A BIP39 passphrase adds a second layer to your cold storage — your seed phrase becomes worthless without it. Here's how passphrases work and how to use them safely.
Your hardware wallet's 24-word seed phrase is your Bitcoin. If someone gets those words, they get everything. A BIP39 passphrase — sometimes called a 25th word — adds a second layer of security that makes your seed phrase alone worthless to an attacker.
This is one of the highest-leverage security upgrades you can make to your cold storage setup. Here's exactly how it works and how to use it safely.
A BIP39 passphrase is an optional extension to your 24-word seed phrase. When you add one:
Critically, there is no "wrong" passphrase. Every passphrase — including a blank one — generates a valid wallet. This is by design.
Technical detail: The passphrase is concatenated with your seed phrase and run through PBKDF2 with 2048 iterations of HMAC-SHA512 to generate the root key. The seed phrase alone generates your base wallet (empty passphrase). Add any string and you get a different root key.
If your seed phrase backup is stolen, found, or photographed, the attacker gains access to your wallet — unless you have a passphrase. With a passphrase, they have a wallet with nothing in it (or a small decoy amount).
You can maintain two wallets:
Under duress, you reveal the seed phrase. The attacker finds the decoy wallet and believes that's all you have.
If your hardware wallet is compromised through a supply chain attack, the attacker extracts your seed phrase but not your passphrase. Your real wallet remains safe.
All major hardware wallets support BIP39 passphrases:
| Device | Passphrase Support | Entry Method |
|---|---|---|
| Coldcard Mk4 | Full support | On-device keypad |
| Trezor Safe 5 | Full support | On-device touchscreen |
| Foundation Passport | Full support | On-device keyboard |
| Bitbox02 | Full support | Via companion app |
| Jade | Full support | On-device |
| Keystone 3 Pro | Full support | On-device |
See our full Bitcoin Cold Storage Guide for device reviews.
Key feature: Coldcard shows a 4-word verification string for each passphrase, making it easy to verify you're in the right wallet without revealing the passphrase itself.
Length matters most. A passphrase of 12+ characters is computationally infeasible to brute-force.
Good passphrase characteristics:
Examples of poor passphrases: bitcoin, password123, satoshi
Examples of better patterns: A short memorable phrase with spaces and numbers, like blue!miner44sky
Here's where people lose Bitcoin. The passphrase is not stored on your hardware wallet. If you forget it or lose it, your Bitcoin is gone.
Passphrase storage strategies:
Option 1: Memorize only. If your passphrase is short and memorable enough to reliably recall forever, memorization works. Risk: memory loss, death, injury.
Option 2: Write it down, stored separately from seed phrase. Keep the passphrase written on metal or paper, stored in a different location from your seed phrase. An attacker needs to find both.
Option 3: Institutional backup. Services like Unchained Capital or Casa can hold encrypted passphrase backups as part of their inheritance and recovery services.
Never: Store the passphrase in the same location as your seed phrase. This defeats the security benefit entirely.
Mistake 1: Sending Bitcoin to the passphrase wallet before verifying recovery. Always verify you can recover the wallet with your passphrase before sending real Bitcoin.
Mistake 2: Using different capitalization. The passphrase "Bitcoin" and "bitcoin" generate completely different wallets. Be exact.
Mistake 3: Forgetting trailing spaces. "bitcoin " (with a trailing space) is different from "bitcoin". BIP39 accepts any character.
Mistake 4: Not testing recovery. Before loading real funds, restore from seed phrase + passphrase on a second device to confirm it works.
Yes. Enable the passphrase on your existing device. Your existing (no passphrase) wallet stays intact. Move your Bitcoin to the new passphrase wallet by sending from the no-passphrase wallet to a receive address from the passphrase wallet.
Your Bitcoin is permanently inaccessible. There is no recovery mechanism, no customer support, no reset. This is why passphrase storage strategy is as important as the passphrase itself.
No. The passphrase is never stored on the device. You enter it fresh each session. This is a security feature — the device cannot be forced to reveal it.
Yes. Each passphrase generates an entirely separate wallet. You could have a different wallet for each passphrase you use, all derived from the same 24 words.
No. Seed phrase and passphrase are separate. Back up both, but store them in different locations. Your seed phrase backup should NOT include your passphrase.
Explore cold storage options in our Cold Storage Directory. See also: Bitcoin Seed Phrase Guide and Bitcoin Multisig Cold Storage Setup.
Get our free Beginners Guide to Buying Bitcoin plus weekly insights for long-term holders.
A step-by-step guide to setting up a 2-of-3 multisig Bitcoin cold storage arrangement using Sparrow Wallet and hardware wallets — the gold standard for protecting significant Bitcoin holdings.
Air-gapped Bitcoin hardware wallets like Coldcard, Keystone 3 Pro, and Foundation Passport sign transactions via QR codes only — private keys never touch a connected device. This guide explains how they work and when to use one.
Air-gapped Bitcoin signing keeps your private keys permanently offline — transactions are signed with zero internet connectivity. Here's how to set up and use air-gapped cold storage.