What's the point of a long passphrase?

[Becassine]

Like others, I've read loads of threads and articles on seeds, security etc ...

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one? If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

[Charles-Tim]

The longer the passphrase with combinations of different characters, the harder it would become to brute force.

If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

Some people leave little amount of bitcoin there in case there is a need to use it to deceive someone like an armed thief. I leave no coins there.

[Becassine]

The longer the passphrase with combinations of different characters, the harder it would become to brute force.

But do thieves have the systematic idea of bruteforcing the wallet? With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

[Charles-Tim]

But do thieves have the systematic idea of bruteforcing the wallet?

It is money, we should not think it can not happen.

With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

You can backup the passphrase separate from the seed phrase in different locations and also have duplicates in different locations. Just make sure you did not backup both together and I do not think there would be any problem.

Some people can also memorize both which can be the last resort. But memory is not what should be relied on but just in case. It can be the 3rd or 4th backup. It should not be the primary backup but as last resort.

[Becassine]

But do thieves have the systematic idea of bruteforcing the wallet?

It is money, we should not think it can not happen.

With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

You can backup the passphrase separate from the seed phrase in different locations and also have duplicates in different locations. Just make sure you did not backup both together and I do not think there would be any problem.

Some people can also memorize both which can be the last resort. But memory is not what should be relied on but just in case. It can be the 3rd or 4th backup. It should not be the primary backup but as last resort.

In fact, I'm thinking of my children, who don't understand anything at the moment. If I die tomorrow, maybe it's all over 

[BitMaxz]

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one?

This is not only about the seed phrase but also the wallet file if someone has access to this wallet without the seed phrase they can brute-force this wallet. So if you have a short one they can easily brute-force the wallet but if you have a long passphrase brute-forcing the wallet takes years or decade or forever depends on how hard your passphrase is.

In fact, I'm thinking of my children, who don't understand anything at the moment. If I die tomorrow, maybe it's all over 

Why not teach them instead I prefer a hardware wallet in this case because they can easily learn how to use it and it is safe from brute-force attacks because the wallet is generated offline. You should have a backup seed phrase, including your long passphrase, saved offline in a safe place, and tell your kids about it with some instructions on how to use it so that if you die, they will know how to use it.

[promise444c5]

In Addition,test your wallet before you start using, especially when you're using a long passphrase as you might make some  ommission or typo error,likes  while saving it or writing it down and once you try to  import it next time you are cooked forever...unless it's a simple typo still you will have to sweat it out..

[Mr Reporter]

Like others, I've read loads of threads and articles on seeds, security etc ...

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one? If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

Op from my own little knowledge use of a long seedphase mean it can't be easily hacked by attackers to break most at time using an simple password or short phase can give an dictionary attacker easier access but using longer phase make it more harder to break through, what you should understand is that the complex and longer the seedphase the harder it easier get access to by attackers Many people have fallen into this trape and it has lost them there wallet been hack all in the name of I don't like using long password or seedphase. most people like to use personals information to create passcodes this can lead to a ease attack.

[EL MOHA]

But do thieves have the systematic idea of bruteforcing the wallet? With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

You cannot be too sure who the thieve or hacker is, seriously they are advancing everyday so imagine if they get access to your seed phrase and have the idea of that it has passphrase, a shorter passphrase will be easier to brute force and than a longer one.

As for what amount should be use for decoy, I think any amount you can afford to lose is what can be use as decoy. You can even turn the decoy wallet (fake wallet) to wallet you use for daily transactions as such you can be able to even have transaction history registered on the wallet and this can help as decoy wallet

[Darker45]

My layman understanding is that, just like with your passwords, the longer and more complicated they are the harder for anybody to guess them, with or without the help of a machine. So, that's basically for the sake of security.

It may not necessarily be a fake wallet. Perhaps you just need to keep your funds in different wallets. That's also for your funds' security. Should you fall victim to a robbery, God forbid, you can surrender the wallet with the smallest amount of savings.

As far as the standard of living in my country is concerned, I guess a few hundred dollars will do. That should be enough for the robber to believe that's all you've got in crypto.

[kotajikikox]

But then what's the point of a long passphrase, since nobody's supposed to know there's one?

Regardless whether someone knows or not if there is a passphrase, they could suspect and try to guess it anyway. The point of having a long passphrase is that even though someone tries to access your wallet through brute force, they would not be able to.

If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

I would not want to put so much obviously but putting too little can fool nobody either. So finding a good balance between what I can afford to lose that can be used as a deception to hackers is the key.

[nullama]

Like others, I've read loads of threads and articles on seeds, security etc ...

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one? If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

The main thing is that if someone finds a 24 words seed, and tested it and it fails, they will probably assume there is a passphrase as well.

So, you have all the time in the world to generate multiple passphrases and see if one actually unlocks your wallet.

If the passphrase is strong, then this would be pretty much impossible.

If the passphrase is weak, then this would be done in seconds.

[aoluain]

The longer the passphrase with combinations of different characters, the harder it would become to brute force.

But do thieves have the systematic idea of bruteforcing the wallet? With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

They might know in theory how to do it but with a 24 word seed phrase the
permutations are so vast its deemed impossible.

The seed phrase is there in case you leave your wallet on your table, a thief
breaks in and steals it - its virtually useless to them without either the seed or
the password. The password is for you to access the wallet on a day-to-day basis
rather than entering 24 words every time.

But then what's the point of a long passphrase, since nobody's supposed to know there's one?

Regardless whether someone knows or not if there is a passphrase, they could suspect and try to guess it anyway. The point of having a long passphrase is that even though someone tries to access your wallet through brute force, they would not be able to.

