my-nano-x-wallet.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Hidden Wallets & Passphrase Accounts — Use Cases & Risks

Nicole Castillo Nicole Castillo
Try Tangem secure wallet →

Overview

This page explains hidden wallets and passphrase accounts for the Ledger Nano X hidden wallet feature: what they do, when they make sense, and where they create real risk. I’ve tested passphrase workflows and used them for vault-style storage for several months. What I’ve found is that passphrases add meaningful security options — when used carefully — but they also introduce permanent single points of failure.

Cryptocurrency security is a trade-off between convenience, recoverability, and secrecy. This guide aims to make those trade-offs explicit.

What is a hidden wallet / passphrase account?

A hidden wallet — often called a passphrase account — is an additional account derived from your seed phrase plus an extra secret (the passphrase). Technically the passphrase acts like a 25th word for a BIP-39 seed phrase (hence “25th word hidden wallet”). The result: the same seed phrase can unlock many different accounts depending on the passphrase you supply.

In practice that means you can have a visible account (no passphrase) and one or more hidden accounts that only appear when you enter the correct passphrase.

Try Tangem secure wallet →

How hidden wallets work (technical summary)

  • Seed phrase (12 or 24 words) provides the base private key tree.
  • A passphrase is appended (or combined) to create a different derivation path.
  • Funds sent to the passphrase-derived account are inaccessible without both the seed phrase and the exact passphrase.

Because the passphrase is not stored by the hardware wallet or the recovery phrase, losing it equals permanent loss. That’s the critical trade-off.

If you want a deeper look at seed phrase choices and backups, see our seed phrase management and passphrase: 25th word pages.

Common use cases - why people enable a hidden wallet

  • Plausible deniability: someone might reveal only the base accounts under coercion.
  • Compartmentalization: keep spending funds separate from long-term holdings.
  • Operational security: a small daily hot balance while the bulk sits behind a passphrase.

In my testing, passphrases were handy for staging small sums for daily use while keeping a separate “vault” hidden. But this adds steps to routine transactions and more places to make mistakes.

Risks and failure modes

  • Irrecoverability: forget the passphrase and your funds are gone even if you still have the seed phrase.
  • Input exposure: entering a passphrase on a compromised host or via an app (instead of on-device) can leak it.
  • False security: a hidden wallet won't protect you from firmware-level compromise or supply-chain tampering. See our security architecture and firmware updates verification pages for more.
  • Compatibility: not all wallets or recovery tools treat passphrases the same way, complicating hidden wallet recovery. Check multisig setup compatibility if you plan advanced setups.

And remember: a passphrase is only as safe as the methods you use to store it.

How to create a passphrase account — Step by step (conceptual)

This is a conceptual how-to. Exact menu names vary by firmware and companion app.

  1. Decide on your passphrase type: long random string, a long phrase, or a memorable sentence.
  2. Enable the passphrase feature in device settings or via the companion app.
  3. Choose to enter the passphrase on-device when supported (safer) or on-host (convenience trade-off).
  4. Create a new account that appears only when the passphrase is used.
  5. Send a small test amount to confirm access and the correct derivation.

But do not skip step 5. Test restores on a spare wallet or software that supports BIP-39 passphrases before moving large amounts.

Recovery, backups, and testing (hidden wallet recovery)

Restoring a hidden wallet requires two things: the original seed phrase and the exact passphrase (the 25th word). Without both, recovery fails. If the hardware wallet is lost or breaks you can restore to any compatible hardware wallet or software wallet that supports BIP-39 passphrases — provided you have the passphrase.

Backup options: metal backup plates for the seed phrase and a separate metal plate or secured method for the passphrase. Consider Shamir (SLIP-39) or secret-sharing only for the seed phrase if you need distributed recovery. For inheritance planning and geo-distribution see inheritance-planning and geo-distribution-storage.

Always practice a full restore to a second device. I recommend a dry-run before moving significant funds.

Hidden wallet vs multisig: quick comparison

Feature Hidden wallet (passphrase) Multisig Standard single-sig (seed only)
Recoverability if a secret is lost Low (passphrase lost = funds lost) Higher if keys distributed correctly Moderate (seed lost = funds lost)
Plausible deniability High Low None
Operational complexity Low–Medium High Low
Compatibility with services Variable Better with standard wallets Best
Best for Individuals wanting deniable vaults Organizations or high-value vaults General users

For readers considering both options, see our multisig setup guide to compare workflows.

Hidden wallet diagram — placeholder

Daily usage, UX and connectivity concerns

Hidden wallets add friction. Each new session may require entering a passphrase. If you use Bluetooth or a mobile companion, the convenience comes with a slightly larger attack surface. Read about connection risks in connectivity-bluetooth-usb.

In my testing I noticed that using a passphrase makes quick transfers more cumbersome, but that small friction encourages safer habits (double-check addresses, confirm derivation). That trade-off can be intentional.

Best practices checklist

  • Use a long, unique passphrase and never store it in a cloud password manager.
  • Back up seed phrase on metal and the passphrase separately (metal or trusted legal custodian).
  • Test a full restore on a spare device before moving large amounts.
  • Avoid entering passphrases on unknown or jailbroken devices.
  • Combine passphrase protection with geographic distribution and inheritance planning.

For buying safety and avoiding tampered units, see where-to-buy-safely and our supply-chain tamper notes.

FAQ

Q: Can I recover my crypto if the device breaks?
A: Yes — if you have both the seed phrase and the correct passphrase. Restore to another hardware wallet or compatible software that supports BIP-39 passphrases. See recover-if-broken.

Q: What happens if I forget my passphrase?
A: If forgotten, funds in that hidden wallet are effectively unrecoverable. That’s why independent backup of the passphrase (not with the seed phrase) is essential.

Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth increases attack surface compared with USB-only use. It can be safe when firmware and companion apps are up to date, but I prefer USB for high-value operations. See connectivity-bluetooth-usb.

Q: Can I use passphrases with multisig?
A: Combining passphrases with multisig is complex and often not supported by standard multisig workflows. If you need both, plan carefully and test fully. See multisig-setup-compatibility.

Final thoughts & next steps (CTA)

Hidden wallets (passphrase accounts) are a powerful tool when you want compartmentalization or plausible deniability. They are not a magic bullet. I believe they belong in the toolbox of security-conscious users who are comfortable with irreversible backups and extra operational steps.

Want to learn how to enable a passphrase safely, run a restore test, or compare multisig instead? Read the step-by-step nano-x setup, the passphrase: 25th word guide, or our multisig setup walkthrough next.

Stay cautious. Test often. And back up everything properly.

Try Tangem secure wallet →