Multiple accounts vs. passphrases

Passport Core
1

I see the option in Passport Core to add a new account and I watched the tutorial about this function. It seems very much like a simple alternative to using multiple passphrases with the same seed.

But what I didn’t learn is if these multiple accounts can be accessed through other signing devices in the same way passphrases can (i.e. I lose my Passport and need to sign a transaction using Jade instead).

Are multiple accounts reproducible outside of Passport on other devices?

The other main difference I see is that multiple accounts are much easier to create, just a simple digit and name (like a sub category in your bank account). It seems that’s more for function and not an additional secure layer like a passphrase, correct?

2 Likes
2

Hi there, and welcome to the forum!

That’s a great question, and as you were saying, passphrases and accounts work in slightly different ways, and have slightly different tradeoffs, yes. Accounts are defined by BIP44 - any wallets compatible with this (which will probably be most/ if not all of them) should be able to show your accounts. So yes, jade, ledger, trezor, all these are highly likely compatible with this as it is a well established standard.

image
image1288×573 49.8 KB

In the screenshot above (source), m means “private key”, so you can have multiple accounts accessible from the same private key (that is, your 12/24 words). Anyone with access to your seed will have access to all the accounts.

The main goal of accounts is to segregate your coins. For example, you could have an account for your KYC bitcoin, and an account for your non-kyc bitcoin. They are both accessed with the same key, but they literally work like two different bank accounts under your name, with different sets of addresses and they will never get mixed.

Passphrases on the other hand, are another completely different thing.

image
image1524×1059 153 KB

Instead of segregating your bitccoin in different “folders”, if you wish, inside the same seed like the accounts, using a passphrase creates a completely different, new, private key (source of photo).

Here we have to clarify a misconception: we usually say your 12/24 words are your private key - this is false. Your private key is generated after some randomness (called entropy) is passed through a function called PBKDF2. In order to make this randomness more human friendly, we came up with a system that instead of passing ones and zeroes thgouth the function, passes words through them (BIP39). This way, using the same 12/24 words you always get to the same rivate key (hence the simplification seed words=private key).

Enter, passphrase. As you can see in the screenshot above, the passphrase is an extra piece of text that you add to your 12/24 seed words, called “salt”. This essentially adds more randomness to the private key generation. This way, with the same 12/24 seed words and with the same passphrase, you always generate the same private key.

This means that the private key of your 12/24 words and the private key of your 12/24 words+passphrase are completely different. Think completey different brand new wallets. Just as different as one 12/24 seed wallet can be from any other. If someone steals your 12/24 words, they will have access to all the accounts in there, but not to the accounts in the 12/24 words + seedphrase wallet. This is more secure, but it is also another moving part, in the sense that you have to not forget it, and/or back it up, and so on.

Hope this helps!

6 Likes
3

Jack, this is very helpful and informative! Thank you for taking the time to explain. The graphics are really good too. That confirms my understanding of the usefulness of passphrases as a nice additional security feature. And the Passport core makes it especially easy to enter (as opposed to some other devices that don’t work so well with alphanumerics

4 Likes