my-nano-x-wallet.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Passphrase (25th Word) — How To Use and Risks

Nicole Castillo Nicole Castillo
Try Tangem secure wallet →

What is the passphrase (25th word)?

The passphrase is an optional extra word appended to your 24-word seed phrase under the BIP-39 scheme to produce a different set of private keys. In cryptocurrency terms, adding a passphrase creates a new, separate wallet derived from the same seed phrase. This feature is often called the "25th word" because people commonly add one extra word to a 24-word recovery phrase, but the passphrase can be any length and include spaces or special characters.

Short definition. Powerful effect. One extra secret changes everything.

In my experience this is the single most misunderstood feature on hardware wallets. It can protect funds through plausible deniability (a decoy wallet) or act as an additional authentication factor for your non-custodial self-custody setup. But it also raises recovery complexity and user risk.

(If you need a refresher on seed phrases and BIP-39, see seed-phrase-management.)

Try Tangem secure wallet →

How the Ledger Nano X implements the passphrase

Conceptually the Ledger Nano X follows the BIP-39 passphrase model: the device combines the recovery phrase + your passphrase to derive a different master key. The passphrase itself is not stored by the secure element. That means two things. First: if you forget the passphrase, you cannot recover funds by restoring only the 24-word seed phrase. Second: someone who obtains only your 24-word seed phrase (but not the passphrase) cannot access funds protected by that passphrase.

Ledger's ecosystem lets you enter the passphrase in different ways (device entry or via the companion app). Entering it on-device reduces exposure to the phone or computer's memory. Entering it on a host app can be faster, but it increases attack surface because the passphrase traverses the host operating system.

I noticed that many users underestimate how many hidden wallets they create by using slightly different passphrases. One letter or a trailing space = a distinct wallet.

Step by step: how to use the passphrase on Ledger Nano X (How to / Step by step)

These are practical steps you can follow. Menu labels change over time, so treat these as conceptual steps and cross-check with the device screens or nano-x-setup guide.

  1. Decide why you need a passphrase. (Plausible deniability? Extra layer of protection?)
  2. Choose a strong passphrase. Mix length with unpredictability. A short common phrase is a liability.
  3. Enable passphrase support on the device or in the app according to the prompts. (You may be asked whether to enter the passphrase on-device; choose the safer option when possible.)
  4. Enter the passphrase exactly each time you open the hidden wallet. If entering on-device, use the Nano X controls to type and confirm.
  5. Use the wallet address shown on the device to verify incoming transactions.
  6. Test with a small transfer before moving large balances.
  7. Back up the passphrase separately (metal backup plate or another secure method). Do not store the passphrase with the 24-word seed phrase.

But test early. Practice a restore with only your 24-word seed + passphrase on a different device so you verify the recovery process while you still can.

Hidden wallets: what they are and real use cases

Hidden wallets are separate wallets created when you use a passphrase. You can think of them as "vaults" accessed by a secret phrase. A common real-world setup: keep a small amount in an easily found, non-passphrase wallet (a decoy) and the majority of funds in a hidden wallet protected by a passphrase.

Why use this? For coercion scenarios, or to keep certain funds isolated. But it's not a silver bullet. If an attacker forces you to reveal credentials and you give them the passphrase, they still get access. If the attacker obtains your passphrase from a compromised digital note, there's no protection.

For more about hidden-wallet mechanics see hidden-wallets.

Ledger passphrase risks and common mistakes

  • Loss of access: If you lose the passphrase you lose access to that hidden wallet forever. No customer support can restore it.
  • Single point of failure when stored poorly: storing the passphrase alongside your seed phrase nullifies the safety benefit.
  • Host-based entry risk: typing passphrases on a computer or phone risks keyloggers and clipboard sniffers.
  • Typos and variants: different capitalizations, extra spaces, or accidental characters create separate wallets. I once saw a user lose access because of a trailing space in their saved passphrase.
  • False sense of anonymity: a passphrase hides funds but does not anonymize on-chain activity.

Common mistakes are surprisingly simple. Don't write both secrets on the same sheet of paper. Don't paste the passphrase into cloud notes. And don't assume an insurance company or exchange can help you recover it later.

Best practices for passphrase and recovery backups

  • Treat the passphrase like a second recovery phrase. Store it separately from your 24-word seed phrase.
  • Use a metal backup plate for the passphrase if you want long-term durability (see seed-phrase-management).
  • Prefer on-device entry whenever possible. On-device entry keeps the passphrase inside the hardware wallet's input path.
  • Use distinct, memorable-but-long passphrases rather than short dictionary phrases.
  • For inheritance and continuity, create clear instructions for heirs that explain the existence of hidden wallets without revealing secrets (see inheritance-planning).

And have a tested recovery plan in place. A plan is worthless if no one can follow it.

Compatibility, multisig and practical limits

Hidden-wallet passphrases are a personal derivation layer. That means they generally don't play well with multisig setups that expect multiple independent cosigners. If you build a multisig wallet, adding a passphrase to one signer changes the derived keys and will likely break compatibility unless every signer uses the same passphrase and derivation routines.

Supported coins: the derived wallet can hold any asset supported by the Ledger Nano X and the connected wallet software (Bitcoin, Ethereum and tokens, Solana, etc.), but third-party wallet interfaces may handle hidden wallets differently. Check guidance for each chain (for example, see bitcoin-with-nano-x and ethereum-and-tokens).

Quick comparison: entry methods and trade-offs

Entry method Who types it Security (relative) Convenience Notes
On-device entry You, on the Nano X High Low–Medium Recommended to reduce exposure to host OS
Host/companion app entry You, on phone/computer Medium–Low High Faster but increases attack surface
External hardware keyboard You, via trusted peripheral Medium–High Medium Depends on keyboard trustworthiness

Passphrase entry on device - placeholder image

FAQ — short answers to the questions I get most

Q: Can I recover my crypto if the device breaks?
A: Yes — if you have the 24-word seed phrase and the correct passphrase. Without the passphrase the hidden wallet is unrecoverable. See nano-x-restore-recovery.

Q: What happens if the company goes bankrupt?
A: Your private keys remain under your control. Hardware wallet manufacturers do not hold your crypto. But you'll still need compatible hardware or third-party tools that understand the same standard.

Q: Is Bluetooth safe for entering a passphrase?
A: Bluetooth affects the transport channel to the host app; it doesn't change the passphrase derivation. However, entering passphrases on the host (phone/computer) while using Bluetooth adds exposure. Prefer on-device entry when security matters. See connectivity-bluetooth-usb.

Q: How many hidden wallets can I have?
A: Effectively unlimited — each distinct passphrase creates a different wallet. Keep organized records (securely).

Q: Can I use passphrase with multisig?
A: Technically possible but impractical for most setups. All cosigners must derive keys in compatible ways; adding passphrases increases complexity and risk.

Conclusion and next steps (CTA)

A passphrase (25th word) is a powerful tool when used carefully. It provides an extra layer for self-custody and can enable hidden wallets, but it also increases recovery complexity and user responsibility. If you plan to use a passphrase on your Ledger Nano X, practice restores, keep separate physical backups (preferably metal), and prefer on-device entry where possible.

For hands-on setup instructions see nano-x-setup and the restore walkthrough at nano-x-restore-recovery. To learn more about hidden-wallet trade-offs visit hidden-wallets and review firmware safety steps at firmware-updates-verification.

Want a checklist to follow? Check the security-checklist and start with a small test transfer today.

Try Tangem secure wallet →