Author

Topic: Ledger Nano X Passphrase: Attach to PIN versus temporary Passphrase (Read 136 times)

legendary
Activity: 2268
Merit: 18711
Have you actually used and tested this feature on your ledger device?
Yes, absolutely (before I stopped using my Ledger devices for reasons we have discussed elsewhere).

For example, I had my base wallet with no passphrase unlocked by my standard 8 digit PIN code. I did not use a secondary PIN. I also had 4 or 5 different passphrased wallets, all using different passphrases. Every time I wanted to access one of these passphrased wallets, I would simply connect the Ledger, unlock to the base wallet with my standard PIN, go in to settings, choose to set a temporary passphrase, and enter the specific passphrase I wanted to use. If I wanted to switch to a different passphrased wallet, then I just repeated those steps to enter the different passphrase. If I wanted to go back to the base wallet, then I just disconnect and reconnect the device to wipe all passphrases.
legendary
Activity: 2212
Merit: 7064
That's not accurate. You can simply temporarily attach the passphrase any time you want to use it to the same device without resetting anything.
It is possible that I was wrong because I never tried doing this myself on ledger, and this option was initially confusing to me also.
Have you actually used and tested this feature on your ledger device?
legendary
Activity: 2268
Merit: 18711
Only way to add this account with that passphrase is by importing it on new device or if you do reset of your old device.
That's not accurate. You can simply temporarily attach the passphrase any time you want to use it to the same device without resetting anything.



In terms of OP's question, the only difference between the two options is how you access the passphrased account. The passphrase itself behaves in exactly the same way regardless of which option you choose. There are pros and cons to each.

If you attach a passphrase to a secondary PIN, then you can enter that passphrased account simply by entering the secondary PIN when you first connect your Ledger device. It is quick and easy to get in to that passphrased account, regardless of how long or complex the passphrase is. The downside to this is that since you are never prompted to enter your passphrase, then you are at a much higher risk of forgetting it and so you must have it backed up on paper separate to your seed. You can also only have one secondary PIN and can therefore only use one passphrase using this method.

If you attach a temporary passphrase, then you must enter the passphrase every time you want to use the passphrased accounts. This is slower than simply entering a secondary PIN, but it acts as a memory aide to help you remember your passphrase. Additionally, you can use as many different passphrases as you want using this option, which helps with keeping accounts separate, aids privacy, and provides plausible deniability. This is also potentially safer since the passphrase is not saved anywhere on the device once the power is disconnected.

You can hold coins long term in either account. If you attach the passphrase temporarily, then the same coins will be present in the same addresses every time you attach the same passphrase. Note, however, that there are no "right" or "wrong" passphrases. If you enter a different passphrase, even different by a single character (or even a single character being uppercase instead of lowercase of vice versa), you will generate an entirely different account with an entirely different set of addresses.

legendary
Activity: 2730
Merit: 7065
Basically, Ledger allows you to set up two different types of passphrases:

  • The ones attached to a secondary PIN. If you want to access your passphrase-protected account, you need to enter this secondary PIN when you connect your device.
  • No secondary PIN. That's the temporary passphrase option. If you want to create a passphrase to be used until your device is turned off, you use this option.

That's the difference between them. One is accessed with a PIN (can be as short as 4-6 digits), the other one requires the entry of the whole passphrase as if you were recovering the account. But in case your device wipes itself, you will need to enter the whole passphrase for either of the two options.
legendary
Activity: 2212
Merit: 7064
So, the temporary passphrase option is not for long term hodling, right?
No.
Temporary only means that passphrase will be only temporary used, so when you turn your device off and turned it back on it won't be available on device (it is on blockchain).
Only way to add this account with that passphrase is by importing it on new device or if you do reset of your old device.
You can hold coins in addresses generated this way for however long you want, short or long term.

Like, after the given duration of a temporary passphrase session  is over, what happens to the coins on those addresses?
Coins are never stored on your device but they are on blockchain, it's just keys and PIN codes stored on device.
There is no duration or expiration time for passphrases, they are permanent.

PS
I never personally used passphrase option for ledger wallet because I don't like it's connection with PIN code.
You also need to keep passphrase in physical backed form and separate from your seed words backup.
Passphrase are good for improving security if done correctly, but they do add extra level of complexity so I don't usually recommend everyone to use them.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
-snip-
So, the temporary passphrase option is not for long term hodling, right?
The way it's described in their support page is: temporary in a way that it's only used in the session(s) when it's used.

After restarting the device, the accounts that you've used in the session will be removed from your Ledger Nano like they never existed.
But it can be accessed again by starting another session by typing the exact same temporary passphrase again.

It can be used for long term since you can reproduce the created "temporary wallet" in the session by using the same seed phrase (recovery phrase) plus the temporary passphrase.
Like I've said, it's like a "hidden wallet".
newbie
Activity: 7
Merit: 5
Adding passphrase (BIP39 passphrase) to a BIP39 seed phrase will produce a different binary seed, thus different set of keys.

So, by using a temporary passphrase, you'll have access to a different wallet that can only be accessed by typing the temporary passphrase.
Think of it as a separate "hidden wallet" in your Ledger Nano.

Alright, I think I got it but the word "temporary" is really confusing me.

So, the temporary passphrase option is not for long term hodling, right?



Temporary passphrase normally allow you to generate a new wallet and a new set of addresses. Both of these may help improve your privacy if done in certain ways (for example: using a vpn to export your public information to the servers you're using to get the transaction record - often ledger).

There may be other reasons you'd want multiple accounts too, for example if you were mining and getting paid by a pool every day, it looks a lot clearer if it's sent to a different wallet before being consolidated to your main one (or to itself).

Temporary passwords themselves might also be helpful for mixing coins, sending coins straight from a mixer address might look suspicious to a company but sending them to an address and doing other transactions with them first might help them lose their trace.

Yeah, that's what I thought: a temporary set of addresses may be useful for specific cases.

For the regular joe hodler it may not have usage.

Like, after the given duration of a temporary passphrase session  is over, what happens to the coins on those addresses?

I don't know, maybe I'm not getting this, sorry...

[moderator's note: consecutive posts merged]
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Temporary passphrase normally allow you to generate a new wallet and a new set of addresses. Both of these may help improve your privacy if done in certain ways (for example: using a vpn to export your public information to the servers you're using to get the transaction record - often ledger).

There may be other reasons you'd want multiple accounts too, for example if you were mining and getting paid by a pool every day, it looks a lot clearer if it's sent to a different wallet before being consolidated to your main one (or to itself).

Temporary passwords themselves might also be helpful for mixing coins, sending coins straight from a mixer address might look suspicious to a company but sending them to an address and doing other transactions with them first might help them lose their trace.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Adding passphrase (BIP39 passphrase) to a BIP39 seed phrase will produce a different binary seed, thus different set of keys.

So, by using a temporary passphrase, you'll have access to a different wallet that can only be accessed by typing the temporary passphrase.
Think of it as a separate "hidden wallet" in your Ledger Nano.
newbie
Activity: 7
Merit: 5
What's the difference between the two? I mean, here (https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security?docs=true) it says about the temporary Passphrase : "Using a temporary passphrase provides access to a new set of accounts on your Ledger Nano X for the duration of the session."
"Follow the instructions below each time you wish to access the accounts protected by the passphrase."

Please, what's the usage for a temporary session?
Jump to: