Passphrase security in practice

Adding accounts to Ledger Live

When you add an account, its extended public key (xpub) is stored in Ledger Live's user data folder, where it is encrypted by your password if you've set up password lock.

To be sure that Ledger Live does not store information about passphrase-protected accounts, you may simply remove these accounts after you're done managing them in Ledger Live.

Plausible deniability

To protect yourself in case of physical threat, make sure your primary PIN code unlocks only a minor part of your crypto assets. Then set up a passphrase attached to a PIN code and store a more significant amount of crypto assets on the passphrase-protected accounts.

If you are under duress to unlock your Ledger Nano S, you can surrender your main PIN code to the attacker while hiding the PIN code that unlocks your passphrase-protected accounts.

Recovery phrase protection

It’s a good security practice to keep multiple copies of your Recovery sheet and to store them in different geographic locations. To mitigate the risk of losing your crypto assets if one of the copies of your recovery phrase is compromised, you can set up a passphrase. If you do so, make sure to store paper/metal backups of your passphrase, preferably in geographic locations that are different from the locations where you keep a backup of your recovery phrase.