Replying to Avatar semisol

I do not get why some HWW manufacturers recommend entering a passphrase on *every boot*, compared to storing it on the HWW itself.

The entire point of a HWW is to securely store your keys, and the PIN is a much stronger mechanism than passphrase. (because of the limited tries)

So you could store the passphrase on the HWW without losing security, and keep it separate *for the paper backup*.

But some dumb vendors say for "additional security" enter your passphrase every time. Which is basically "we do not trust our PIN mechanism to be secure enough."

Such an implementation also increases the risk your passphrase gets stolen, as you use it much more frequently, and so will most likely store it in a more convenient but less secure location.
Avatar
lemon 2mo ago

Passwords are the worst

People use the same one everywhere because no one can remember the password for every site they visit

So the accepted practice is to store all of them in a single location/application with some less secure than others

Passwords are prone to scams because anyone can click “forgot your password” and so the site is only as secure as the next “secret” that lets you reset it like your mother’s maiden name

Limited PIN attempts is superior

Reply to this note

Please Login to reply.

Discussion

Avatar
semisol 2mo ago

This is for passphrases for Bitcoin seeds which are even worse because brute forcing and immutable