If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

I would not want to put so much obviously but putting too little can fool nobody either. So finding a good balance between what I can afford to lose that can be used as a deception to hackers is the key.

Thats a good point about creating a second wallet with a nominal amount of
funds on it. Depending on your real BTC amount I would say around $500
on the fake wallet, I think a thief would be delighted to walk away with that
amount...if they can access the funds but it doesnt matter because they are gone.

[X-ray]

as from my understanding it's long to both lessen the chance of finding duplicate with the words combination and also to prevent brute force as other have already described above, it's long enough to make such attempt futile and it's long for security reason and I think whether it's gonna be 12 words or 24 words, user experience wise, won't make difference since people always write down their seed phrase and stash it somewhere else anyway, I think nobody is trying to remember seed phrase in their head. even if at some point in post quantum era we will be having more than 256 words combination I won't mind .

[leonair]

Like others, I've read loads of threads and articles on seeds, security etc ...

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one? If the 12 or 24 main words constitute a fake wallet, how much should be left in it? I suppose it depends on the standard of living in different countries? And how much would you leave in your fake wallet?

A wallet passphrase that no one memorizes is usually 12 words or 24 or more. Everyone keeps a note of their passphrase be it online or offline.  Many times it is seen that the wallet gets hacked but it is due to the fault of a wallet user. When someone connects their wallet to a fake site, hackers take access to that wallet. But yes, long passphrase definitely increases the security of the wallet.  Because it is possible to memorize a passphrase of 12 words or 24 words, but it is very difficult to memorize more words, so it will be more secure.

how much would you leave in your fake wallet?

I will not leave any amount in fake wallet. Because every single money is very valuable so why should I leave some money in a fake wallet?

[Charles-Tim]

Many people have fallen into this trape and it has lost them there wallet been hack all in the name of I don't like using long password or seedphase. most people like to use personals information to create passcodes this can lead to a ease attack.

You do not need long seed phrase. Wallets are generating at least 12 words seed phrase but which is enough and secure. anything less than that are not secure but I have not seen a wallet generating less than 12 words seed phrase. As for passphrase, I like it to be long like up to 30 characters.

The seed phrase is there in case you leave your wallet on your table, a thief
breaks in and steals it - its virtually useless to them without either the seed or
the password. The password is for you to access the wallet on a day-to-day basis
rather than entering 24 words every time.

The seed is different from the seed phrase but some wallet like Electrum calls the seed phrase the seed. No wallet shows you the seed. All of them show you the seed phrase.

Also know that the password is not necessary at all. The thief can access your coins through the seed phrase and password is not needed.

A wallet passphrase that no one memorizes is usually 12 words or 24 or more. Everyone keeps a note of their passphrase be it online or offline.  Many times it is seen that the wallet gets hacked but it is due to the fault of a wallet user. When someone connects their wallet to a fake site, hackers take access to that wallet. But yes, long passphrase definitely increases the security of the wallet.  Because it is possible to memorize a passphrase of 12 words or 24 words, but it is very difficult to memorize more words, so it will be more secure.

You need to learn the difference between seed phrase and passphrase. They are not the same. Seed phrase is the 12 to 24 words that the wallet will generate you when creating a wallet. The passphrase is the extra word that you input yourself if you want it. The passphrase will generate different keys and addresses for you. So if someone know your seed phrase without the passphrase, the person will not have access to your coins.

[Becassine]

Thank you for your answers.

Now if my passphrase is easy to bruteforce and I want to create another wallet with a more complex passphrase, I guess I can use the same 24 words and imagine another passphrase. Which tool can I use to do this? Because if I reset the HW, I have to reset the first wallet afterwards to be able to send the funds to the second wallet. Isn't there something simpler? Sorry, I don't know if I'm making myself clear.

[SilverCryptoBullet]

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one?

I you complicate things too much, you will possibly have big troubles later.

12 mnemonic words or 24 mnemonic words are safe enough in security by entropy. By adding passphrase like word, you will create a different tree of keys compare to a wallet with same mnemonic words without a passphrase.

It's secured enough with one or two words in your passphrase, and honestly, using too long passphrase like 12 or 24 words are not recommended if you meant long passphrase is such.

Wallet seeds and Recovery codes.

Read at Recovery Code Passphrases

[Hatchy]

The longer the passphrase with combinations of different characters, the harder it would become to brute force.

But do thieves have the systematic idea of bruteforcing the wallet? With passphrases that are too complicated, we risk not being able to access them ourselves, don't we?

Except it was an organized robbery, I don't think a mere thief would understand what a passphrase is or even know that you had one attached to your seedphrase. It's more reasons why as a crypto holder, you should try your best to keep up your holdings private.

Just as @Charles-Tim said, the passphrase being complex adds more security to your wallet. We can consider storing them same way we store our seeds phrases but in a different location.

[Becassine]

I finally understood the point of a passphrase (that sort of 25th word unless I'm mistaken): in fact it's mainly useful if someone knows the words in our wallet. But then what's the point of a long passphrase, since nobody's supposed to know there's one?

I you complicate things too much, you will possibly have big troubles later.

12 mnemonic words or 24 mnemonic words are safe enough in security by entropy. By adding passphrase like word, you will create a different tree of keys compare to a wallet with same mnemonic words without a passphrase.

It's secured enough with one or two words in your passphrase, and honestly, using too long passphrase like 12 or 24 words are not recommended if you meant long passphrase is such.

Wallet seeds and Recovery codes.

Read at Recovery Code Passphrases

Thank you very much for the link