BIP39 Passphrase (the 25th word): A security layer or a self-lockout trap?

[CryptoVoyager24]

I have been exploring the "Passphrase" feature (often called the 25th word) to add an extra layer of security to my cold storage. The idea of having a "hidden wallet" and protection against physical seed theft sounds amazing.
​However, while testing it, I realized something terrifying.
If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses. There is no "Wrong Password" error message. It just silently shows you a valid, empty wallet.
​This scares me for two reasons:
1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?
2. Inheritance: If something happens to me, my family will find the seed phrase, restore it, see an empty balance, and think I lost everything.
​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?
​I am starting to feel that for a regular user, a passphrase adds more risk of user-error than the protection it offers against a $5 wrench attack.

[ovcijisir]

I have been exploring the "Passphrase" feature (often called the 25th word) to add an extra layer of security to my cold storage. The idea of having a "hidden wallet" and protection against physical seed theft sounds amazing.
​However, while testing it, I realized something terrifying.
If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses. There is no "Wrong Password" error message. It just silently shows you a valid, empty wallet.
​This scares me for two reasons:
1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?
2. Inheritance: If something happens to me, my family will find the seed phrase, restore it, see an empty balance, and think I lost everything.
​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?
​I am starting to feel that for a regular user, a passphrase adds more risk of user-error than the protection it offers against a $5 wrench attack.

To be honest I never generate seed with 25th word as I prefer to make things as simple as possible. I had negative experiences when I tried to complicate things in the past so now I stick to 12 word seed phrase that Ihave on encrypted USB pen drive. I regulary use that pen drive and have to type in password on weekly basis and that reduces the risk of forgetting password.

We never know what changes in Bitcoin standards will await us in the future so I made sure that the wallets that I used are generating BIP 39 seed phrase to avoid potential issues in the future (eg. Wallet developers decide to discontinue wallet and then not being abld to reconstruct wallet on other software)

[hosemary]

If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses. There is no "Wrong Password" error message. It just silently shows you a valid, empty wallet.

That's normal. Any passphrase you use, its combination with your seed phrase can generete a wallet.
Note that a passphrase is not a password. Yoru passphrase isn't stored anywhere and there is no central authority that can tell you the passphrase is incorrect.

1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?

The solution is simple.
After writing down the seed phrase (+passphrase, if there's any), regenerate the wallet from your backup and see if it gives you the same addresses.


 

​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?

You should never rely on your memory.
Write down your passphrase and keep it somewhere separate from your seed phrase.

[Frankolala]

​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?
​I am starting to feel that for a regular user, a passphrase adds more risk of user-error than the protection it offers against a $5 wrench attack.

This is why passphrase provides you with a better layer of security because anyone that sees your seed phrase without the passphrase and import your seed phrase to his wallet will get a different wallet. Just like you said, if you miss a word and use a different word, you will get a different empty wallet which is the main reason you should carefully copy your passphrase and seed phrase on a pieces of paper and make three duplicates each. You are to keep your seed phrase in a different place and your passphrase in a different place from your seed phrase to avoid access to your wallet if any of them is exposed to a third-party.

[hd49728]

The extended passphrase has double-edged effects, it can increase your security but you must know what you're doing and must have proper wallet backups that must have both parts: wallet mnemonic seed + extended passphrase.

I think with people who use non-custodial wallets, backups are mandatory and if they can back up their wallet mnemonic seed, they are certainly able to back up their extended passphrase. They can have both for wallet backups quite easily, not big problems.

How to keep your bitcoin secure with passphrase?
How to back up a seed phrase?

[Charles-Tim]

@CryptoVoyager24
It is worth knowing that space is also a valid character for passphrase.

To be honest I never generate seed with 25th word as I prefer to make things as simple as possible. I had negative experiences when I tried to complicate things in the past so now I stick to 12 word seed phrase that Ihave on encrypted USB pen drive. I regulary use that pen drive and have to type in password on weekly basis and that reduces the risk of forgetting password.

People have different approaches. I know someone that told me that after he has more than 5 wallets, seed phrase backup is becoming an issue for him, he created just one seed phrase and used passphrase slightly more than 30 characters to generate separate wallets instead. This makes a single seed phrase backups in different locations to be easy for him than to have many seed phrase backup in different locations. Also the passphrase backup will not be suspicious as a passphrase but he have then in separate locations. I told him his idea is not bad as long as he used a strong passphrase.

[Yamane_Keto]

a simple word for the passphrase might be a compromise, but it will be easy to brute-force it.
a mnemonic seed and an extended passphrase together should be done by encrypting the passphrase with a password or time limit; otherwise, a passphrase will complicate access to your coins.

