Skip to content

BIP39 Passphrase: the 25th Word Explained

A BIP39 passphrase — the optional '25th word' — creates a hidden wallet. Learn how it works, why it can't be brute-forced, and what it means for recovery.

Published on 3 min read

The BIP39 passphrase is one of the most powerful — and most misunderstood — features in self-custody. Used well, it's a hidden vault. Misunderstood, it's the reason a correctly restored wallet shows a heartbreaking zero balance.

What the "25th word" really is

A BIP39 passphrase is an optional secret you supply in addition to your seed phrase. The wallet mixes it into the seed-derivation step, so:

seed phrase + passphrase → one specific wallet

Change the passphrase and you get an entirely different wallet. Crucially, no passphrase (the empty string) is itself just one option among infinitely many. That's the design: your 24 words can guard countless separate wallets, one per passphrase, and an attacker who finds only the words can't tell which — or whether one even exists.

It's called the "25th word" loosely, but it isn't a word from the BIP39 list. It can be any text: a sentence, random characters, anything.

Why it can't be brute-forced like a missing word

A missing seed word is recoverable because there are only 2048 options and a checksum to filter them. A passphrase has neither:

  • It has no checksum — every passphrase produces a valid-looking wallet, so nothing tells you when you've guessed right except finding your funds.
  • It has no fixed length or alphabet — it can be any string at all.

So a forgotten passphrase generally cannot be calculated. This is intentional; it's what makes the hidden wallet secure. If you use one, back it up with the same care as the phrase — and never store both in the same place.

The "my wallet is empty" trap

By far the most common passphrase problem isn't loss — it's omission. Someone restores their 12 or 24 words, sees an empty wallet, and panics. The funds are usually fine; they're in the passphrase-protected wallet, and the restore was done without the passphrase. Re-restoring with the correct passphrase reveals them.

If this is you, double-check:

  • Did you ever set an extra word / passphrase / "hidden wallet"?
  • Are you sure of its exact spelling, spacing, and capitalisation? (It's case-sensitive and space-sensitive.)

Passphrases during recovery

Our recovery tool supports a passphrase field. When you're recovering a phrase that used one, enter it so the derived addresses match your real wallet — otherwise the address check looks at the wrong (default) wallet and never matches. If you're reconstructing the seed words themselves, recover those first (missing word, wrong order), then add the passphrase to confirm against a known address.

Should you use one?

A passphrase adds real protection against physical theft of your written phrase — but it also adds a second secret you can permanently lose. For most people, a well-secured seed phrase is enough. If you do adopt a passphrase, treat it as a first-class secret: memorable to you, written down securely, and stored separately from the words.

New here? Start with what is a seed phrase, or open the recovery tool.

Open the recovery tool →

Related articles

A calm, step-by-step guide to recovering a BIP39 seed phrase when words are missing, misspelled, or out of order — safely and entirely offline.
A plain-English explanation of seed phrases (BIP39 recovery phrases): what they are, how 12 or 24 words can control your crypto, and why the checksum matters.
Is a 24-word seed phrase safer than 12 words? What the difference actually is, why both are secure, and what it means for backups and recovery.