|---|---|---|
| Enter on device | Highest | Low (especially Model One) | High-value cold storage |
| Enter on Trezor Suite (desktop) | High | Medium | Most users |
| Enter on Trezor Suite (mobile) | High | High | On-the-go access |
Most users balance security and practicality by using the desktop Trezor Suite entry. The theoretical keylogger risk is low for most home setups, and the convenience is significant.
If you’re securing very large amounts of crypto, entering the passphrase on the device is worth the inconvenience.
Accessing Your Hidden Wallet
After setting up a passphrase, accessing your hidden wallet every time works like this:
- Connect your Trezor and enter PIN
- Trezor Suite prompts you to enter a passphrase (or confirm on device)
- Enter your exact passphrase
- Your hidden wallet loads
To access your standard (no-passphrase) wallet, simply press Enter or leave the passphrase field empty when prompted.
To access different hidden wallets, enter different passphrases. Each one loads a completely separate wallet.
The Critical Risk: Forgetting Your Passphrase
Here is the most important thing in this entire guide:
If you forget your passphrase, your funds are gone. Forever.
Trezor cannot recover it. There is no password reset. There is no “passphrase hint.” No one can derive your passphrase from your seed. The funds in a passphrase-protected wallet are mathematically inaccessible without the exact, character-perfect passphrase.
There is no warning message when you enter a wrong passphrase — the device simply opens a different (empty) wallet. You might think you’ve entered it correctly, but if it’s even one character off, you’re looking at the wrong wallet.
How to Protect Against Forgetting
Passphrase Best Practices
Do:
- Use a combination of words, numbers, and symbols you can reconstruct from memory
- Store a physical backup of the passphrase in a separate secure location
- Test access to your hidden wallet regularly
- Use a different passphrase for different hidden wallets if you use multiple
Don’t:
- Use the same passphrase as any other account or password
- Store the passphrase in the same location as your seed phrase
- Use a passphrase so complex you can’t reliably reproduce it
- Rely on digital storage (phone, computer, cloud) as your only passphrase backup
Using Multiple Passphrases
One of the most sophisticated use cases for passphrases is maintaining multiple hidden wallets:
This structure means:
- A physical attacker who gets the device and PIN gets only the decoy
- A seed phrase leak compromises only the standard wallet
- Only someone with both the seed AND the correct passphrase can access each hidden wallet
Each passphrase must be independently backed up and secured.
Passphrase with Shamir Backup
Trezor’s Shamir backup (SLIP-39) and passphrases work together. You can:
- Split your seed into Shamir shares (e.g., 2-of-3)
- Also use a passphrase on top of the recovered wallet
When recovering with Shamir shares, the device reconstructs the seed internally, then prompts for the passphrase as a separate step. Both the Shamir threshold AND the correct passphrase are required.
This is a high-security setup used by advanced users and institutions, providing multiple independent security layers.
Passphrase vs PIN: Which Protects Against What?
| Threat | PIN Protects | Passphrase Protects |
|---|---|---|
| Someone finds your device without PIN | Yes | No (device locked) |
| Someone knows your PIN, has device | No | Yes (hidden wallet unknown) |
| Someone finds your seed phrase backup | No | Yes (passphrase not with seed) |
| Remote hack of your computer | No | Partially (if entered on device) |
| Physical coercion (knows your PIN) | No | Yes (plausible deniability) |
The best security uses both: a strong PIN protecting physical device access, and a passphrase protecting the bulk of your funds in a hidden wallet.
FAQ
Can I add a passphrase after I’ve already been using my Trezor without one?
Yes. Enable passphrases in Device settings, then use your passphrase to access a new hidden wallet. Funds in your existing standard wallet remain there — you’d need to send them to an address in your new hidden wallet if you want to consolidate.
Does my passphrase get stored on the Trezor device?
No. Your passphrase is never stored on the device, on Trezor’s servers, or anywhere else. It exists only in your memory and your physical backup. This is why forgetting it is permanent.
What if I accidentally enter a wrong passphrase?
You’ll see an empty wallet. The device won’t warn you that the passphrase was wrong — it simply opens the (empty) wallet corresponding to whatever passphrase you entered. Close the session and try again with the correct passphrase.
Is the passphrase case-sensitive?
Yes, completely. “Password” and “password” open different wallets. “password1!” and “Password1!” open different wallets. Every character, including spaces and symbols, must be exactly right.
Can I use a passphrase on any hardware wallet, not just Trezor?
The BIP-39 passphrase standard is supported by most hardware wallets including Ledger, Coldcard, Keystone, and Foundation Passport. Your passphrase-protected wallet created on a Trezor can be accessed on a Ledger (or vice versa) using the same seed phrase and passphrase.
How long can a Trezor passphrase be?
Trezor supports passphrases up to 50 characters. There’s no minimum length — even a single character creates a different wallet — but longer passphrases are more secure against brute force.
Related guides:
Leave a Reply