The passcode is optional, but strongly recommended. Without a passcode, a third-party service(apple/google) could recover your key based on the derivation rules.

Of course, you can also choose not to remember it and store the passcode in your iOS/Android device’s secure storage—then your key can be directly recovered on the same device.

Note that this is not a signing service; it’s a key recovery solution. Once recovered, the key is stored on the client, and signing is done locally on your client.