There is a little known feature in your Ledger device that I think you should start using right away. Feature allows you to have two pin codes to unlock your device where one of the codes is a fake one. I will explain how this feature is made so you gain a better understanding of your hardware wallet and what is even more important you can use it to protect your privacy.
Why bother? What is everyone doing not good enough?
It will protect your privacy. Many countries already have a law that requires you to unlock your device (whether it's a laptop, phone or hw wallet) for inspection at border control. Having a fake pin code you can fully obey the rules exposing no information in return.
When should I consider setting up a second pin code?
This can be effectively used on new wallets where you generate your new seed phrase. If you already have set up your hardware wallet the only way to implement this is to buy a new device, set it up from scratch and then transfer your funds to the new wallet.
Should I do this if I have never used a HW wallet before?
Yes, absolutely. First steps here are exactly the same as when you’re setting up a new wallet. Just follow Ledger instructions and once it's done we will add extra steps.
Here is what we will do
- First step in the device setup is to set a pin code.
This will be your fake pin code however it needs to be one you will not forget. I suggest setting up something easy to guess which would suggest you aren't a security expert. For me 55555 (five fives) looks good enough.
- Next is to write down your recovery phrase.
This is not fake, you should keep it safe as it allows access to your wallet.
- Once done, your device is set up and you need to install a few apps to be able to use it.
Go ahead and install what you will need, but do not add accounts in your Ledger Live application. The idea here is to dedicate this wallet to be a fake one without any funds, without any history of transactions. Anyone who forces you to unlock your ledger device will see nothing and learn nothing.
- Go to settings. We're going advanced now
Go to your device settings and keep both buttons once the menu shows up. Then go to Security and then Password. It will ask you for confirmation, go ahead. Then select "Attach to pin code" which will be your real wallet pin code.
- Pick your second pin code
Do not restrict yourself but make sure you will remember this one as well. This becomes a pin code to your real wallet.
- Pick a strong password
Use a password manager to generate a strong, 12+ characters long password. It will be a pain to input it on the device, but you need to do this only once. Then the password will be shown to you for confirmation, write it down along with your recovery phrase.
- Confirm the operation with your fake pin code.
If these steps are not fully clear, please see also the Ledger instruction of the topic.
But how does it work? Will I be able to recover my real accounts when I lose my device?
Yes, no worries. I will cover this step as well.
I wrote an instruction for recovering private keys, you can find it here if needed. So you might already know that in BIP-39 Mnemonic code for generating deterministic keys there is a procedure to generate a bunch of private keys out of a mnemonic phrase. This procedure anticipates adding an additional passphrase to your mnemonic phrase which in our case is a password from the 6th step above.
So without a password your Ledger generates a wallet which you decide to not use - the fake one. By adding the password, Ledger generates another, separate wallet which shares your recovery phrase with the fake but also has an extra password.
Time for an action!
If you followed my instruction Hardware wallet - recover private keys you recovered private keys associated with the "zero seed" generated wallet.
Let's use this mnemonic, but this time with a password.
# First ETH address of the wallet generated from above mnemonic and password is:
# Address 0xaDd1f749C26f8ADCD0786cF10575947BDC703e3c
And a little quiz for you dear reader.
Which of the following is a 100th Ethereum address generated with above parameters?
There is nothing more to win than the experience!