Advanced passphrase security

Set up a passphrase to add a layer of security to your crypto assets. This option is only recommended for advanced users. Carefully read this article before setting up a passphrase.

  Security tip

The recovery phrase and passphrase functionalities enable a range of security setups. You may use them to design the security strategy that meets your personal situation. Please do not overcomplicate things, the best security setup is one that you master and can execute with confidence.

How the passphrase works

The 24-word recovery phrase saved during initial setup of your Ledger device fully backs up the private keys providing access to your accounts. You must store it in a secure place.

  • The passphrase is essentially a password added to your 24-word recovery phrase that provides access to a whole new set of accounts.
  • The passphrase protects your crypto assets if your 24-word recovery phrase were to be compromised. To access passphrase-protected accounts, an attacker will need your recovery phrase as well as your secret passphrase.
  • Each different passphrase unlocks a unique set of accounts. You can use as many passphrases as you like.

Before you start

  • Your device is set up and runs the latest firmware.
  • Ensure your recovery phrase is accessible, just in case.
  • Read this article fully before you start.

Instructions

Getting started
  1. Connect your Ledger Nano S and enter your PIN code.
  2. Navigate to the Settings menu.
  3. Go to Security.
  4. Go to Passphrase and choose either of two options:
    • Attach to a PIN: Creates a second PIN code to unlock passphrase-protected accounts
    • Set temporary: Enter the passphrase each time you wish to access passphrase-protected accounts
  5. Continue with the section below that matches the option you've chosen
Option 1 - Attach to PIN code

How it works

Attaching a passphrase to a new PIN code creates a new set of accounts on your Ledger Nano S based on a secret passphrase of your choice. You can access the accounts protected by this passphrase by entering a secondary PIN code.

  • The passphrase will be stored on the device until you overwrite it with another passphrase or until the device is reset.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after you've set it.

Instructions

  1. Choose Attach to a PIN option from the Passphrase menu in the device security settings.
  2. Create a secondary PIN code.
  3. Re-enter the secondary PIN code to confirm it.
  4. Choose and confirm a secret passphrase (max 100 characters).
  5. Enter your primary PIN code to validate.
  6. Your device will continue managing the accounts based on your recovery phrase without passphrase. Please turn off the device and enter your secondary PIN code to access the passphrase-protected accounts.
Option 2 - Set temporary passphrase

How it works

Using a temporary passphrase provides access to a new set of accounts on your Ledger Nano S for the duration of the session. Follow the instructions below each time you wish to access the accounts protected by the passphrase.

  • The accounts are based on a secret passphrase of your choice.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after initial setup.

Instructions

  1. Choose Set temporary option from the Passphrase menu in the device security settings.
  2. Choose and confirm a secret passphrase (max 100 characters).
  3. Enter your primary PIN code to validate.
  4. Your device will now manage the accounts protected by this passphrase. To access your primary accounts, please restart the device and enter your PIN code as usual.
Recover passphrase accounts

In case of loss or a reset of your Ledger Nano S, you can recover access to your crypto assets on any Ledger device as long as you have both your 24-word recovery phrase and secret passphrase.

Instructions

  1. Take out your recovery phrase and passphrase.
  2. Restore the Ledger device from your recovery phrase.
  3. Follow the instructions above for a temporary passphrase or attach to PIN code while taking into account: 
    • Temporary passphrase: Simply enter the passphrase you've set up earlier to access the accounts protected by that passphrase.
    • Attach to PIN code: You can choose any PIN code, but you need to enter the passphrase you've set up earlier to access the accounts protected by that passphrase.
Passphrase security in practice

Plausible deniability

To protect yourself in case of physical threat, make sure your primary PIN code unlocks only a minor part of your crypto assets. Then set up a passphrase attached to a PIN code and store more significant amount of crypto assets on the passphrase-protected accounts.

If you are under duress to unlock your Ledger Nano S, you can surrender your main PIN code to the attacker while hiding the PIN code that unlocks your passphrase-protected accounts.

Recovery phrase protection

It’s a good security practice to keep multiple copies of your Recovery sheet and to store them in different geographic locations. To mitigate the risk of losing your crypto assets if one of the copies of your recovery phrase is compromised, you can set up a passphrase. If you do so, make sure to store paper backups of your passphrase, preferably in geographic locations that are different from the locations where you keep a backup of your recovery phrase.

Learn more

Was this article helpful?
290 out of 355 found this helpful