Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

  1. Ledger Support
  2. Documentation
  3. Protect your device

How to set up a passphrase?

Last updated:

A passphrase is an optional security feature that adds an extra layer of security to your crypto accounts. This option is only recommended for advanced users. Carefully read this article and watch the video before setting up a passphrase.

 Security tip

The recovery phrase and passphrase functionalities enable a wide range of security setups. You may use them to design the security strategy that meets your personal situation. Please do not overcomplicate things, the best security setup is one that you master and can execute with confidence.

How the passphrase works

The passphrase is distinct from your 24-word recovery phrase and is essentially an optional password added to your recovery phrase that provides access to a whole new set of secret accounts.

  • The passphrase protects your crypto assets if your 24-word recovery phrase were to be compromised. To access passphrase-protected accounts, an attacker will need your recovery phrase as well as your passphrase.
  • Each different passphrase unlocks a unique set of secret accounts. You can use as many passphrases as you like.
  • Your passphrase is never saved on your device. Instead, it's only used to derive a secondary seed that safeguards a distinct set of 'secret accounts'. If you decide to attach your passphrase to a PIN, the secondary seed and secret accounts' private keys will be secured within your device's secure element. However, after the passphrase is used to generate the second seed, it's discarded and never stored. If you choose a temporary passphrase, all related data, including the passphrase, secret accounts, and private keys, is deleted after each session. This means you'll need to input the passphrase again every time you wish to access the hidden accounts.

 Does Ledger Recover have access to my passphrase?

Ledger Recover is an optional subscription-only service for backing up your seed. If used, Ledger Recover never has access to your passphrase and secret accounts — whether you're using a temporary passphrase or one attached to a PIN.

Before you start

  • Your device is set up and runs the latest firmware.
  • Ensure your recovery phrase is accessible, just in case.
  • Read this article fully before you start.

Instructions

Getting started
  1. Connect your Ledger device and enter your PIN code.
  2. Hold both buttons to access the Control Center.
  3. Navigate to the Settings menu.
  4. Go to Security.
  5. Go to Passphrase and choose either of two options:
    • Attach to PIN: Creates a second PIN code to unlock passphrase-protected accounts
    • Set temporary: Enter the passphrase each time you wish to access passphrase-protected accounts
  6. Continue with the section below that matches the option you've chosen
Option 1 - Attach to PIN code

How it works

Attaching a passphrase to a new PIN code creates a new set of secret accounts on your Ledger device based on a passphrase of your choice. You can access the accounts protected by this passphrase by entering a secondary PIN code.

  • Only one passphrase can be attached to a PIN code. If you add another passphrase to the PIN code, you will overwrite the secondary PIN code and the passphrase. 
  • The private keys to your secret accounts will be stored in your ledger device until you overwrite your passphrase with another passphrase or until your device is reset.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after you've set it.

Instructions

  1. Choose Attach to PIN option from the Passphrase menu in the device security settings.
  2. Press both buttons to validate Set secret passphrase.
  3. Create a secondary PIN code.
  4. Re-enter the secondary PIN code to confirm it.
  5. Choose and confirm a secret passphrase (max 100 characters).
  6. Enter your primary PIN code to validate.
  7. Your device will continue managing the accounts based on your recovery phrase without passphrase. Please turn off the device and enter your secondary PIN code to access the passphrase-protected accounts.

  You can only create one secondary PIN code attached to a passphrase that provides access to a unique set of passphrase-protected accounts. 

Option 2 - Set temporary passphrase

How it works

Using a temporary passphrase provides access to a new set of accounts on your Ledger device for the duration of the session. Follow the instructions below each time you wish to access the accounts protected by the passphrase.

  • The accounts are based on a secret passphrase of your choice.
  • Store a physical backup of the secret passphrase in a secure place. The device cannot display it after initial setup.

Instructions

  1. Choose Set temporary option from the Passphrase menu in the device security settings.
  2. Press both buttons to validate Set secret passphrase.
  3. Choose and confirm a secret passphrase (max 100 characters).
  4. Enter your primary PIN code to validate.
  5. Your device will now manage the accounts protected by this passphrase. To access your primary accounts, please restart the device and enter your PIN code as usual.
Recover passphrase accounts
This article describes how to recover your passphrase-protected accounts on a new or reset Ledger device.
Change passphrase PIN
This video describes how to change your passphrase PIN after your passphrase has been set.
Passphrase security in practice

Adding accounts to Ledger Live

When you add an account, its extended public key (xpub) is stored in Ledger Live's user data folder, where it is encrypted by your password if you've set up password lock.

To be sure that Ledger Live does not store information about passphrase-protected accounts, you may can simply remove these accounts after you've managing them in Ledger Live. Some users have requested the ability to automatically forget accounts.

Plausible deniability

To protect yourself in case of physical threat, make sure your primary PIN code unlocks only a minor part of your crypto assets. Then set up a passphrase attached to a PIN code and store more significant amount of crypto assets on the passphrase-protected accounts.

If you are under duress to unlock your Ledger device, you can surrender your main PIN code to the attacker while hiding the PIN code that unlocks your passphrase-protected accounts.

Recovery phrase protection

It’s a good security practice to keep multiple copies of your Recovery sheet and to store them in different geographic locations. To mitigate the risk of losing your crypto assets if one of the copies of your recovery phrase is compromised, you can set up a passphrase. If you do so, make sure to store paper backups of your passphrase, preferably in geographic locations that are different from the locations where you keep a backup of your recovery phrase.

 Silent Wiping of Passphrase PIN

If you enter the wrong PIN three times, your extra PIN (passphrase PIN) might be erased without warning. This helps protect your extra PIN from unauthorized access, even if someone knows your regular PIN.

It's important to know that entering the regular PIN correctly won't reset this extra PIN counter. This extra security keeps your device safe and makes sure your extra PIN and sensitive information are protected from unauthorized users.

Learn more

Was this article helpful?