25th Word in Nano Ledger S

[jerry0]

Okay the more I think about this... I think most people should probably do it?


The thing right now is im outside the US and don't have my seed with me at the moment.  I do have my nano ledger s.  So the next time im back in the US and want to do this... I will most likely order another
nano ledger s.


Then when I receive it, generate the seed and put it wrong three times to reset it.  Then get a new seed.  Then send a tiny amount of btc to the new nano ledger.  Then put wrong pin three times to reset it.


Then enter the new seed i wrote down to see if the tiny amount of btc I sent is there.  Once its there... the seed is correct. 


Then I would create a new seed and then write my own passphrase word?  Or that is not necessary to generate a new second seed for the new nano ledger?  Once I do that... put wrong pin three times for that hidden account.  Then enter that new second seed i wrote down to restore it. 


Then I would send a tiny amount of btc from my original nano ledger to the new nano ledger hidden address.  So after this is done... I will have tiny amount of btc in the new nano ledger wallet and the hidden wallet.


Then put wrong pin in the new nano ledger.  Enter the new seed to restore it.  But am I suppose to have one seed or two seeds for the new nano ledger if i want it to have a main wallet and hidden wallet?

[1715252097]

1715252097

[1715252097]

1715252097

[jerry0]

Because after I check my nano ledger s and see the seed and the passphrase is correct in the hidden wallet... then i would just send all my btc from my old nano ledger s to the hidden wallet right?


Thus in the end, I will have a tiny amount of btc in the new nano ledger main wallet... and pretty much all the btc in the new nano ledger hidden wallet?


I know its mentioned I could still do this with just my one current nano ledger s but wouldn't it be very easy to make a mistake somehow?  Of course you need to make sure your seed is correct before you do any of it.


But i feel like getting a second nano ledger would make this process much easier?


But If I get a second nano ledger, couldn't i just enter my seed into that one and restore my btc there... so i dont want to do all those steps?  Because well i still have my current nano ledger?




Because when you think about it... if you do the 25th word aka passphrase with the hidden account... well even if your seed is stored in one location whether its in your apartment or in a bank safe deposit or even in the cloud or in a password manager, well even if its exposed... as long as you have that passphrase and it isn't written down... aren't you generally safe?


Or say you have the seed in your apartment or bank safe deposit box.  And say you write your passphrase in a password manager and save it in the cloud... wouldn't that be still safe?


Because if someone has your seed... they only have access to your main wallet and not your hidden wallet.  So wouldn't that make having this passphrase good in that you don't have to store your seed in multiple locations or do that thing where you store your seed in two of three places?  Of course you need to make sure you remember you passphrase.



But if your passphrase isn't a real complex word... is it still not that good?



Example your passphrase is




jerrywentoverthereagain

jerrylikestodrinkvodka0



I mean that is pretty good passphrase as long as you can remember it or write it down somewhere or store it in password manager as long as your seed isn't online?

[n0nce]

~

You wrote a lot of steps, and I don't think it's this complicated, but also I haven't tried using BIP39 passphrase (that's where the 25th word - feature is defined) on a Ledger.

Electrum and some other wallets call the passphrase a "seed extension", "extension word" or "13th/25th word". The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.

You just keep your existing 24 or 12 word seed backup, so you don't even need to access it for creating a password protected wallet.
Normally, you plug in your hardware wallet, enter a new password and you're in a new fresh wallet with new private keys and addresses.

When you want to restore that hidden / password protected wallet, you will need the 24 / 12 word seed backup AND that password that you chose.

If you mistype the password, you will land in a new password protected wallet that is derived from the same 24 / 12 words plus this new (wrong) password. So you've essentially created another password protected wallet. But it's not an issue. Just re-plug the device and enter the correct password and you will arrive in the wallet with your funds. You can have an unlimited amount of wallets, every one defined by its own password. Some people like to use this feature simply to have separate wallets on one device, so they use something simple that offers no extra security though. For example, the password 'savings' for their savings wallet, password 'shopping' for grocery shopping wallet, you get the idea For security, don't use words or sentences, those can be bruteforced with wordlists.

The cool thing about this is plausible deniability. You can have one wallet only accessible through a password which has the majority of your holding while the wallet with password '' (empty password - the default and what is shown immediately when plugging in the device), can have a small amount.

[o_e_l_e_o]

Or that is not necessary to generate a new second seed for the new nano ledger?

Not necessary, and indeed, defeats the purpose of having a passphrased wallet hidden behind the main wallet if the two wallets you are setting up are on different seed phrases.

