What is a Passphrase and how does it work?
The Passphrase is an advanced security feature that allows users to create hidden wallets under the mnemonic phrase. It serves as second-factor protection of the mnemonic phrase and is the ultimate protection against physical attacks such as the 5 dollar wrench attack. If somebody compromised your physical copy of the mnemonic phrase, they still would not be able to access your Passphrase-protected wallet unless they know the Passphrase.
A Passphrase, as implemented in the SafePal wallet, can be letters, numbers, or symbols, with a maximum of 60 characters. Passphrases are case-sensitive, lowercase and uppercase characters are distinguished and counted as different.
When you set a Passphrase in the wallet, it will create a brand-new and empty wallet under the mnemonic phrase. Setting different Passphrases can create different wallets. You can create as many Passphrases in combination with your mnemonic phrase as you like. For example:
- Mnemonic Phrase A = Wallet A
- Mnemonic Phrase A + Passphrase B = Wallet B
- Mnemonic Phrase A + Passphrase C = Wallet C
When creating a new SafePal software wallet in the SafePal App, you will see an option of Passphrase.
If you want to create derivative wallet accounts under the mnemonic phrase, you can choose to activate the Passphrase feature and set it up.
Important tips about Passphrase
Please read the following instructions carefully and make sure you have fully understood the characteristics of Passphrase before using the feature. If you are not sure about it, welcome to visit www.safepal.io to submit a request for feature inquiries.
Rule No.1 Remember your Passphrase tightly. Once your Passphrase is lost or forgotten, it will result in permanent loss of your assets stored in that Passphrase. No one can help to retrieve your assets back.
The Passphrase is not stored anywhere on the device. It is only used temporarily whenever you enter it. It is impervious to any attacks involving physical access and tampering with the chip.
If somebody compromised your physical copy of the mnemonic phrase, they still would not be able to access your Passphrase-protected wallet unless they know the Passphrase.
A Passphrase, set during a wallet setup, can be letters, numbers or symbols, with a maximum of 60 characters. Passphrases are case-sensitive - lowercase and uppercase characters are distinguished and count as different.
Setting different Passphrase can create different wallets. You can create as many Passphrases in combination with your mnemonic phrase as you like. But please make sure that you can remember them clearly and never forget them! Otherwise, you could lose your asset!
We recommend keeping it in mind rather than in any physical format. If you have to write it on paper, never keep it in the same place with the mnemonic phrase.
Is a Passphrase mandatory for a crypto wallet?
The passphrase is an optional feature. If you don't set a Passphrase, you can still use the original wallet created under the mnemonic phrase. Since a lot of people report that they've forgotten their Passphrase and lost the assets, Passphrase is considered an advanced security feature and we don't recommend crypto beginners to use it. If you want to set a Passphrase, make sure that you have read the above instructions carefully.
If I forget my Passphrase, how can I get it back?
Because the Passphrase is not stored anywhere on the SafePal wallet, once you lose or forget the Passphrase, it will result in permanent loss of your assets stored under that Passphrase. No one can help to retrieve your assets back.
It can only be found by guessing (brute-forcing) which is often technologically and economically infeasible.
So please remember your Passphrase tightly. We recommend keeping it in mind rather than in any physical format. If you have to write it on paper, never keep it in the same place with the mnemonic phrase.
How to choose a good Passphrase?
There are various approaches to creating a good Passphrase for your wallet.
You can go with something that is quick to type but not so easy to remember. Or you can opt for something that is easy to remember but needs to take longer and complex to enter. Another option is to make up a sequence of random words.
In short, it is the best setting a Passphrase that is easy to remember, but also long and random enough to provide a sufficient level of security.
At the end of the day, you know your security needs best. If physical attacks are in your threat model, then use a strong passphrase to protect your wallet. Even if someone gets physical access to your device and extracts the recovery seed, they still absolutely will not be able to break through a strong passphrase.