I keep coming back to single-sig plus passphrase because it sits in an awkward middle.

It is much stronger than a bare seed phrase in a drawer.

It is much simpler than multisig.

It is also very easy to mess up in a way that gives you no customer support path, no reset button, and no sympathetic recovery flow.

That combination makes people argue about it in the wrong tone. Some people treat passphrases like a magic upgrade. Some treat them like a footgun nobody should touch. I think both sides are missing the practical question.

Can this person operate the setup correctly under stress?

For most normal holders, my answer is: single-sig plus passphrase is often the best balance, if the recovery procedure is written down, tested, and boring enough to repeat.

Not always. Not for every amount. Not for every family. But often.

What the passphrase actually does

A BIP39 wallet starts with the mnemonic: the 12 or 24 words most people call a seed phrase.

The passphrase is not a PIN. It is not a label. It is not a password that encrypts the same wallet.

The BIP39 spec says the mnemonic and the string "mnemonic" + passphrase are used together to derive the binary seed. If no passphrase exists, an empty string is used. That means changing the passphrase changes the wallet.

This is the part people need to feel in their bones:

Same 24 words. Different passphrase. Different wallet.

Same 24 words. Typo in passphrase. Different wallet.

Same 24 words. Passphrase forgotten. The wallet you funded is gone unless you can recover the exact passphrase.

There is no “forgot passphrase” email.

This is why I do not like describing passphrases as “just a 25th word.” That phrase is common, but it makes the feature sound too friendly. A passphrase can be a word, but it can also be a longer phrase. What matters is that it becomes part of the secret material needed to derive the wallet.

Why I still like it

I like single-sig plus passphrase because it separates risk without making the whole system too complex.

Bare single-sig has one scary object: the seed phrase. Anyone who finds it and knows what it is can move the funds. A hardware wallet PIN helps if they only have the device, but the seed backup is still the root.

Add a passphrase and the attacker needs more than the seed words. The backup alone is not enough. The device alone is not enough. The seed and passphrase belong together, but they do not have to live together.

That is a meaningful improvement.

It also gives you a practical decoy option. A small amount can live in the no-passphrase wallet while the main wallet uses the passphrase. That can help in a physical-pressure scenario where someone expects to see something.

But I do not want to oversell this. Single-sig plus passphrase is still single-sig. One signing key controls the wallet. If the wallet architecture is wrong, if the recovery process is unclear, if the passphrase disappears, the simplicity becomes the failure.

The strength is also the sharp edge.

Why multisig is not the automatic answer

Multisig is powerful. For larger holdings, organizations, shared control, or inheritance-heavy situations, it can be the right design.

It also adds moving parts.

More hardware devices. More backups. More locations. More wallet descriptors. More ways for a non-technical family member to freeze when something happens. More ceremony before a simple transaction.

For some people, that complexity is worth it.

For many people, it creates a setup they admire but do not maintain.

That is the failure mode I care about. Not whether the architecture looks good in a diagram. Whether the person can recover it after six months of not thinking about it.

If someone cannot reliably restore a single-sig plus passphrase wallet on a spare device with a test amount, I do not want to hand them multisig and call it safer.

Complex security that the owner cannot operate is not safer in practice.

It is just a more impressive way to get locked out.

My minimum bar

If someone uses single-sig plus passphrase, I want the setup to pass a dry run.

Not a mental dry run. A real one.

Can you recover the wallet on another device?

Can you identify the correct wallet before moving meaningful funds?

Can you tell the difference between the no-passphrase wallet and the passphrase wallet?

Can your trusted person find the instructions if you are unavailable?

Can they understand the instructions without calling you?

Is the passphrase backed up in a way that survives forgetfulness, death, fire, travel, and panic?

This is where people get uncomfortable because the answer is often no.

They have the seed phrase. They “know” the passphrase. They maybe wrote it somewhere. They did not test the whole path.

That is not a custody system. That is a hope.

The part most people underestimate

The hard part is not generating the wallet.

The hard part is future-you.

Future-you is tired. Future-you moved apartments. Future-you replaced a phone. Future-you forgot which wallet app was used. Future-you has a family member asking what to do while everyone is stressed.

That is the version of you the system needs to serve.

So the design needs written procedures:

  • What devices exist.
  • Where the seed backup lives.
  • Where the passphrase recovery path lives.
  • How to verify the receiving address.
  • How to do a small test transaction.
  • What not to type into a website.
  • Who to call before moving anything large.
  • What to do if the device is lost.
  • What to do if the person who understands the setup is unavailable.

The procedure matters as much as the cryptography.

My default opinion

For most individuals who hold a meaningful but not institution-sized amount of bitcoin, I would rather see a well-tested single-sig plus passphrase setup than a sloppy multisig setup.

That does not mean passphrases are beginner-safe.

It means the operational burden is usually closer to what people can actually maintain.

One hardware wallet.

One seed backup.

One passphrase recovery path.

One written procedure.

One restore test.

Then repeat the test on a schedule.

That is boring enough to survive real life. Boring is underrated in custody.

If the amount grows, the family situation changes, or the access model needs more than one human, revisit multisig. Security architecture should move with the risk profile.

But do not jump to multisig because it sounds more serious. Start with the setup you can execute under stress.

The perfect setup on paper is not the one I want.

I want the one that still works when somebody loses a device and nobody slept well the night before.

Sources