trezor-safe-guide.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Passphrase (25th Word): Risks, Benefits, and Best Practices

Daniella Winslow Daniella Winslow
Try Tangem secure wallet →

Passphrase (25th Word): Risks, Benefits, and Best Practices

What is the passphrase (25th word)?

A passphrase (often called the "25th word") is an optional extra secret that you can append to your standard 12- or 24-word seed phrase to create a different wallet. Think of your seed phrase as the master key. The passphrase is an extra password that makes a second master key. Together they produce a different set of private keys and addresses.

This is a non-custodial feature: you and only you control the private keys if you keep both the seed phrase and the passphrase. I believe the passphrase is best understood as a high-risk, high-reward tool — powerful when used carefully, dangerous when it’s mismanaged.

How the passphrase works (plain language)

Under the hood, the passphrase is combined with your seed phrase using a standard key-derivation function to generate a unique master private key. In practice that means:

  • seed phrase alone = Wallet A
  • seed phrase + passphrase = Wallet B (completely separate)

One seed phrase can therefore unlock many different wallets depending on the passphrase entered. The wallet software will show different addresses and balances for each passphrase.

Try Tangem secure wallet →

But don’t assume a missing balance means loss. Often it just means the wallet is unlocked with a different passphrase or no passphrase at all.

Benefits of using a passphrase

  • Extra security layer: if someone steals your seed phrase but not your passphrase, they may not access funds stored under the passphrase.
  • Plausible deniability: you can have a "decoy" wallet (with few or no funds) that you hand over, while the real funds sit under a different passphrase. (Use this carefully; legal considerations vary.)
  • Compartmentalization: different passphrases can separate funds for spending, long-term storage, or business use.

In my testing, using a passphrase made me more disciplined about separating daily spending wallets from long-term cold storage. And that separation reduced accidental use of the wrong account.

25th word passphrase risks — what can go wrong

This is the hard part. The passphrase adds attack surface because it is an extra secret you must manage.

Key risks:

  • Total loss if you forget the passphrase. No company or recovery service can restore it.
  • Usability errors: typos, different capitalization, or even a trailing space create a different wallet.
  • Storage mistakes: storing the passphrase with the seed phrase (on the same metal plate or in the same password manager) defeats the point.
  • Phishing and malware: if you enter a passphrase on a compromised computer or into an unauthenticated app, it can be exfiltrated.
  • False zero-balance panic: entering the wrong passphrase can show a zero balance (or small balances) and cause stress.

In my experience, forgetting or mistyping the passphrase is the single most common cause of wallet access problems. So treat passphrases like a second master key — but with stricter operational rules.

Should I use a passphrase on my hardware wallet? (quick decision guide)

Should I use passphrase hardware wallet? Short answer: it depends on your threat model and discipline.

Ask yourself:

  • Are you storing large, long-term holdings? If yes, a passphrase can be worth the operational complexity.
  • Can you securely store another secret separately from the seed phrase? If no, avoid it.
  • Would plausible deniability help in your jurisdiction? Legal advice may be necessary.

Who should use a passphrase:

  • Experienced self-custody holders who already follow robust backup and recovery procedures.
  • People willing to accept the risk of a single extra secret in exchange for stronger privacy or deniability.

Who should avoid it:

  • New users who haven't yet proven they can reliably back up and restore a 12/24-word seed phrase.
  • Anyone who cannot guarantee separate, secure storage for the passphrase.

If you’re unsure, consider multisig as an alternative. Multisig reduces single-point-of-failure risk without adding a hidden secret. See the multisig guide for options.

How to set up and manage a passphrase — step by step

How to (and how not to): practical steps.

  1. Update firmware first. A secure element and the latest firmware reduce attack surface. See the firmware updates guide.
  2. Initialize a fresh seed phrase and back it up using the seed backup guide before enabling any passphrase.
  3. Decide whether your device will accept typed passphrases on-device (safer) or via a host computer (less safe). Prefer on-device entry or an air-gapped workflow. See air-gapped guide.
  4. Choose the passphrase. Use a long, memorable phrase or a securely generated string. Avoid storing this on the same medium as your seed phrase. And yes, write it down — but store it separately.
  5. Test with a small amount. Send a tiny amount to an address derived from the passphrase and confirm you can move it back.
  6. Document your process. Keep a private record (not stored with the seed) of how you type the passphrase (capitalization, spaces, special characters).
  7. Consider using a dedicated metal plate for the passphrase if you plan physical backup. Never engrave the passphrase and the seed phrase on the same plate.

In my testing, step 5 (the test send) prevented more than one accidental lockout. It’s a small effort that pays off.

Quick comparison: No passphrase vs passphrase vs multisig

Feature No passphrase Passphrase (25th word) Multisig
Single secret to manage Yes No (seed + passphrase) No (multiple keys)
Protects against seed theft alone No Yes (if passphrase secret) Yes (if threshold >1)
Recovery risk if forgotten Lower Very high (unrecoverable) Lower if backups exist
Operational complexity Low High Medium–High
Best for Beginners, small balances Advanced users, high-value storage Those who want no single point of failure

Passphrase diagram (placeholder)

Troubleshooting: Why your wallet may show a zero balance

Common cause: wrong passphrase.

  • Try without a passphrase first.
  • Try any alternate passphrases you use (including empty string vs a single space).
  • Check derivation paths and account indices in your wallet software — different wallets use different defaults.
  • If the device itself supports hidden wallets per passphrase, ensure you are selecting the correct one on the device.

If you still see zero balance after verifying passphrase and derivation settings, restore the seed phrase (without passphrase) on a clean device or an air-gapped wallet to confirm the original funds exist. See recovery and restore.

FAQ

Q: Can I recover my crypto if the device breaks?

A: Yes — if you have the seed phrase and the passphrase (if used). Restore onto another compatible hardware wallet or an air-gapped tool. If you lose the passphrase but keep the seed phrase, funds under the passphrase are unrecoverable.

Q: What happens if I forget my passphrase?

A: Funds protected by that passphrase are effectively gone. That’s the trade-off for the extra security. Consider multisig or key-splitting if you fear human memory errors.

Q: Is Bluetooth safe for entering a passphrase?

A: Bluetooth increases the attack surface compared with wired or air-gapped methods. Enter passphrases on-device when possible. See connectivity security for more.

Q: Why does my wallet show a different balance after enabling a passphrase?

A: Because passphrase-derived wallets create different addresses. You may be looking at an empty derivation that corresponds to a different passphrase.

Wrap-up and next steps

A passphrase (25th word) can be a powerful tool for privacy and extra security when used carefully. But it raises the stakes: lose it, and you lose access to funds. If you decide to use one, follow the step-by-step checklist here, test with small transactions, and keep your passphrase storage strictly separate from your seed backups.

If you're building a long-term storage plan, read the guides on seed backups, multisig options, and air-gapped workflows. For step-by-step device setup examples see the general device setup guide and the firmware updates guide.

Want help choosing between a passphrase and multisig for a specific holding? Check the multisig guide and then test your chosen setup with small amounts before migrating significant funds. But remember: the human factor is the highest risk — pick a plan you can reliably follow.

Try Tangem secure wallet →