But am I suppose to have one seed or two seeds for the new nano ledger if i want it to have a main wallet and hidden wallet?

One seed phrase. Generate a new seed phrase, write it down, and send a small amount of coins to that wallet. Perform a seed phrase recovery check using the Recovery Check app, or reset the hardware wallet and restore it to ensure your seed phrase is correct. Then go in to options and set a temporary passphrase. Send a small amount of coins to that wallet. Unplug and replug your Ledger Nano, go back in to options, set a temporary passphrase, and enter your passphrase again to ensure you can recover the same wallet.

Because after I check my nano ledger s and see the seed and the passphrase is correct in the hidden wallet... then i would just send all my btc from my old nano ledger s to the hidden wallet right?

If you like.

But i feel like getting a second nano ledger would make this process much easier?

If you will be more comfortable using two devices, then just do that.

Because when you think about it... if you do the 25th word aka passphrase with the hidden account... well even if your seed is stored in one location whether its in your apartment or in a bank safe deposit or even in the cloud or in a password manager, well even if its exposed... as long as you have that passphrase and it isn't written down... aren't you generally safe?

Provided your passphrase is not brute-forceable and hasn't also been compromised, then yes. You really need to move away from the idea of storing anything in a password manager or in the cloud, though.

[n0nce]

Because when you think about it... if you do the 25th word aka passphrase with the hidden account... well even if your seed is stored in one location whether its in your apartment or in a bank safe deposit or even in the cloud or in a password manager, well even if its exposed... as long as you have that passphrase and it isn't written down... aren't you generally safe?

Provided your passphrase is not brute-forceable and hasn't also been compromised, then yes. You really need to move away from the idea of storing anything in a password manager or in the cloud, though.

I feel the importance of this is highly underrated in newcomers. Generally, most peoples' understanding of a secure passphrase is far off from reality. I already saw a few examples in this thread of passphrases that people wanted to use, which were completely unsuited as a sole mean of security due to using 3 or 4 dictionary words.

Look at this:

jerrywentoverthereagain
jerrylikestodrinkvodka0

I mean that is pretty good passphrase as long as you can remember it or write it down somewhere or store it in password manager as long as your seed isn't online?

I don't think most people would choose a passphrase that has the same entropy as the 24-word seed, so storing the seed in the cloud in plain text (or any other insecure way - this includes almost anything digital like files or non-encrypted USB sticks etc.) and relying on the passphrase is a very bad idea, since it will lead to a provably less secure setup.

[PrimeNumber7]

Because when you think about it... if you do the 25th word aka passphrase with the hidden account... well even if your seed is stored in one location whether its in your apartment or in a bank safe deposit or even in the cloud or in a password manager, well even if its exposed... as long as you have that passphrase and it isn't written down... aren't you generally safe?

You should always have at least 3 copies of your entire seed, including any information needed to access your coin, such as your 25th word and/or decryption key. It is acceptable to store portions of the above separately if that is what your risk assumptions require.

If your seed is securing more than nominal amounts of coin, storing your seed in the cloud is not a good idea. Most cloud storage providers are able to reliably prevent attackers from being able to access their customers' accounts in mass, but there is still the risk of targeted attacks. If an attacker can gain access to your seed, they can check more or less every "word" for the 25th word in a seed nearly instantly. If you are using cloud storage to store your seed, it is probably a safe assumption that you are using a medium of storage that is easily accessible to an adversary to store the 25th word of your seed.

If you don't store the 25th word of your seed, you are risking that you will lose access to your coin. There are many things that will potentially cause the human brain to forget a passphrase. The chances you forget your passphrase go up as it increases in complexity, and the less complex your passphrase is, the easier it will be for an adversary to access your coin if they can access the first 24 words of your seed.

[HCP]

But if your passphrase isn't a real complex word... is it still not that good?

Example your passphrase is

jerrywentoverthereagain
jerrylikestodrinkvodka0

I mean that is pretty good passphrase as long as you can remember it or write it down somewhere or store it in password manager as long as your seed isn't online?

Neither of those are good passphrases. They are "long"... but they are not "good". Length is not necessarily directly proportional to security. It can help, but isn't necessarily the only factor.

For example, thequickbrownfoxjumpedoverthelazydog is a really long password, but because it is essentially just 9 common english words concatenated together, it's probably only marginally more secure than a 9 character password.

Another thing to remember is that just like "characters" in a password should be random... your "word" selection should be too.

