Passphrase and armored wallet: enhance the security of your cryptocurrencies

ECOIN Wallet: Providing Hard Wallet Features:

The Passphrase is an advanced feature that allows you to add a 13th or 25th word of your choice, with up to 256 characters, to your recovery phrase. When using a passphrase, an entirely different set of addresses is generated, which cannot be accessed with just the 12 or 24-word recovery phrase.

In addition to providing an extra layer of security, the passphrase also offers the advantage of plausible deniability in case of coercion. When using a passphrase, it is essential to securely store and correctly remember it, character by character.

The Passphrase is an advanced security feature found in hardware wallets and is now also available in the Mobile Wallet (ECOIN WALLET). With this feature, you can add an extra word, chosen by you, to your recovery phrase, allowing you to unlock an entirely new set of accounts. Let's explore how passphrases work, their functions, and some best practices for their use.

Introducing the Passphrase

As you may already know, your 12 or 24-word recovery phrase is the backup for all your crypto assets. It is absolutely essential to store your 12 or 24 words securely and never save them directly on an electronic device. If someone gains access to your 12 or 24 words, they can steal all your cryptocurrencies. Unless... what if we told you there is a way to add an additional layer to your 12 or 24-word recovery phrase?

This can be easily achieved through the use of a Passphrase. The Passphrase is an advanced feature that allows you to add an additional word to your recovery phrase. For this reason, it is also known as the 13th or 25th word. Unlike the conventional recovery phrase, you have the freedom to choose the additional word. There are no restrictions on the chosen word, except for a maximum limit of 256 characters. The Passphrase is also case-sensitive and can include numbers and symbols.

When you use a Passphrase in conjunction with your usual settings, it unlocks an entirely new set of accounts. It's like having two completely distinct recovery phrases.

But why would you consider using a Passphrase and having a new set of cryptocurrency addresses?

Firstly, using a Passphrase adds an additional layer of security, meaning that someone who possesses only your 12 or 24-word recovery phrase would not have enough information to access your valuable cryptocurrencies. Both the 12 or 24 words and your chosen 13th or 25th word would be required to access your cryptographic assets. If someone has only your 12 or 24 words, they would have access only to your regular accounts. That's why accounts managed with a Passphrase are often referred to as hidden accounts.

In addition to adding an extra layer of security, the Passphrase also increases the randomness of your backup. The standard 24-word recovery phrase is already extremely random, with a considerable total 115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640.564.039.457.584.007.913.129.639.936 of possible combinations. However, these words are selected from a predefined list known as the BIP39 word list.

With a 13th or 25th word, you significantly increase the number of potential combinations, taking it to a whole new level. This also introduces a human element into the equation. Instead of relying on a set of 24 words provided by a device, you are adding a random word that was thought of and created by yourself. However, we would like to emphasize that the exclusive use of a recovery phrase created by the ECOIN WALLET app is already highly secure, as your keys are encrypted with an AES algorithm using a 256-bit key.

What is plausible deniability?

Just like anything of value, there will always be people trying to steal it in every possible way. Unfortunately, in the world of cryptocurrencies, we have witnessed rare cases where individuals known to possess cryptocurrency wealth have become targets of physical theft and threats. The passphrase can provide limited protection for your cryptocurrencies in such situations.

In the case of the passphrase, plausible deniability refers to the ability to make someone believe that they now have access to your cryptocurrency fortune. For example, someone may be coercing you to provide your recovery phrase or unlock your ECOIN WALLET app. With your usual settings, this would grant access only to your regular accounts, not your hidden accounts. Especially if there is a minimum balance in your regular accounts while most of your cryptocurrencies are stored in hidden accounts (Armored Wallet), this can be quite convincing. You can even use multiple hidden accounts (Armored Wallet) with different passphrases. This can be useful if the attacker is aware of the passphrase feature.

Plausible deniability doesn't guarantee certainty, but it can give you a chance to fight to protect your cryptocurrency fortune in extreme circumstances.

Can I use a passphrase in ECOIN WALLET?

Yes, you can! Some other wallets allow the use of a passphrase, but in those cases, you would need to enter it on a computer using a browser extension. This would make your passphrase vulnerable to online attacks. With ECOIN WALLET, you can enter your passphrase directly into the ECOIN WALLET app to enable a hidden account. This prevents your passphrase from falling into the wrong hands.

Best practices

Now, we should emphasize that a passphrase is considered an advanced feature for some simple reasons. First and foremost, it's crucial that you remember your passphrase perfectly. Any small error or confusion in a single character can result in access to an entirely different set of accounts. Even a minor change in capitalization would have this effect.

If you don't remember every character of your passphrase, you won't be able to access the cryptocurrencies associated with it. Therefore, it is essential that you:

  1. Enter it correctly the first time you set it up.

  2. Remember it perfectly.

Furthermore, not all passphrases are equally secure. They can be up to 256 characters long, and you can choose to use uppercase letters, numbers, and symbols. The longer the passphrase and the more variety of characters you use, the more complex and secure it will become. Ideally, treat it like a password, aiming to make it as complex as possible and avoiding the use of common words directly.

For example:

Passphrase 1: "Password" → Very insecure due to its short length, lack of random characters, capitalization, and being a common word.

Passphrase 2: "EcoinFinanceBuyAndHold" → A bit more secure as it's longer and includes uppercase letters. However, it still uses common words in Portuguese/English and doesn't include numbers or symbols.

Passphrase 3: "Ac5F4e2i6dAnVJJjljfap953nxZprsi495nA+*1.,15" → Even more secure, long, with a wide mix of uppercase and lowercase letters, numbers, and symbols, and it doesn't use real words.

Although passphrase 3 may be seen as the most secure in this group, it is also extremely difficult to remember. You can turn it into a cryptographic puzzle. For example, the passphrase "EamaEF,acmsdm" corresponds to the first letters, special characters, or numbers of the phrase "I love Ecoin Finance very much, the safest wallet in the market!"

We would like to emphasize that your passphrase is sensitive information. As such, we recommend treating it with the same care as you do with your recovery phrase:

  • Never share your passphrase with anyone. Ecoin Finance will never ask for your passphrase.

  • Never store your passphrase without encryption on an online device. We recommend making an offline backup.

Last updated