hodlguide.pro

Ledger Passphrase (25th Word): Complete Security Guide (2026)

The passphrase feature — often called the “25th word” — is one of the most powerful and misunderstood security tools available on your Ledger device. Used correctly, it creates entirely separate hidden wallets that cannot be discovered even if someone has your 24-word recovery phrase. Used incorrectly, it can result in permanent loss of funds.

This guide explains exactly what the passphrase does, when you should use it, how to enable and access it on your Ledger, and the critical risks you must understand before enabling it.

What Is the Passphrase?

Your Ledger device generates a 24-word recovery phrase when you first set it up. This phrase, following the BIP39 standard, deterministically generates all of your private keys. Anyone with those 24 words can restore your wallet and access all your funds.

The passphrase is an optional extension to BIP39. You choose any string of characters — letters, numbers, symbols — and it is added to your 24-word phrase as an additional input during key derivation. The result is a completely different set of private keys and addresses.

Think of it this way:

  • 24 words alone → Wallet A (your “standard” wallet)
  • 24 words + passphrase “Correct-Horse-7” → Wallet B (a completely separate hidden wallet)
  • 24 words + passphrase “different” → Wallet C (yet another separate hidden wallet)

    • Every different passphrase — even changing one character — produces a completely different wallet with entirely different addresses and balances. There is no mathematical relationship between wallets created with different passphrases.

    Why Use a Passphrase?

    Primary Use Case: Extra Security Layer

    Even if your 24-word recovery phrase is stolen, an attacker cannot access your passphrase wallet without also knowing your passphrase. This is especially valuable if:

    • You store significant funds and worry about physical theft or coercion
    • Your seed phrase backup location could be discovered
    • You want to store funds in multiple separate wallets with different security levels

    Plausible Deniability

    One sophisticated use case is keeping a small amount of real funds in your standard wallet (accessible with just the 24 words or PIN) while keeping your main holdings in a passphrase-protected wallet.

    If you are ever coerced into giving up your PIN or recovery phrase under duress, the attacker sees only the decoy wallet with limited funds. They have no way to prove you have a passphrase wallet unless you tell them. This is sometimes called a “duress wallet” or “honeypot wallet” setup.

    To make this work convincingly, the decoy wallet must have a plausible amount of real crypto in it — an empty wallet is suspicious.

    How to Enable the Passphrase on Ledger

    Ledger offers two ways to use the passphrase:

    Option 1: Temporary Passphrase (Recommended for Most Users)

    You enter the passphrase each time you want to access the hidden wallet. It is not stored on the device.

  • On your Ledger device, go to Settings > Security > Passphrase
  • Select Set temporary passphrase
    • Use the device buttons to enter your passphrase character by character
    • Confirm by entering it a second time
    • Your device restarts and loads the passphrase wallet
    • When you disconnect or restart the device, the passphrase is forgotten — the next unlock returns to the standard wallet

    This is the recommended method because the passphrase is never stored on the device, leaving no trace.

    Option 2: Passphrase Attached to a PIN

    This option lets you set a second PIN on the device. When you enter PIN A, the standard wallet loads. When you enter PIN B, the passphrase wallet loads automatically — without you manually typing the passphrase each time.

  • Go to Settings > Security > Passphrase
  • Select Attach to PIN
    • Enter and confirm a new PIN (different from your existing PIN)
    • Enter the passphrase you want to attach to this PIN
    • Confirm the passphrase
    • Going forward, entering PIN B on startup loads your passphrase wallet

    This method is convenient for regular use of a passphrase wallet. The passphrase is encrypted and stored on the device, meaning someone with physical access to the device could potentially extract it if they knew the attached PIN — but they cannot access it from the recovery phrase alone.

    Accessing Your Passphrase Wallet

    Once you have set up a passphrase (either temporary or PIN-attached), any accounts you add in Ledger Live or third-party apps while the passphrase is active belong to that hidden wallet.

    Important: When using a temporary passphrase, you must re-enter it every time you want to access the hidden wallet. Ledger Live will show different account balances depending on whether the passphrase is active.

    If you open Ledger Live and your passphrase account shows a zero balance, it almost certainly means the passphrase is not active on the device — not that your funds are gone. Re-enter the passphrase on the device and reconnect.

    Critical Risks of Using a Passphrase

    Permanent Loss if You Forget the Passphrase

    This is the most important risk. Unlike a PIN, there is no recovery mechanism for a forgotten passphrase. If you forget or lose your passphrase, there is no way to access the funds in that wallet — not Ledger support, not law enforcement, no one.

