A BIP39 Passphrase refers to an optional, user-defined string of characters that acts as an additional “lock” on top of a standard 12 or 24-word seed phrase that creates a new “hidden” wallet.
Often referred to as the “13th word” or “25th word,” this passphrase isn’t limited to the standard BIP39 word list. Instead, it can be any combination of letters, numbers, and symbols created by the user. When a user adds a passphrase to a 12 or 24-word seed phrase, the wallet combines the new passphrase with the original seed phrase to derive a new set of private keys and addresses.
However, it’s essential to understand that a passphrase isn’t a “password” in the traditional sense. Rather than unlocking the wallet like a password would, every unique passphrase generates a completely independent crypto wallet from the same underlying seed.
Think of it like adding a secret ingredient to a recipe. By using one passphrase, you generate two sets of wallet addresses: one that’s based on the original seed phrase (the base ingredient), and one based on your secret recipe.
The Hidden Wallet #
Unlike a password, a passphrase doesn’t “lock” your seed phrase; it transforms it. If you have a 24-word seed phrase and enter the passphrase “Sovereign2026,” the wallet will show one set of balances. If you enter “Sovereign2027,” you will see a completely different, empty wallet.
- There is no “Incorrect Passphrase” error. If you make a typo, the wallet will simply generate a new, valid (but empty) wallet.
- The passphrase exists only in your mind (or backup). Unlike a PIN on a hardware device, the passphrase is never stored on the hardware wallet itself. It must be entered every time you access the wallet. Wallet apps make this intuitive, but they can’t help you recover a forgotten passphrase.
This structure allows for a decoy wallet strategy. For example, you can keep a small amount of funds on a standard seed and hide the rest of your assets using a passphrase-protected wallet. If the seed is compromised, the seed-only wallet will be the only visible wallet. The passphrase-generated wallet remains hidden.
Why It Matters #
Using a passphrase provides protections that a standard seed phrase cannot offer on its own. A passphrase creates hidden accounts, also called hidden volumes.
- 1. Protection Against Physical Discovery: If a thief (or a visitor in your home) finds your physical seed phrase backup, the passphrase-protected funds remain hidden. This effectively splits your security into two parts: “Something you have” (the words) and “Something you know” (the memorized passphrase).
- 2. Plausible Deniability: Because any passphrase generates a valid-looking wallet, the “bare” seed phrase appears to be your only wallet. There is no way to prove that a hidden, passphrase-protected wallet exists without knowing the specific characters used to create it.
- 3. Mitigation of Supply Chain Attacks: Even if a hardware wallet was tampered with during shipping to include a “backdoor” that leaks your 24 words, the attacker still would not have the passphrase you use to create and access the hidden wallet. The passphrase is never stored on the device’s chip.
Security Through Complexity #
The strength of a passphrase is determined by its complexity and its storage method. Since it is not limited to the 2,048 words in the BIP39 dictionary, a long, random passphrase adds an enormous amount of “computational work” for an attacker.
