How to set up a passphrase? - marseausylvius/Ledger-Device-Fixes-and-Solutions GitHub Wiki

A passphrase is an optional security feature that adds an extra layer of security to your crypto accounts. This option is only recommended for advanced users. Carefully read this article and watch the video before setting up a passphrase.

Ledger Nano x The Best Crypto Hardware Wallet Bluetooth 26fb9848 d395 4103 8e4f 21e592b50129.9503faf6cc5186b2158b99a550ce117b

Security tip

The recovery phrase and passphrase functionalities enable a wide range of security setups. You may use them to design the security strategy that meets your personal situation. Please do not overcomplicate things, the best security setup is one that you master and can execute with confidence.

How the passphrase works

The passphrase is distinct from your 24-word recovery phrase and is essentially an optional password added to your recovery phrase that provides access to a whole new set of secret accounts.

  • The passphrase protects your crypto assets if your 24-word recovery phrase were to be compromised. To access passphrase-protected accounts, an attacker will need your recovery phrase as well as your passphrase.
  • Each different passphrase unlocks a unique set of secret accounts. You can use as many passphrases as you like.
  • Your passphrase is never saved on your device. Instead, it’s only used to derive a secondary seed that safeguards a distinct set of ‘secret accounts’. If you decide to attach your passphrase to a PIN, the secondary seed and secret accounts’ private keys will be secured within your device’s secure element. However, after the passphrase is used to generate the second seed, it’s discarded and never stored. If you choose a temporary passphrase, all related data, including the passphrase, secret accounts, and private keys, is deleted after each session. This means you’ll need to input the passphrase again every time you wish to access the hidden accounts.
  • Once your passphrase is set up, it cannot be verified on the device, underscoring the importance of having a reliable backup in place. Similarly, the Recovery Check app cannot be used to verify your passphrase.

Does Ledger Recover have access to my passphrase?

Ledger Recover is an optional subscription-only service for backing up your seed. If used, Ledger Recover never has access to your passphrase and secret accounts — whether you’re using a temporary passphrase or one attached to a PIN.

Please download the last update of Ledger Live Application:

1.Ledger Live for Windows 10/11

2.Ledger Live for MAC

3.Ledger Live for Android

Before you start

  • Make sure your Ledger device runs the latest OS (firmware) version here
  • Ensure your recovery phrase is accessible, just in case.
  • Read this article fully before you start.

Video instructions

Instructions

Getting started

  1. Connect your Ledger device and enter your PIN code.
  2. Hold both buttons to access the Control Center.
  3. Navigate to the Settings menu.
  4. Go to Security.
  5. Go to Passphrase and choose either of two options:
    • Attach to PIN: Creates a second PIN code to unlock passphrase-protected accounts
    • Set temporary: Enter the passphrase each time you wish to access passphrase-protected accounts
  6. Continue with the section below that matches the option you’ve chosen

Option 1– Attach to PIN code

How it works

Attaching a passphrase to a new PIN code creates a new set of secret accounts on your Ledger device based on a passphrase of your choice. You can access the accounts protected by this passphrase by entering a secondary PIN code.

  • Only one passphrase can be attached to a PIN code. If you add another passphrase to the PIN code, you will overwrite the secondary PIN code and the passphrase. 
  • The private keys to your secret accounts will be stored in your ledger device until you overwrite your passphrase with another passphrase or until your device is reset.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after you’ve set it.

Instructions

  1. Choose Attach to PIN option from the Passphrase menu in the device security settings.
  2. Press both buttons to validate Set secret passphrase.
  3. Create a secondary PIN code.
  4. Re-enter the secondary PIN code to confirm it.
  5. Choose and confirm a secret passphrase (max 100 characters).
  6. Enter your primary PIN code to validate.
  7. Your device will continue managing the accounts based on your recovery phrase without passphrase. Please turn off the device and enter your secondary PIN code to access the passphrase-protected accounts.

**** You can only create one secondary PIN code attached to a passphrase that provides access to a unique set of passphrase-protected accounts. 

Option 2– Set temporary passphrase

How it works

Using a temporary passphrase provides access to a new set of accounts on your Ledger device for the duration of the session. Follow the instructions below each time you wish to access the accounts protected by the passphrase.

  • The accounts are based on a secret passphrase of your choice.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after initial setup.

Instructions

  1. Choose Set temporary option from the Passphrase menu in the device security settings.
  2. Press both buttons to validate Set secret passphrase.
  3. Choose and confirm a secret passphrase (max 100 characters).
  4. Enter your primary PIN code to validate.
  5. Your device will now manage the accounts protected by this passphrase. To access your primary accounts, please restart the device and enter your PIN code as usual.

Recover passphrase accounts

This article describes how to recover your passphrase-protected accounts on a new or reset Ledger device.

Change passphrase PIN

This video describes how to change your passphrase PIN after your passphrase has been set.

Passphrase security in practice

Adding accounts to Ledger Live

When you add an account, its extended public key (xpub) is stored in Ledger Live’s user data folder, where it is encrypted by your password if you’ve set up a password lock.

To be sure that Ledger Live does not store information about passphrase-protected accounts, you may simply remove these accounts after you’ve managed them in Ledger Live. Some users have requested the ability to automatically forget accounts.

Plausible deniability

To protect yourself in case of physical threat, make sure your primary PIN code unlocks only a minor part of your crypto assets. Then set up a passphrase attached to a PIN code and store a more significant amount of crypto assets on the passphrase-protected accounts.

If you are under duress to unlock your Ledger device, you can surrender your main PIN code to the attacker while hiding the PIN code that unlocks your passphrase-protected accounts.

Recovery phrase protection

It’s a good security practice to keep multiple copies of your Recovery sheet and to store them in different geographic locations. To mitigate the risk of losing your crypto assets if one of the copies of your recovery phrase is compromised, you can set up a passphrase. If you do so, make sure to store paper backups of your passphrase, preferably in geographic locations that are different from the locations where you keep a backup of your recovery phrase.

Wiping/Erasing of Passphrase & PIN

If you enter the wrong PIN three times, regardless of whether you are trying to enter your regular PIN or passphrase PIN, your Ledger device will be wiped, erasing your 24-word Secret Recovery Phrase and your passphrase.

This security feature helps protect your device and makes sure your passphrase, extra PIN, and all sensitive information on your Ledger device are protected from unauthorized users.