BIP39 passphrases offer an optional but powerful enhancement to the security of your Blockstream App wallet's backup seed. By adding a passphrase to your recovery phrase, you create an entirely separate, hidden wallet that is separate from the list of wallets displayed in the app. This means a single set of recovery words can unlock multiple, unique wallets depending on the passphrase used. This can be especially useful in high-risk situations, such as a $5 wrench attack, where decoy wallets may serve as a defense mechanism, or simply to compartmentalize your holdings for better privacy and control.
Note: BIP39 passphrases come with added complexity. Once a passphrase is enabled, forgetting or misplacing it means irreversible loss of access to the associated funds—even if the recovery phrase is intact. It’s essential to fully understand how passphrases function and the consequences of using one before sending any assets to a passphrase-protected wallet. If misused or misunderstood, the added security could quickly turn into a permanent barrier.
Setting up a BIP39 passphrase in Blockstream App
1. To create a new wallet with a BIP39 passphrase based on an existing wallet, start by selecting the existing wallet upon which the passphrase-secured wallet will be based after opening Blockstream App. The app will then ask you to enter your PIN code to unlock the wallet, but click the three dots in the top-right corner of the screen instead.
2. You will now see the More Options menu at the bottom of the screen, which is where you can select Login with BIP39 passphrase. After selecting that option, you will see a screen where you can create a BIP39 passphrase to use as the basis for a new wallet. Once you've entered your BIP39 passphrase into the text box, click Submit.
Note: You can also select the Always Ask checkbox to automatically bring up the BIP39 passphrase login process whenever selecting this base wallet in the future. While this enhances convenience, it also could indicate to an attacker that alternative BIP39 passphrase-enabled wallets exist on your device.
3. When you return to the screen previous screen to enter your PIN code, you will notice there is some additional text that indicates you are logging into a BIP39 passphrase-enabled wallet. After entering your PIN, the new wallet will be opened.
4. When you want to open this new BIP39 passphrase-enabled wallet in the future, you can do so by selecting the same digital wallet upon which the BIP39 passphrase-enabled wallet was based and follow the same process outlined in steps 1-3 with the same passphrase. The newly-created BIP39 passphrase-enabled wallet will also be temporarily available under the Ephemeral Wallets section of the wallet selection screen; however, this is temporary, and the wallet will disappear once you log out of it. Remember, you need both the original recovery seed from the base wallet and the BIP39 passphrase to access this new wallet in the future, and if you don't have both, you will lose access to funds sent to the wallet.