BIP39 Passphrase and securing your KeepKey from Physical Attacks
Properly securing your crypto with a KeepKey
(get a keepkey) https://www.keepkey.com
While using KeepKey Desktop, there are a few options.
You can choose not to use a password and use your account to zero, which is sometimes referred to as your decoy account. If you use this wallet for day-to-day operations, there will be no way to prove that you ever opted into using a BIP-39 passphrase-protected wallet, as there is no data from this password-stored account on your KeepKey. Alternatively, you can opt into a BIP-39 passphrase.
This is protection from what is known as “the 5 dollar wrench attack”
BIP-39 password.
(to enable bip39 passprhases in your KeepKey Settings tab)
Implementation Notes:
- From now on when you start KeepKey Desktop you will be prompted for a password.
- IT IS NOT POSSIBLE FOR THE APP TO KNOW IF THIS PASSWORD IS CORRECT!
- after you enter this password into the device your password will be displayed to you on the screen of the device
- YOU MUST VERIFY YOUR OWN PASSWORD!
- if you type an incorrect password your device assumes it is correct and opens the application. You will now have an entirely new wallet with new addresses.
- KeepKey CAN NOT recover a password if you forget your password. the only option is to keep trying until the application detects your wallet you are expecting.
BIP39: protecting your assets
Your KeepKey does not store passphrase or hashes. Your backups capture the original seed, not the extended private key created by the passphrase. This means that if you lose your passphrase, there is no way to recover your device even if you have your BIP-39 mnemonic.
If your KeepKey is ever lost or in the hands of an adversary, you can rest assured that your funds are safe as long as you have taken proper care to manage your passphrase. Due to the nature of hardware, it is not possible to trust hardware that does not have a BIP-39 passphrase if it is lost or stolen. If this is the case, it is best practice to migrate funds into a new wallet as soon as possible.
A BIP-39 passphrase is a password used to secure your wallet. It is separate from the 12–24 word seed phrase and is used to protect your seed phrase.
BIP-39 mnemonics are composed of 12–24 words, selected at random from a list of 2048 English words. The words are used to create a unique “fingerprint” that can be used to lock and unlock your wallet.
Your BIP-39 passphrase should be kept in a safe place, separate from your actual seed phrase.
You should never store the two together, as this could lead to a security breach.
It is important to remember that a KeepKey is only as secure as the measures taken to protect it.
It is essential that you take the necessary steps to protect your KeepKey from physical attacks, as well as properly secure your wallet with a BIP-39 passphrase.