The "passphrase"—often called the 25th word—is an optional secret you combine with your 24-word recovery phrase (BIP-39) to derive a different set of private keys. Think of the 24-word seed phrase as the master key to a safe deposit box. The passphrase is a secondary code that, when combined with the master key, opens a different compartment.
Technically, BIP-39 allows an extra passphrase to be concatenated during the seed-derivation step. The mnemonic and passphrase are run through PBKDF2 (HMAC-SHA512) to produce the seed that ultimately generates private keys. Short sentence. Long sentence that explains why that matters: if an attacker gets your 24-word seed but not the passphrase, they cannot derive the same private keys.
In my experience, the 25th word is best treated as a high-entropy password rather than a literal single word. You can use a phrase, punctuation, and mixed-case characters. I noticed that users who treat the passphrase like a complex password get better protection, but they also increase the risk of permanent loss if they forget it.
Benefits
Limits and risks
So is the Ledger passphrase safe? It can be extremely effective when combined with disciplined storage and good entropy. But it is not a silver bullet.
Before you start: update device firmware and companion apps, and verify the device's authenticity (see firmware-update-guide and verify-authenticity). Do this on a clean machine when possible.
(When setting a passphrase I always keep the test transfer under an amount I can afford to lose while I validate the flow.)
| Method | Pros | Cons | Best for |
|---|---|---|---|
| Memorize | No physical record to steal | Risk of forgetting; human error | Short, frequently used passphrases only |
| Paper written and stored | Simple, offline | Paper degrades, can be found | Short-term backups, paired with other methods |
| Metal backup plate | Durable against fire/water | Still a single point of failure if co-located | Long-term high-value storage (see seed-backup-plates) |
| Password manager (encrypted, offline) | Can store strong passphrases | Central point of failure if password manager compromised | Tech-savvy users with strong master password |
| Split storage (shares) | No single location holds the whole secret | Requires orchestration, possible loss of shares | Families, inheritance planning, see slip39-shamir-backup |
| Legal custody (lawyer/trust) | Professional handling | Requires trust in third party | Estate planning for large estates |
I prefer a combination: a durable offline record (metal or paper) plus a split or legal component for inheritance planning. But choose what matches your threat model.
Yes — sort of. Different passphrases generate totally different wallets. So a decoy passphrase can open an account with minimal funds while your main funds remain under a different passphrase. That affords a level of plausible deniability.
But there are limits. Chain analysis, spending patterns, and knowledge of your behavior can erode deniability. If someone forces you to reveal a passphrase, the presence of other transactions or address patterns can raise questions. Ask yourself: what kind of adversary am I defending against? For everyday theft or casual coercion, a decoy passphrase may help. For a well-resourced attacker it may not.
A frequent oversight I see: people treat the passphrase like an optional ornament. It should be treated as a second private key.
If you hold significant assets, consider alternatives or complements:
I personally prefer multisig for large holdings and passphrases for private, single-device setups. But this comes down to personal preference and threat model.
Q: Is ledger passphrase safe?
A: The passphrase model is cryptographically sound when implemented correctly. In practice its safety depends entirely on how you create, store, and manage that passphrase.
Q: What happens if I forget the 25th word?
A: Forgetting the passphrase means the wallets derived from it are inaccessible, even if you have the 24-word recovery phrase. There is no company-side recovery.
Q: Can I recover my crypto if the device breaks?
A: Yes—if you have the 24-word recovery phrase and the correct passphrase. Test the restore process on a spare device (see restore-recovery-phrase).
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth adds an attack surface. For high-value accounts, prefer wired or air-gapped workflows. See bluetooth-usb-nfc-security for a deeper look.
The 25th word can meaningfully improve security when used carefully. It can also create a single point of irreversible loss. Choose based on your holdings and threat model. Short summary: use a strong, well-documented plan; test recovery; keep the passphrase physically separate from the 24-word seed.
If you want hands-on setup instructions, follow the step-by-step walkthrough in setup-ledger-step-by-step and review seed-phrase-management for backup best practices. For large balances, read about multisig-for-ledger and cold-storage-strategies before deciding.
Want a checklist you can print? See passphrase-guide and passphrase-25th-word for quick reference.