We are not advertising Ledger products here but they have become some sort of standard. Ledger hardware wallets not only allow you to store hundreds of different cryptocurrencies and tokens but also increase the security of your digital assets compared to a software wallet.
A hardware wallet is based on the concept that the private keys are solely stored in the wallet which is kept separate from any other device. Although you have to connect your hardware wallet to your PC, laptop or smartphone, it is this physical separation that provides a high level of security. If you want to sign a transaction and approve it you can only do so by pressing a button on the hardware wallet.
As a result, you can no longer easily fall victim to phishing or other attacks that an attacker can execute remotely. Of course, this only applies if you keep your seed particularly safe and never enter it on a device other than the Ledger.
How Secure Is a Ledger?
Ledger devices are equipped with very modern and particularly secure chips. Most key components have a certification, which shows their quality in terms of security. This includes the so-called “secure element”, which protects critical data on the hardware wallet and prevents an attacker who has access to the device from easily extracting data.
Inside the device there is a strict separation of tasks and each chip is designed to either completely prevent certain attacks or ensure that it would take an extremely long time to tamper with the device and attempt to successfully gain access to it.
There are only very few attack vectors that promise any success at all. The successful hacking of a Ledger device cannot be completely ruled out but would not only require very specific knowledge but also the right equipment to even get a chance to try. The last factor coming into play is time as it would take plenty of it, i.e. brief access to the ledger would not be enough to successfully infiltrate the device.
The bottom line is that these devices provide optimal protection against remote attacks or an environment that has been compromised by viruses or other malware. Assuming that an attacker had unrestricted physical access to the device and the necessary equipment, experience and resources there might still be a risk, however.
The Ledger Seed and the Passphrase
Each seed created by the Ledger hardware wallet meets a high-security standard. This is ensured by using BIP39 to create a seed consisting of 24 words, which are randomly selected from a list of 2048 words. A specific chip is responsible for the random selection which ensures that the odds of reproducing the same combination are extremely low.
These 24 words allow access to all wallets created on the Ledger like Bitcoin and Ethereum for example. Please note that whoever holds the 24-word backup seed can gain immediate access to all digital assets stored in the wallet. While the Ledger is protected with a PIN that deletes the stored data after three incorrect entries, the seed remains without any further protection.
A useful option is to add a passphrase (also called 25th word) to the seed, which you can choose yourself. As a result, you can create a hidden wallet with its own PIN. As an example:
- Alice creates a wallet for herself under the PIN 6532 and based on her 24-word seed to hold 150€ worth of cryptocurrencies
- However, when she enters the PIN 5698, she unlocks her hidden wallet, which is based on her 24-word seed and an additional word or passphrase of her choice. She stores €150,000 worth of cryptocurrencies in that second wallet
The advantage Alice gets in our example is that she can credibly deny having a second wallet at any time. An attacker cannot determine if she has added an optional passphrase or 25th word to the seed. There is even the option of not tying the hidden wallet to a PIN. This would in principle allow any number of additional wallets to be created, all based on the original seed and each unlocked with its own 25th word. Another advantage is the safekeeping of the seed. After all, an attacker could only try to guess the passphrase. If you create a passphrase with enough complexity an attacker won’t have a chance to guess it.
What You Should Consider When Creating a Passphrase
The term “25th word” is commonly used, but the term passphrase is more precise and fitting. When choosing this passphrase, it is best not to choose a single word.
Instead, a combination of uppercase and lowercase letters, numbers and special characters is recommended, just like for any good password. The input process is admittedly awkward because a ledger does not have a keyboard but only two buttons. However, the gain in security is enormous.
The following mistakes should absolutely be avoided:
- Do not use any short, single words for the passphrase, especially not from the BIP39 word list
- Do not give the passphrase to strangers
- Do not enter it into a device connected to the Internet. If digital backups are indispensable, make sure to encrypt them
How to Use the Passphrase Option
Essentially, there are two ways to do it. The first one binds the passphrase to a PIN:
- Select “attach to PIN” from the passphrase menu. You can find this option in the security settings of your Ledger
- Confirm that you want to attach the passphrase by pressing both buttons
- Now create your second PIN
- Enter the PIN again and confirm your choice
- Enter your passphrase
- Now confirm by entering your primary PIN (not the passphrase)
Please note that only one passphrase can be bound to the PIN at any time. It will remain bound to it until you overwrite it with a new passphrase. The passphrase itself always remains valid in combination with the seed, so your wallet can always be recovered even if the passphrase was overwritten, i.e. is no longer bound to the PIN.
The second option sets the passphrase only temporarily. Once you turn off the ledger, the wallets created with the passphrase are not automatically reloaded into the Ledger. This means that you have to enter the passphrase again each time you would like to access the hidden wallet:
- Select “set temporary” from the passphrase menu, which is located in the security settings
- Confirm the action “set secret passphrase” by pressing both buttons
- Enter your passphrase
- Confirm the setup with your primary PIN
At the end of the procedure, you will be connected to your secret wallet created with the passphrase. As soon as you turn off or disconnect the ledger, the passphrase will be deleted and you will have to log back into the primary account with your PIN. To regain access to a wallet created with a temporary passphrase, you have to repeat the procedure every time.