If you’ve been reading about Trezor hardware wallets, you might have come across the term "hidden wallets" or "passphrase wallets." At first glance, it sounds like a secret mode or a special feature buried somewhere in the device. And... well, you’re not entirely wrong.
In essence, a hidden wallet on Trezor is an extra wallet created by adding a passphrase — think of it as a 25th word — to your standard 24-word seed phrase. This passphrase extends your wallet's cryptographic root, producing an entirely separate set of accounts and addresses.
Because the passphrase doesn't appear on the seed backup card, these wallets remain effectively invisible unless the exact passphrase is entered during wallet access. That's why they’re referred to as "hidden."
The takeaway? One seed phrase can give you access to multiple distinct wallets, each protected by a unique passphrase.
For a refresher on seed phrases and trust basics, check out our seed phrase basics guide.
So what’s really happening under the hood when you use a passphrase on Trezor? The device leverages BIP-39 standards, where the passphrase acts as an extra layer of entropy, effectively changing the derivation path of your private keys.
To break that down — your hardware wallet uses cryptographic functions to generate private keys from your seed phrase. When you add a passphrase (the 25th word), the seed phrase plus passphrase combo feed into the key derivation function, resulting in completely different keys.
Imagine it like a vault: your 24-word seed is the master key, while the passphrase is a secret handshake unlocking a specific compartment within the vault.
Different passphrases = different compartments, none of which are visible unless you provide the exact phrase.
It’s exactly this mechanism that allows for multiple hidden wallets without needing multiple physical devices.
For readers less familiar, our passphrase management page covers this concept in more detail.
You might be wondering: "Why bother with hidden wallets? Isn’t one hardware wallet enough?"
Well, there are a few solid reasons for using hidden wallets:
Plausible deniability: If you’re ever coerced to reveal your wallet, you can share a passphrase that unlocks only a decoy wallet — keeping your main holdings safe.
Segmentation of funds: You might want to separate your day-to-day spending from long-term cold storage or segregate assets for tax or inheritance reasons.
Enhanced privacy: Hidden wallets add a layer of privacy by making it harder for someone with partial access to understand your full portfolio.
However, remember this: passphrase use doesn’t replace basic security hygiene. It’s a powerful tool, but it requires careful management.
Switching between hidden wallets on Trezor is straightforward once you understand the process — though it’s easy to trip up if you’re used to a single-wallet mindset.
Here’s a step-by-step for switching wallets:
Connect your Trezor device to the computer and open the Trezor Suite (or compatible wallet interface).
When prompted, enter your standard PIN to unlock the device.
The interface asks if you want to use a passphrase. If you skip this, you’re in the default (no passphrase) wallet.
To access a hidden wallet, enter the exact passphrase associated with that wallet. The device then derives the appropriate keys.
Your wallet interface will switch to the hidden wallet.
To access another hidden wallet, you need to disconnect and reconnect, entering a different passphrase.
Keep in mind, passphrases are case-sensitive and space-sensitive, so precision is key.
That covers the basics of how to switch between passphrase wallets on Trezor. For a more detailed walkthrough, including screenshots and troubleshooting tips, see our dedicated guide on how to switch passphrase wallets.
One specific question I hear a lot is, "How do I show hidden wallets on Trezor One?"
Unlike newer models that might handle passphrase entry via a touchscreen, the Trezor One requires you to input the passphrase on the connected computer or device — not on the hardware wallet itself. The only time the Trezor One confirms anything is via button presses (which means you must trust the computer's interface).
Because of this, the Trezor One doesn’t have an inherent "list" or "view" of hidden wallets stored on the device — it can only present you with the wallet matching the passphrase you enter at startup.
If you forget the passphrase, there’s no way for the device to recover it — so you essentially lose access to that hidden wallet.
So, "showing" hidden wallets is really about entering the correct passphrase to unlock them, rather than toggling through wallets on-device.
This is a big one. Using passphrases undeniably adds security layers, but it also brings additional risks.
Passphrase loss = wallet loss: Since the passphrase isn’t stored or recoverable, forgetting or misplacing it means permanent loss of access to that hidden wallet’s assets.
Human error risk: Typos or inconsistencies in case, spacing, or characters can lock you out. I recommend practicing passphrase entry in a test environment before storing significant funds.
Phishing & malware risk: Because Trezor One relies on your computer for passphrase input, compromised devices can capture your passphrase. This is where air-gapped signing or using more secure input methods become important.
False sense of security: Some users think passphrase wallets protect against all threats — but passphrases don’t guard against supply chain attacks or physical root compromises.
When I tested passphrase wallets over several months, I noticed that those using hardware wallets with secure element chips and strong input verification made a tangible difference here.
Want to dig deeper? Our trezor security architecture and air-gapped signing pages shed more light.
I’ve come across numerous stories where people got locked out or had security scares due to passphrase misuse. Here are some common mistakes to watch for:
Not backing up passphrases: Your seed phrase backup won’t protect hidden wallets without the exact passphrase.
Using overly complex or hard-to-reproduce passphrases: Something simple but effective is best. Like a phrase you can easily remember and type.
Using the same passphrase across devices or wallets: Reduces the security benefit.
Not understanding that the 'default' wallet is different from those with passphrases: Sending funds to the default wallet but trying to spend from a hidden wallet won't work.
I always advise treating passphrases like top-tier passwords — back them up separately and securely, maybe on a metal plate for long-term survival. Check out our backup strategies for more ideas.
Not everyone will want or need passphrase wallets — and that’s cool.
Here are other strategies that serve a similar purpose or complement the passphrase approach:
Multi-signature wallets: Splitting private key control across multiple devices or parties improves security without relying solely on passphrases. You can read more about this in our multisig guide.
Shamir backup (SLIP-39): Breaking your seed phrase into multiple shares that require a subset to reconstruct.
Geographic distribution: Keeping hardware wallets or backups in different physical locations for disaster resilience.
Passphrase-less cold storage: Simply sticking to a strong seed phrase and physical security measures.
Choosing the right approach depends on your threat model and how hands-on you want to be. In my experience, combining passphrases with multisig or metal backup plates offers a robust hybrid balance.
Hidden wallets via passphrases offer a fascinating and flexible way to enhance your Trezor wallet security and privacy. They create multiple wallets from a single seed phrase, providing plausible deniability, segmented fund management, and more. But with great power comes the responsibility to manage passphrases scrupulously — losing them means losing access forever.
Switching between passphrase wallets involves careful input and device connection steps — on Trezor One, you enter passphrases on your computer, while other models might handle this directly on-device.
If you want to explore more about how passphrases and hidden wallets fit into your overall cold storage and security plan, our full passphrase management guide and the walkthrough on how to switch passphrase wallets are great next reads.
And of course, never neglect the basics: secure seed phrase backups (see backup strategies), firmware updates (read about firmware updates), and supply chain verification (details here) all work together to keep your crypto truly yours.
Got questions about how hidden wallets fit into your setup? Head over to our FAQ section or drop by the support and warranty page for more assistance.
Keep your keys safe, and happy hodling!