Skip to main content

Passphrase | Bitcoin Glossary | Mapping Bitcoin

Passphrase

Security

Also known as: 25th word, BIP39 passphrase

An optional additional word or phrase combined with a BIP39 mnemonic to derive a different master seed, effectively creating a hidden wallet. The passphrase adds an extra layer of security, as the correct mnemonic alone cannot access the funds without it.

Overview

A BIP39 passphrase is an optional, user-chosen string that is combined with a mnemonic phrase during the seed derivation process. Each unique passphrase produces an entirely different HD wallet with its own set of addresses and keys. This means the same 12 or 24 words can unlock multiple independent wallets depending on which passphrase (or no passphrase) is used.

How Passphrase Derivation Works

The mnemonic and passphrase are fed into the PBKDF2 key-stretching function together to produce the master seed:

┌─────────────────┐   ┌──────────────┐
│  Mnemonic Words  │   │  Passphrase  │
│  (12 or 24)      │   │  (optional)  │
└────────┬─────────┘   └──────┬───────┘
         │                    │
         ▼                    ▼
    ┌─────────────────────────────┐
    │     PBKDF2-HMAC-SHA512      │
    │     (2048 iterations)       │
    └─────────────┬───────────────┘
                  │
                  ▼
         ┌────────────────┐
         │  512-bit Seed   │
         └────────┬────────┘
                  │
                  ▼
         ┌────────────────┐
         │  HD Wallet      │
         │  (unique keys   │
         │   & addresses)  │
         └─────────────────┘

Different passphrase = completely different wallet

Security Benefits

  • Plausible deniability — A user can maintain a decoy wallet (no passphrase or a benign passphrase) alongside a primary wallet (strong passphrase). If coerced, they can reveal the decoy wallet without exposing their main holdings.
  • Protection against physical theft — Even if an attacker obtains the written seed phrase, they cannot access funds without the passphrase.
  • Multi-wallet organization — Different passphrases can separate funds for different purposes using the same mnemonic backup.

Risks and Edge Cases

  • No recovery without the passphrase — There is no "forgot passphrase" mechanism. If the passphrase is lost, the associated funds are permanently inaccessible. The mnemonic alone will derive a different (empty) wallet.
  • Case and space sensitivity — Passphrases are case-sensitive and whitespace-sensitive. "MyPass", "mypass", and "MyPass " (with a trailing space) all produce different wallets.
  • No validation — Any passphrase is technically valid. A typo will not produce an error; it will silently generate a different, empty wallet.

Common Misconception

The passphrase is sometimes called the "25th word," but it is not limited to a single word from the BIP39 wordlist. It can be any string of any length, including spaces, numbers, and special characters. Using a strong, unique passphrase is more secure than using a single dictionary word.

Related Terms

Mnemonic PhraseSecurity

A human-readable sequence of 12 or 24 words defined by BIP39 that encodes a wallet's master seed. The mnemonic phrase serves as a backup that can restore all keys and addresses in an HD wallet.

Seed PhraseSecurity

A sequence of 12 or 24 words that deterministically generates all the private keys in an HD wallet. The seed phrase is the master backup for a wallet and must be stored securely offline, as anyone with access to it can control the associated funds.

BIP39Development

A Bitcoin Improvement Proposal that defines the standard for generating mnemonic phrases (typically 12 or 24 words) from which a wallet's master seed is derived. These word lists enable human-readable backups of wallet keys.

HD WalletSecurity

A hierarchical deterministic wallet that generates all key pairs from a single master seed using the BIP32 standard. HD wallets simplify backup (only the seed needs to be stored) and enable organized key management with multiple accounts and address chains.