Passphrases

Last updated: 2026-04-13

A passphrase is an optional extra word or phrase added on top of your 24-word seed. A different passphrase creates a completely different wallet — different keys, different addresses, different funds. There is no "wrong" passphrase; every input produces a valid wallet.

The trade-off is real: if you forget your passphrase, your bitcoin is gone forever. Get comfortable with the basics before adding this layer.

How It Works

The COLDCARD combines the passphrase with your seed phrase during key derivation. The result is a completely separate wallet. Bare seed (no passphrase) is one wallet. Seed + passphrase is a different wallet. Seed + a different passphrase is yet another.

There is no error message for a "wrong" passphrase. The device opens whatever wallet that passphrase produces. This is by design — an attacker can never know whether a passphrase exists or what it might be.

Picking a Good Passphrase

Strong enough it can't be guessed. Memorable enough you won't forget it.

Good approaches:

  • Diceware: Roll dice to pick 4-6 random words from a wordlist. Example: "correct horse battery staple". This gives high entropy while being memorable.
  • A meaningful but unpredictable sentence: Something personal that no one else would guess, but that you won't forget.

Bad approaches:

  • Your dog's name, birthday, "password123", or anything guessable
  • Something so complex you'll forget it in six months
  • Anything you've used as a password elsewhere

XFP Verification

Every wallet has a unique Extended Fingerprint (XFP) — an 8-character code derived from the master key. When you enter your passphrase, the COLDCARD displays the XFP for the resulting wallet.

The XFP is how you confirm you typed the passphrase correctly. Since there's no "wrong passphrase" error, it's your only verification. Different XFP than expected means you mistyped.

What to Do

  1. Set up your passphrase for the first time
  2. Note the XFP displayed on your COLDCARD (e.g., A1B2C3D4)
  3. Stamp the XFP on your metal seed backup next to the seed words
  4. Every time you enter the passphrase, check that the XFP matches

This takes two seconds and prevents you from accidentally sending bitcoin to the wrong wallet.

Duress Wallets

The passphrase enables plausible deniability:

  • No passphrase (bare seed): Keep a small decoy balance here. This is what you'd hand over under physical coercion.
  • With passphrase: Your real holdings live here.

If someone forces you to reveal your seed, they see the decoy wallet with a small balance. They have no way to know a passphrase wallet exists. This is your duress wallet strategy.

For this to work, the decoy balance must be believable. Enough to look like a real wallet, not enough to devastate you if lost.

Backing Up the Passphrase

Back up the passphrase separately from the seed phrase. If an attacker finds both together, the passphrase adds zero security.

  • Different physical location from your seed
  • Metal if possible (stamp it onto a separate SEEDPLATE)
  • A password manager works, but it becomes a single point of failure

COLDCARD Trick PINs

COLDCARD Trick PINs go beyond the passphrase:

  • Duress PIN: Opens a specific duress wallet directly, no passphrase needed
  • Wipe PIN: Entering this PIN instantly wipes the seed from the device
  • Brick PIN: Permanently destroys the secure element. The device can never be used again.
  • Countdown PIN: Forces a time delay (hours/days) before the device unlocks

Set these up in Settings > Login Settings > Trick PINs. Worth configuring if your threat model includes physical device seizure.

When to Use a Passphrase

Use it when:

  • You have significant holdings
  • You want plausible deniability
  • You can reliably back up and remember the passphrase
  • You've already tested the basic setup without a passphrase

Skip it when:

  • You're just getting started
  • You don't fully understand how it works yet
  • You're worried about forgetting it
  • Your threat model doesn't include physical seed theft