When people say "25th word trezor" they mean the optional passphrase feature that sits on top of your 12- or 24-word seed phrase (recovery phrase). The passphrase acts like an extra, user-chosen word appended to your seed phrase. Functionally, that single piece of information produces a completely different wallet — often called a hidden wallet — when entered correctly.
This is not stored on the device. The hardware wallet only uses the passphrase at signing time to derive different private keys. In my experience, that design gives real extra protection — but it also creates a single point of human failure. Short sentences matter. Remember this: forget the passphrase and the funds tied to that hidden wallet are unrecoverable.
For a concise technical reference on universal concepts like seed phrases and recovery, see our guide on seed phrase basics.
Why add another secret? Two main reasons:
Real-world scenario: traveling overseas and worried about a search of your phone/luggage? Some users set up a low-value, easily produced wallet as a decoy and keep large holdings in the hidden wallet. I believe this has saved people from awkward situations. (That said, legal and ethical considerations vary by jurisdiction.)
You can also use a passphrase as a sort of second factor: something you know plus something you physically control (the device with the seed phrase). But it should not be a substitute for good physical backups.
Using a passphrase is a power tool. And like any power tool, it can hurt you if handled carelessly.
Major risks:
So who should use a passphrase? If you manage small, frequently used holdings, passphrase may be overkill. If you're securing long-term, high-value holdings and you accept the trade-off of added complexity, it's worth considering.
Below I give a practical, general sequence. UIs change, so check the device and official wallet prompts during setup.
See our setup guide and the backups pages for detailed steps and recommended accessories. If you prefer fully air-gapped signing, check air-gapped workflows.
Multisig increases safety, but adding passphrases on top of multisig can cause serious headaches. Why? Each cosigner’s keys must be derived in exactly the same way for multisig to work. If only one cosigner uses a passphrase or if different passphrases are used, the resulting addresses won’t match.
If you plan a multisig setup, either:
What I've found: for most people, a properly constructed multisig (without per-cosigner passphrases) gives stronger, more manageable security than combining single-sig + passphrase complexity. Read more in our multisig guide.
Can you recover your crypto if the device breaks? Yes — provided you have two things: the seed phrase and the correct passphrase. Without the passphrase, hidden-wallet funds are effectively gone.
What happens if the company behind the device goes bankrupt? The recovery standard used by most hardware wallets means you can restore your seed phrase to other compatible software or hardware. The passphrase itself is still a private knowledge item and must be preserved by you. See recovering wallets for step-by-step recovery testing.
Inheritance tip: include a secure, offline plan for heirs. This might mean storing passphrase parts in multiple safe locations or using split-secret schemes (see our look at SLIP-39 / Shamir for advanced backup options).
Common mistakes:
Short FAQ
Q: Can I recover my crypto if the device breaks?
A: Yes, if you have the seed phrase and remember the passphrase. No passphrase means the hidden wallet is unrecoverable.
Q: What happens if the company goes bankrupt?
A: Your seed phrase is a standard format that can be restored on other compatible wallets; the passphrase remains your responsibility. See company risks for broader context.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth isn't directly linked to the passphrase feature, but any external connectivity increases attack surface. Entering the passphrase on-device mitigates host risks. For deeper discussion, review connectivity concerns.
| Option | Security | Complexity | Recovery | Multisig compatibility |
|---|---|---|---|---|
| No passphrase | Simpler, fewer human errors | Low | Straightforward | Full compatibility |
| Passphrase (25th word) | Higher if managed correctly | Higher (human risk) | Full only if remember passphrase | Can break multisig unless coordinated |
(Image placeholder: diagram showing seed phrase + passphrase -> different wallets)
Using a passphrase (the so-called 25th word) on a Trezor Model T can add a meaningful layer of protection and offer plausible deniability, but it also makes recovery and daily management more demanding. If you hold significant amounts I recommend testing a passphrase workflow in a low-risk way (small test transfers), backing the passphrase separately (metal backup if possible), and documenting a recovery plan for heirs.
Want practical next steps? Read the Model T setup guide, review our backup options, then practice a restore on a secondary device following recover instructions. And if you're considering multisig, check multisig first — this comes down to personal preference and threat model.
What I've found over years of use is simple: stronger secrecy helps, but human habits break security faster than attackers do. Take time to design your system, then test it until the process is second nature.