    Your passphrase is not stored on Ledger’s servers. It is not recoverable from the 24-word seed. It is not recoverable from the blockchain. It simply does not exist anywhere except in your own records and memory.

    Typos Create Separate Wallets

    If you accidentally type “passphras3” instead of “passphrase,” you create a completely different wallet. Every character matters. There is no warning that you have used a “wrong” passphrase — the device simply opens a different (empty) wallet.

    Always double-check your passphrase entry. The device asks you to confirm it twice during setup for this reason.

    No Standard Format

    A passphrase can be any combination of UTF-8 characters up to 100 characters long. There is no standard format. You choose and you remember — or you write it down securely.

    Best Practices for Using a Passphrase

  • Write it downStore your passphrase separately from your 24-word recovery phrase. If someone finds one, they do not automatically have the other.
  • Use a strong but memorable passphrase — A random string is most secure but hardest to remember. A long passphrase (4–6 random words, or a phrase with mixed case and numbers) balances security and memorability.
  • Test before sending significant funds — Send a small test amount to your passphrase wallet first. Then re-enter the passphrase and verify you can access the funds before committing significant value.
  • Store the backup securely — Consider a metal backup plate for the passphrase if you plan to hold large amounts long-term. Keep it in a separate location from your 24-word backup.
  • Tell your heirs — If you use a passphrase for significant funds, your estate needs to know both the 24 words and the passphrase for inheritance purposes. Consider how this information will be passed on.
  • Do not confuse it with your PIN — The PIN unlocks the device. The passphrase extends the seed. They are different things with different security implications.
  • Case sensitivity matters — “Password” and “password” create completely different wallets. Be consistent with capitalisation.

    • Passphrase vs PIN: What Is the Difference?

    Feature PIN Passphrase
    Purpose Unlocks the device Creates a different wallet
    Length 4–8 digits Up to 100 characters
    If forgotten Reset device (funds accessible via seed) Wallet permanently inaccessible
    Stored on device Yes (encrypted) Only if using attached-PIN method
    Required to use Ledger Yes No (optional)
    Affects wallet addresses No Yes

    Common Mistakes

    Mistake 1: Expecting the balance to survive a device reset without the passphrase

    If you reset your device and restore from your 24 words, you get back to the standard wallet. You must re-enter the passphrase to access the hidden wallet. Some users panic thinking funds are lost — they are not, but you need the passphrase.

    Mistake 2: Storing the passphrase on the same device or in the same location as the seed phrase

    The security benefit of the passphrase is that an attacker needs both the seed AND the passphrase. Storing them together defeats the purpose.

    Mistake 3: Using the passphrase feature without testing it first

    Always send a small test amount, disconnect, re-enter the passphrase from scratch, and confirm you can see the funds before sending larger amounts.

    Frequently Asked Questions

    Q: Is the passphrase the same as the PIN?

    No. The PIN unlocks your Ledger device. The passphrase is a cryptographic extension to your seed phrase that creates a completely different wallet. They serve different purposes.

    Q: Can Ledger recover my passphrase if I forget it?

    No. The passphrase is never transmitted to Ledger and is not stored on their servers. If you forget it, the funds in that wallet are permanently inaccessible. There is no recovery process.

    Q: Does my passphrase need to be a single word?

    No. Your passphrase can be any combination of characters — words, numbers, symbols, spaces. It can be up to 100 characters long.

    Q: Can I have multiple passphrase wallets?

    Yes. Each unique passphrase creates a different wallet. You can have as many passphrase wallets as you want, each with different funds.

    Q: Will my passphrase wallet be accessible if I restore my Ledger on a different device?

    Yes, as long as you use the same 24-word recovery phrase AND the same passphrase. The combination of both always produces the same wallet, regardless of which device you use.

    Q: Does Ledger Recover back up my passphrase?

    No. Ledger Recover only backs up the 24-word seed phrase, not any passphrase you have set. You are responsible for backing up the passphrase separately.

    Q: What if I lose my Ledger and try to restore — will the passphrase wallet be there?

    Yes. Restore your seed phrase on a new device, then re-enter the passphrase. The same wallet and funds will appear. This is why securely backing up both the seed and the passphrase is critical.

    Related guides:

  • Is Ledger Safe? Complete Security Analysis (2026)
  • Ledger Recover: Should You Use It? Complete Guide (2026)
  • Trezor Passphrase Feature: Complete Guide (2026)
  • How to Update Ledger Firmware (2026)

    • Posted

    in

    ,

    by

    treasuryanalytica@gmail.com

    Tags:

    , , ,

    Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *