BIP39 Passphrase (the 25th word): A security layer or a self-lockout trap?

[Forsyth Jones]

You should try entering a seed phrase or a long and complex passphrase on a Blockstream Jade, which has left/right navigational buttons to navigate through the letters of the alphabet, numbers, and symbols. It's a lot of fun.

I already find it annoying to type passphrases on my Trezor Model T, imagine typing lengthy passphrases on a device that only allows two-button navigation. To avoid taking so long and having to switch character types, perhaps it would be better to use passphrases like:

Code:

outfield rearview fiftieth outshine chatter drab

That's why I think hardware wallets with a QWERTY keyboard like Coldcard Q and  Passport Prime (when it's released) are necessary.

I would even go one step further and send a small test transaction to the restored wallet. After that, send it back out again to ensure that it's working properly. That gives me greater peace of mind.

Another approach would be to note the fingerprint #00000000 that each wallet has, it changes every time a new passphrase is typed, but of course it's necessary to test at least 4 times if the passphrase is accessing the same wallet.

[Pmalek]

I already find it annoying to type passphrases on my Trezor Model T, imagine typing lengthy passphrases on a device that only allows two-button navigation. To avoid taking so long and having to switch character types, perhaps it would be better to use passphrases like:

Code:

outfield rearview fiftieth outshine chatter drab

The Jade has two options for entering BIP39 passphrases: manual and wordlist.
If you set it to 'manual', you need to find and type each character yourself and change between upper & lowercase letters, symbols and numbers. But if you select 'wordlist', you can only pick among the 2048 words from the BIP39 wordlist to set up your passphrase. Each word is selected in lowercase. It becomes easier to enter the passphrase with this method. Once you enter the first 3 or 4 characters, there can only be one word and the software selects it for you. For example, enter "acci" and the only word that corresponds to it from the BIP39 wordlist is "accident."

Another approach would be to note the fingerprint #00000000 that each wallet has, it changes every time a new passphrase is typed, but of course it's necessary to test at least 4 times if the passphrase is accessing the same wallet.

True, but I still feel more comfortable making an actual transaction and ensuring that everything works as it is supposed to.

[CryptoVoyager24]

​@NeuroticFish
​>Or have the the wrong keyboard setup (eg qwertz) in both cases.
​That is a brilliant point I hadn't considered! Since I boot Tails on different laptops depending on where I am, the hardware keyboard layout might differ. If I type my passphrase blindly on a QWERTZ keyboard thinking it is QWERTY, I am creating a wallet I can never restore on a normal machine.
Added "Check Keyboard Layout" to my setup checklist immediately. Thank you.

​@malek
>​Does your family know that you own bitcoin and how they will recover it in case something happens to you? ... Make multiple copies of it and tell them where they are.
​You hit the nail on the head. This is the main reason I am hesitant about the passphrase.
Currently, they know that I have assets, but they lack the technical skills to combine "Seed + Passphrase". My fear is that if I make the security too good (hidden wallets, decoys), I am essentially making it unrecoverable for my non-tech-savvy heirs.
I think I will stick to a detailed "In case of emergency" letter stored in a bank safety deposit box that explains exactly how to use the backups.
​Thanks for the reality check, everyone.

[LoyceV]

​@NeuroticFish
​>Or have the the wrong keyboard setup (eg qwertz) in both cases.
​That is a brilliant point I hadn't considered! Since I boot Tails on different laptops depending on where I am, the hardware keyboard layout might differ. If I type my passphrase blindly on a QWERTZ keyboard thinking it is QWERTY, I am creating a wallet I can never restore on a normal machine.

Are you changing your Tails keymap if you boot on a different laptop? I'd expect most keys to work normally if you load a QWERTY keymap on a QWERTZ laptop. If you don't look at the keyboard, it doesn't matter what it says on the keys

[satscraper]

I have been exploring the "Passphrase" feature (often called the 25th word) to add an extra layer of security to my cold storage. The idea of having a "hidden wallet" and protection against physical seed theft sounds amazing.
​However, while testing it, I realized something terrifying.
If I make a single typo in the passphrase (e.g., "P@ssword" vs "Password"), the wallet still opens, but it generates a completely different (empty) set of addresses. There is no "Wrong Password" error message. It just silently shows you a valid, empty wallet.
​This scares me for two reasons:
1. The "Fat Finger" risk: What if I transfer funds to a wallet generated by a typos-passphrase that I can never reproduce?
2. Inheritance: If something happens to me, my family will find the seed phrase, restore it, see an empty balance, and think I lost everything.
​How do you guys handle the passphrase storage? Do you write it down next to the seed (which defeats the purpose of physical security)? Or do you memorize it (which seems risky for long-term storage)?
​I am starting to feel that for a regular user, a passphrase adds more risk of user-error than the protection it offers against a $5 wrench attack.

To make sure you didn’t make any typos in your passphrase simply save the master fingerprint associated with your wallet. This fingerprint confirms that you’re using the correct extended SEED,i.e. SEED words plus the passphrase. I don’t know which wallet you’re using, but on my hardware wallet ^{Passport Core} this feature is enabled by default. Sparrow ^{software wallet} also supports it.

[CryptoVoyager24]

​@LoyceV
> If you don't look at the keyboard, it doesn't matter what it says on the keys smiley

​You are absolutely right regarding the alphabet (A-Z). If I touch-type "password", my fingers hit the same physical switches regardless of the labels.
​The real panic comes with special characters.
My passphrase includes symbols. On a standard US layout, @ is Shift+2. On a German QWERTZ, it is AltGr+Q. On a UK layout, " and @ are swapped.
If I am on a borrowed laptop and instinctively look down to find the symbol on the keys, that is where the "User Error" trap springs if the OS layout doesn't match the physical labels.
​So yes, I now explicitly check/set the Keyboard Layout in the Tails Greeter every time to match the hardware I am using.