[hosemary]

a mnemonic seed and an extended passphrase together should be done by encrypting the passphrase with a password or time limit; otherwise, a passphrase will complicate access to your coins.

Encrypting the passphrase with a password or time limit? What do you mean? Can you please elaborate more on this and tell us how it's done? What is time limit?
And what do you mean by "otherwise, a passphrase will complicate access to your coins." How does the so-called encryption make accessing the coins less complicated?

[Cookdata]

a mnemonic seed and an extended passphrase together should be done by encrypting the passphrase with a password or time limit; otherwise, a passphrase will complicate access to your coins.

Encrypting the passphrase with a password or time limit? What do you mean? Can you please elaborate more on this and tell us how it's done? What is time limit?
And what do you mean by "otherwise, a passphrase will complicate access to your coins." How does the so-called encryption make accessing the coins less complicated?

I'm confuse as well.

I maybe wrong, I think OP is saying encrypt the passphrase with a password instead of save it where anyone can have access to it but does this make any sense? Why encrypt passphrase separately.

If it's encrypting the wallet with a password, that's understandable.

[mcdouglasx]

What you're describing is normal; it's simply not a password per se, but an extension of the passphrase itself. There's nothing more you can do about it. However, regarding your concern about the last word, since you're afraid of accidentally sending it to another wallet, you can easily fix that by applying SHA256 to that word. Wherever you write your password, write the confirmation of the last 6-10 characters of the resulting hash. This way, you can confirm you're using the correct word each time you want to use it, as each different word will generate a different hash.

You can even leave that fragment of the hash in a notepad for quick access to the confirmation.

[rat03gopoh]

a mnemonic seed and an extended passphrase together should be done by encrypting the passphrase with a password or time limit; otherwise, a passphrase will complicate access to your coins.

Encrypting the passphrase with a password or time limit? What do you mean? Can you please elaborate more on this and tell us how it's done? What is time limit?
And what do you mean by "otherwise, a passphrase will complicate access to your coins." How does the so-called encryption make accessing the coins less complicated?

I think he meant a time-based encryption method^(*), which relies on a trusted server (centralized or decentralized) as a time reference for activating the encryption key or even as the party that will release the encryption key at a specified time. cmiiw


*) https://stackoverflow.com/questions/11416803/time-based-encryption-algorithm

[LoyceV]

1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?

The solution is simple.
After writing down the seed phrase (+passphrase, if there's any), regenerate the wallet from your backup and see if it gives you the same addresses.

It's good practice to do this for every backup you create, and ideally on a different (air-gapped, running from RAM) system. Start from scratch, and see if you get the same wallet.

How do you guys handle the passphrase storage?

This is the one thing about self-storage that I've never felt 100% comfortable with. It's always a trade-off between the risk of losing access myself, and the risk of someone else gaining access. I've never found the perfect solution.

You should never rely on your memory.

The "25th word" could be as simple as your own name. You'll never forget it, nobody is going to brute-force it because they don't have access to your other 24 words, and it's enough to stay hidden during a quick $5 wrench attack.

I know someone that told me that after he has more than 5 wallets, seed phrase backup is becoming an issue for him, he created just one seed phrase and used passphrase slightly more than 30 characters to generate separate wallets instead.

Does he enter those 30 characters on the hardware wallet itself? I'm already annoyed when I have to enter a short PIN on anything other than a PC keyboard.

[Forsyth Jones]

While reading this thread, I came across several creative solutions, but this is extremely dangerous. People tend to be disastrous and forget patterns they've invented themselves. It's not that difficult to create a wallet (seed phrase and Passphrase) and store it in a separate location (with at least 3 copies).

The passphrase is discreet, it can be a combination of letters and special characters or even a phrase with at least 5 different words (as long as they are randomly generated).

OP if you're afraid of making a mistake/losing/forgetting your passphrase, use random passphrases based on random words. You can use a password manager like KeepassXC to generate them for you (on an offline PC/laptop).

Furthermore, I'll leave below guides with all the benefits and risks associated with using passphrases, as well as best practices to ensure the conscious use of the feature:

5 Reasons Why You Should Use a Passphrase (And 3 Reasons Why You Maybe Shouldn’t)

10 Common FAQs Around Passphrases in Trezor Wallets

[CryptoVoyager24]

​@LoyceV
​>The solution is simple.
>After writing down the seed phrase (+passphrase, if there's any), regenerate the wallet from your backup and see if it gives you the same addresses.

​This is exactly the "lightbulb moment" I needed. Thank you.
I was so focused on the fear of typing it wrong later, that I forgot I can (and should) strictly verify it now before sending a single satoshi. If I wipe the device, restore from paper, and get the same addresses — the "typo risk" is effectively zero.

​@Forsyth Jones
​>You can use a password manager like KeepassXC to generate them for you (on an offline PC/laptop).

