How Do Mnemonic Phrases Work?

A mnemonic phrase or mnemonic seed is a set of typically either 12 or 24 words, which can be used to derive an infinite number of accounts. Often times these phrases are used by cryptocurrency hardware wallets, to be written down on a piece of paper by the user to safely back up the users' funds.

For example, a 12 word mnemonic phrase looks like this:

jealous expect hundred young unlock disagree major siren surge acoustic machine catalog

Sometimes these are referred to as recovery phrases, seed phrases, or 12-word phrases by other wallets and/or interfaces.

In the Ethereum ecosystem, mnemonic phrases are generally generated following the BIP 32 spec. Popular hardware wallets, like Ledger and Trezor, follow this spec, same applies to MetaMask. The mnemonic phrase generated by your wallet (usually) consists of 24 words, randomly selected from the BIP 32 English wordlist, some wallets make use of a 12-word mnemonic phrase that are shorter and therefore easier to remember.

Mnemonic Passphrases

Many wallets provide an option to enhance the security of your mnemonic phrase with a password or passphrase. This is useful as accessing your wallets would require you to have something you have (the mnemonic phrase) plus something you know (the password). Often times this is referred to as the 13th or 25th word, though this is technically not accurate.

There are some key differences between a typical password and the password that protects your mnemonic phrase. Because the password doesn't encrypt the mnemonic phrase (like the password encrypts your keystore file), there is no "wrong" password. Using a different password will result in different accounts being unlocked.

Plausible Deniability

Since every password generates a valid seed and will unlock a different account, there is no "wrong" password. It is meant to protect you from the "wrench attack," and enables you to create a decoy wallet which has the same mnemonic phrase but uses a different password. If someone forces you to give them access to your wallets, you could provide the decoy password, and keep the real password (with all your funds) a secret.

Info

Losing this password will result in you losing access to your wallets and funds.