The passphrase is an optional extra word appended to your 24-word seed phrase under the BIP-39 scheme to produce a different set of private keys. In cryptocurrency terms, adding a passphrase creates a new, separate wallet derived from the same seed phrase. This feature is often called the "25th word" because people commonly add one extra word to a 24-word recovery phrase, but the passphrase can be any length and include spaces or special characters.
Short definition. Powerful effect. One extra secret changes everything.
In my experience this is the single most misunderstood feature on hardware wallets. It can protect funds through plausible deniability (a decoy wallet) or act as an additional authentication factor for your non-custodial self-custody setup. But it also raises recovery complexity and user risk.
(If you need a refresher on seed phrases and BIP-39, see seed-phrase-management.)
Conceptually the Ledger Nano X follows the BIP-39 passphrase model: the device combines the recovery phrase + your passphrase to derive a different master key. The passphrase itself is not stored by the secure element. That means two things. First: if you forget the passphrase, you cannot recover funds by restoring only the 24-word seed phrase. Second: someone who obtains only your 24-word seed phrase (but not the passphrase) cannot access funds protected by that passphrase.
Ledger's ecosystem lets you enter the passphrase in different ways (device entry or via the companion app). Entering it on-device reduces exposure to the phone or computer's memory. Entering it on a host app can be faster, but it increases attack surface because the passphrase traverses the host operating system.
I noticed that many users underestimate how many hidden wallets they create by using slightly different passphrases. One letter or a trailing space = a distinct wallet.
These are practical steps you can follow. Menu labels change over time, so treat these as conceptual steps and cross-check with the device screens or nano-x-setup guide.
But test early. Practice a restore with only your 24-word seed + passphrase on a different device so you verify the recovery process while you still can.
Hidden wallets are separate wallets created when you use a passphrase. You can think of them as "vaults" accessed by a secret phrase. A common real-world setup: keep a small amount in an easily found, non-passphrase wallet (a decoy) and the majority of funds in a hidden wallet protected by a passphrase.
Why use this? For coercion scenarios, or to keep certain funds isolated. But it's not a silver bullet. If an attacker forces you to reveal credentials and you give them the passphrase, they still get access. If the attacker obtains your passphrase from a compromised digital note, there's no protection.
For more about hidden-wallet mechanics see hidden-wallets.
Common mistakes are surprisingly simple. Don't write both secrets on the same sheet of paper. Don't paste the passphrase into cloud notes. And don't assume an insurance company or exchange can help you recover it later.
And have a tested recovery plan in place. A plan is worthless if no one can follow it.
Hidden-wallet passphrases are a personal derivation layer. That means they generally don't play well with multisig setups that expect multiple independent cosigners. If you build a multisig wallet, adding a passphrase to one signer changes the derived keys and will likely break compatibility unless every signer uses the same passphrase and derivation routines.
Supported coins: the derived wallet can hold any asset supported by the Ledger Nano X and the connected wallet software (Bitcoin, Ethereum and tokens, Solana, etc.), but third-party wallet interfaces may handle hidden wallets differently. Check guidance for each chain (for example, see bitcoin-with-nano-x and ethereum-and-tokens).
| Entry method | Who types it | Security (relative) | Convenience | Notes |
|---|---|---|---|---|
| On-device entry | You, on the Nano X | High | Low–Medium | Recommended to reduce exposure to host OS |
| Host/companion app entry | You, on phone/computer | Medium–Low | High | Faster but increases attack surface |
| External hardware keyboard | You, via trusted peripheral | Medium–High | Medium | Depends on keyboard trustworthiness |
Q: Can I recover my crypto if the device breaks?
A: Yes — if you have the 24-word seed phrase and the correct passphrase. Without the passphrase the hidden wallet is unrecoverable. See nano-x-restore-recovery.
Q: What happens if the company goes bankrupt?
A: Your private keys remain under your control. Hardware wallet manufacturers do not hold your crypto. But you'll still need compatible hardware or third-party tools that understand the same standard.
Q: Is Bluetooth safe for entering a passphrase?
A: Bluetooth affects the transport channel to the host app; it doesn't change the passphrase derivation. However, entering passphrases on the host (phone/computer) while using Bluetooth adds exposure. Prefer on-device entry when security matters. See connectivity-bluetooth-usb.
Q: How many hidden wallets can I have?
A: Effectively unlimited — each distinct passphrase creates a different wallet. Keep organized records (securely).
Q: Can I use passphrase with multisig?
A: Technically possible but impractical for most setups. All cosigners must derive keys in compatible ways; adding passphrases increases complexity and risk.
A passphrase (25th word) is a powerful tool when used carefully. It provides an extra layer for self-custody and can enable hidden wallets, but it also increases recovery complexity and user responsibility. If you plan to use a passphrase on your Ledger Nano X, practice restores, keep separate physical backups (preferably metal), and prefer on-device entry where possible.
For hands-on setup instructions see nano-x-setup and the restore walkthrough at nano-x-restore-recovery. To learn more about hidden-wallet trade-offs visit hidden-wallets and review firmware safety steps at firmware-updates-verification.
Want a checklist to follow? Check the security-checklist and start with a small test transfer today.