The most important facts in brief:

  • An optional passphrase can be used to derive different wallets from a given mnemonic (i.e. the 24 words).
  • This is a function for advanced users to obtain additional security.
  • There are some risks and special features that should be taken into account when using it.
  • The frequent designation as "25th word" is misleading and should be avoided.

Note: There is often confusion between the terms "seed" and "mnemonic". This article therefore consistently refers to the "mnemonic" when the 12 or 24 words are meant, and to "seed" as soon as the seed value resulting from the mnemonic and optional passphrase is meant.

What is an optional passphrase?

To understand exactly what an optional passphrase is, we need to look at how a Bitcoin wallet and the private and public keys behind it are created in the first place. Put simply, a so-called mnemonic (mnemonic phrase) is first derived from a very large random number, which usually consists of 12 or 24 words. The actual seed is then derived from this mnemonic together with an additional value, i.e. the number that uniquely determines all subsequent keys and thus also "the wallet". This additional value is normally constant, i.e. always the same. With an optional passphrase, however, it can be optionally extended, which leads to a completely new or different wallet due to the way in which the seed value is derived.


Each optional passphrase leads to a new, i.e. completely independent wallet with different keys and addresses.

Important properties

The functionality of the optional passphrase leads us to some extremely important features that are essential to understand if you want to use the function securely and responsibly.

Every passphrase is valid

Unlike a standard password that is requested on a website, for example, you have a free choice every time you enter the optional passphrase. This is because each passphrase leads to a separate, different wallet; there are no "wrong" passphrases.


If you make a mistake, you end up in a different - and probably empty - wallet. The Bitcoin on the "normal" wallet, i.e. the wallet without a passphrase, or on other wallets with a passphrase are not affected if this happens. Nothing will be deleted or overwritten and nothing will be lost, they are just different drawers that you can look into or not.

Subsequent addition

The way the optional passphrase works means you have to move away from the concept of a classic password. It is also not an "encryption" of existing content. The fact that every passphrase really does lead to a new wallet cannot be repeated often enough.

Accordingly, you cannot add an optional passphrase to an existing wallet at a later date. Instead, you have to effectively change the wallet, i.e. carry out a transaction from the old wallet, without a passphrase, to the new one.

No memory

Almost all software and hardware wallets do not remember the optional passphrases used, and that is a good thing. After all, you want to create an independent, second factor so that nobody can access your Bitcoin when accessing hardware or software as long as the passphrase is not known.

This makes the aforementioned property that every optional passphrase is valid in principle all the more important, even if the user actually means a different one. In such cases, the hardware or software has no way of alerting the user to an "incorrectly entered" passphrase.

The BitBox02 recommended by, for example, works in exactly the same way: the user has to enter their passphrase manually every time they unlock the device because the device does not save it. Although this makes it a little less practical, it does increase security.

Other manufacturers, such as the market leader Ledger, offer additional functions that allow an optional passphrase to actually be stored on the device and linked to a separate PIN. This attach-to-PIN function increases practicability accordingly, especially for complex passphrases - albeit with compromises in security, as the passphrase is no longer completely independent of the hardware wallet.

Widespread standard

The optional passphrase is a standard defined in BIP-39 (Bitcoin Improvement Proposal) that is compatible with a wide variety of software and hardware wallets, regardless of the manufacturer. A wallet with an optional passphrase created on hardware wallet A can therefore generally be imported and used with software wallet B without any problems.

The "25th word"

The optional passphrase is often colloquially referred to as the "25th word", as it is normally used in addition to the existing 24 words. This term is misleading in that it extremely limits the actual potential of the optional passphrase. For beginners in particular, this simplification quickly leads to a simple word being chosen instead of a complex passphrase that is as long as possible.

The "25th word" should therefore not actually be a word at all, and certainly not one from the corresponding BIP-39 word list. This would only lead to potential attackers being able to guess the passphrase with ease and you would not benefit at all from the additional security you actually want.

What should a passphrase look like?

The short answer to this question is: like a good password. The common principles that you've probably heard of in one place or another also apply to the optional passphrase: as long and as complex as possible. This is because the only way for an attacker to bypass the optional passphrase is to try to guess it. However, if the passphrase is sufficiently complex, this attempt will eventually become impossible.