Ie. "lounge fall lung hole award" is arguably more secure than "jerry went over there again"

[n0nce]

Neither of those are good passphrases. They are "long"... but they are not "good". Length is not necessarily directly proportional to security. It can help, but isn't necessarily the only factor.

For example, thequickbrownfoxjumpedoverthelazydog is a really long password, but because it is essentially just 9 common english words concatenated together, it's probably only marginally more secure than a 9 character password.

A while ago, I was cracking passwords of encrypted files, and a truly random, 9 character password, which includes special characters as well as alphanumerics, already took a whole lot of time to bruteforce on consumer hardware. However, the sentence-type password would have been guessed in probably seconds using a wordlist-based approach.
So even a shorter password can be more secure if it's random actually.

[jerry0]

Okay still deciding on whether I should do this or not.  Again I only have just my current nano ledger s.  Thus I would feel a bit more comfortable doing this if I had an extra one.  But anyone done this on their only wallet?



But to confirm... with my current seed now... if I wanted to add the 25th word do it... I would not need to generate a new seed right?  Thus it would be my current seed which is my balance now.  But when I create the 25th word passphrase to it... thats going to be another wallet.  So I would then have to transfer the bulk of my btc from my current btc wallet address to the new one?  So I also have to do this with my BCH?  Those are the only two apps I have in my nano ledger s now where I have a current balance.  I do have the bitcoin gold app downloaded as well to my nano ledger s but do not have a balance there.



The thing is when you do this, almost all of you will send a very tiny amount of btc such as 0.0001 from your current btc address to the new passphrase one right?  Then once it goes through, you then send the bulk of it in the second transaction?  Or do you try to reset your device once and enter your seed again in it before you do this?  I got to assume people with a lot of btc... like even 1 btc is a lot these days, have to be extremely careful when doing this?  I got to imagine someone with like 5 btc for example.  Do they feel comfortable sending that much in one transaction to move from their current btc address to the passphrase btc hidden wallet?  Because its like if someone has a good amount of btc but want it put in the hidden wallet with the passphrase, but in order to do this, they need to send that amount of btc from one address to another.  Certainly that has to cause some nervousness and anxiety in people?  Like imagine someone who has 10 btc or even more.  I mean wouldn't people like that probably send that btc in increments?  And obviously they would send with a high sending fee because they want the money to hit the other btc address quickly? 

[Rath_]

with my current seed now... if I wanted to add the 25th word do it... I would not need to generate a new seed right?

Yes.

But when I create the 25th word passphrase to it... thats going to be another wallet.

Correct. If you attach your passphrase to a PIN, you will be able to switch between both wallets easily.

So I would then have to transfer the bulk of my btc from my current btc wallet address to the new one?  So I also have to do this with my BCH?

Yes.

Or do you try to reset your device once and enter your seed again in it before you do this?

I would use the Recovery Check app instead.

[Pmalek]

Or do you try to reset your device once and enter your seed again in it before you do this?

I would use the Recovery Check app instead.

I think there were some problems with this app in the recent past where it showed that a seed was wrong even though it was the correct one. I think those problems started occurring with the Nano X after the most recent firmware upgrade.

@jerry0
You can send a little bit from your normal (non-passphrased wallet) to your passphrased one. Reset the wallet to factory settings, remove the accounts in your Ledger Live portfolio, recover your passphrased wallet, scan for existing accounts, and add them. The LL app should show that small amount you sent.

Alternatively, you can just write down or save the first generated address once you create your passphrased account. After that you reset the wallet, remove all accounts from your LL portfolio, recover your wallet, re-add the accounts and check that the first generated address matches the one you saved previously.       

[Lucius]

Okay still deciding on whether I should do this or not.  

After 6 pages of this thread and more than 1 year since you asked the question?

I'm pretty sure people like you shouldn't use features that are clearly defined as options only recommended for advanced users. I'm pretty sure that using this option with you would lead to even more confusion, so I'll put what Ledger says about your doubt once again - read it a few dozen times if necessary.

Set up a passphrase to add a layer of security to your crypto assets. This option is only recommended for advanced users. Carefully read this article before setting up a passphrase. The recovery phrase and passphrase functionalities enable a range of security setups. You may use them to design the security strategy that meets your personal situation. Please do not overcomplicate things, the best security setup is one that you master and can execute with confidence.

[HCP]

I'm going to have to agree with Lucius here... if you're not comfortable with enabling the passphrase option on your Ledger device, then please just don't use it.