​Great idea. Since I am already using KeePassXC on my offline machine for other credentials, generating a high-entropy passphrase there avoids the "human brain is bad at randomness" problem.
​Thanks for the masterclass, everyone. I feel much more confident using the 25th word now.

[LoyceV]

​Thanks for the masterclass, everyone. I feel much more confident using the 25th word now.

Don't forget the masterclass about how bad human memory is

[Satofan44]

I have been exploring the "Passphrase" feature (often called the 25th word) to add an extra layer of security to my cold storage. The idea of having a "hidden wallet" and protection against physical seed theft sounds amazing.
​However, while testing it, I realized something terrifying.
If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses. There is no "Wrong Password" error message. It just silently shows you a valid, empty wallet.
​This scares me for two reasons:
1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?
2. Inheritance: If something happens to me, my family will find the seed phrase, restore it, see an empty balance, and think I lost everything.
​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?
​I am starting to feel that for a regular user, a passphrase adds more risk of user-error than the protection it offers against a $5 wrench attack.

I do not agree with this topic at all. It is a valid concern, and for that some merit is appropriate but nobody should agree with the general conclusion here. There is absolutely nothing different between a passphrase and a password when it comes to the "self-lockout trap". You may argue well you still have the backup words, but that would be an incorrect counter-point. If you assume for one side a correctly written backup of the seed phrase then on the other side you must assume a correctly written seed phrase and the passphrase. Should we abolish encryption passwords because you may lock yourself out permanently by any kind of incorrect behavior on the user side? Of course not.

Passphrases could not be any simpler, to understand them you need the least amount of knowledge that any user should be able to understand. You've mentioned it yourself: If you enter the right passphrase you will derive your wallet address. If you enter the wrong passphrase there will be no warning and you will derive another wallet address. That is it, 2 sentences -- if a user can't memorize this knowledge they should not use passphrases or Bitcoin at all.

With the amount of security and flexibility that this provides, the correct conclusion is that it is an excellent tool. It should be used by those who understand and need it. Bitcoin is mostly about self-responsibility anyway, therefore never blame tools for your incorrect usage of anything.

Advice regarding passwords, passphrases and wallets is found in many other threads. I think soon it is time to close this thread.  

[NeuroticFish]

​However, while testing it, I realized something terrifying.

I keep recommending that - with or without the 25th word - people should verify the seed backup before they start using their wallet.
This also ensures that a backup was made.
Last time I've done this I've even checked the first address of the original wallet vs the fist address of the recovered address.


Of course, one can have fat fingers twice. Or have the the wrong keyboard setup (eg qwertz) in both cases. And for that OP does have a valid point.

[Xylber]

while testing it, I realized something terrifying.
If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses.

That precisely the whole idea behind the 25-word phrase
If someone kidnaps you and forces you to open your wallet, you use a fake word and the balance will appear as zero.

Not an option reccmmended for every user tho, but a good one for those who need it.

[Forsyth Jones]

That precisely the whole idea behind the 25-word phrase
If someone kidnaps you and forces you to open your wallet, you use a fake word and the balance will appear as zero.

It might not work depending on the criminal's motivation, plausible deniability should be one of the last lines of defense. Prevention is better than cure. Not telling the wrong people that you own BTC/crypto is essential, because anyone who isn't familiar with Bitcoin might think you have a lot BTC, which isn't true in most cases.

Not an option reccmmended for every user tho, but a good one for those who need it.

Even experienced users risk losing their passphrase, it almost happened to me, luckily I didn't lose it.

Passphrase is a feature I recommend for users who already have an understanding of self-custody and BIP39.

[Pmalek]

2. Inheritance: If something happens to me, my family will find the seed phrase, restore it, see an empty balance, and think I lost everything.

Does your family know that you own bitcoin and how they will recover it in case something happens to you? It isn't clear from the way you constructed the above sentence. Will they find your seed accidentally or do they know where to look? If they already know what they are supposed to do and where to look, then teach them about the passphrase in advance as well. Make multiple copies of it and tell them where they are. These are all things that should be handled while you are alive, healthy, and sane.

Does he enter those 30 characters on the hardware wallet itself? I'm already annoyed when I have to enter a short PIN on anything other than a PC keyboard.

You should try entering a seed phrase or a long and complex passphrase on a Blockstream Jade, which has left/right navigational buttons to navigate through the letters of the alphabet, numbers, and symbols. It's a lot of fun.

​@LoyceV
​>The solution is simple.
>After writing down the seed phrase (+passphrase, if there's any), regenerate the wallet from your backup and see if it gives you the same addresses.

I would even go one step further and send a small test transaction to the restored wallet. After that, send it back out again to ensure that it's working properly. That gives me greater peace of mind.