Specific recommendations regarding length, upper and lower case, numbers and special characters are of course debatable at this point. If you want to achieve a similar level of security as with the 12 or 24 words (namely 128 bits), then an optional passphrase could look like this: h*AMh]xS6OPGwq;_|7&q3M.

Admittedly, such complex passphrases are relatively cumbersome to use on a day-to-day basis, as they usually have to be typed in manually, which can quickly become cumbersome with many hardware wallets due to bulky operating elements alone.

It is therefore important to find an individual compromise between practicality and security, whereby the latter should always have the last word!

A second factor

Let's finally take a look at the concrete advantage of an optional passphrase!

Normally, the security of your own wallet depends firstly on how it was created (e.g. securely on a hardware wallet) and secondly on how it is used and how securely the backup is stored. If an attacker, e.g. a burglar, gains access to your own 24 words, you face a total loss. Especially with large sums of money, the risk of making everything dependent on a single backup becomes unacceptable for many people.

This is where the optional passphrase comes into play as a second factor: to gain access to your Bitcoin, you need access to both the mnemonic and the optional passphrase. If you only know one component at a time, you are left empty-handed, or rather with an empty wallet. The optional passphrase can therefore protect you from loss, especially as burglary protection, but also in the event of physical access to the hardware wallet.

To prevent the use of the optional passphrase as a second factor from becoming absurd, it should therefore be stored separately from the mnemonic. We will go into more detail later on why you should not rely on memorizing the passphrase exclusively in your head.

Credible deniability

The approach of the second factor can be taken even further with the help of "plausible deniability". Remember: every passphrase leads to a completely new wallet, which theoretically also allows us to use hidden wallets.

The idea is that if you find yourself in an emergency situation, for example because you are being actively threatened by a blackmailer, you can simply abandon the "normal" wallet without a passphrase. For example, you could only store a small amount as bait. The actual "Bitcoin treasure" is then hidden in a wallet protected with a passphrase, which the attacker cannot know about, at least in theory.

How realistic or relevant such a scenario really is, and whether you could really "stay cool" and credibly deny it, is something everyone has to decide for themselves.


In general, the advantage of the second factor automatically results in a disadvantage: if you lose or forget your optional passphrase, this means the total loss of your Bitcoin, at least if you have chosen a secure passphrase.

It is therefore all the more important to come up with a good concept for storing the optional passphrase. Probably the worst idea is to rely on your own memory and not save the passphrase anywhere in writing. Even if you can certainly remember your "favorite password" better than 24 English words, you should never rely on it.


Recommendation: The mnemonic and optional passphrase should always be stored separately, but still in writing and above all securely.

I can only emphasize this: BitBox support (since 2015 with BitBox01) has a lot to do with forgotten passphrases, but never with stolen Bitcoin without a passphrase. - Stadicus, employee at BitBox.

Should the worst-case scenario occur and you forget your passphrase, there is still one last hope with service providers such as ReWallet: if you remember the details of your passphrase or it wasn't particularly strong anyway, the IT experts at the Berlin-based company can restore access with a bit of luck.

Other stumbling blocks to be aware of:

  • Typing errors when entering data mean that you end up in the "wrong" wallet, which generates "wrong" addresses for you accordingly. For this reason, you should always be very accurate and check your passphrase several times for accuracy, especially when using it for the first time.
  • In the event of death, not only the 24 words but also the passphrase must be transmitted to your heirs. In addition, it may of course be the case that the heirs do not know what to do with either the 24 words or the additional passphrase. You should therefore think about such cases in good time.


To conclude this article, we would like to emphasize once again that although an optional passphrase can be a powerful function if used correctly, there is also a risk of total loss if errors are made. For this reason, the function should be expressly reserved for advanced users and is certainly not suitable for every beginner without restrictions.

Equally, the aim should not be to talk anyone out of using the optional passphrase. The only thing that matters is that you are always aware of how it works and the associated risks.

As Bitcoin holdings grow, so does the need for security. It is therefore possible to get started in the world of Bitcoin and hardware wallets without a passphrase. As soon as you have familiarized yourself more intensively with the functionalities and contexts, you can also set up an optional passphrase at a later date.