Two approaches people often consider to gain additional bitcoin security are a passphrase (a one-word secret) and multisig (secures your bitcoin with multiple keys). Let’s see how these two approaches compare. 👇

Singlesig + passphrase

A passphrase adds some protection in that it distributes your risk across three critical items (your device, seed phrase backup, and your passphrase), but it still has a major single point of failure. If your passphrase is ever lost or forgotten, your bitcoin are gone forever because you no longer have the key to the bitcoin wallet.

Multisig

Multisig is a bitcoin custody model where you construct a wallet using multiple bitcoin keys instead of just one.

Multisig is very flexible, allowing wallet developers and even users to set the total number of keys used to construct the wallet (n) and the number of those keys required to spend (m). This creates what’s called an m-of-n quorum. There are practically infinite ways to approach multisig, but the most popular approaches are 2-of-3 (three keys total, with any two keys required to spend) and 3-of-5 (five keys total, with any three needed to spend).

Convenience - SS + passphrase is more convenient than DIY multisig but similar to collaborative custody multisig

Ease of backup - It’s easier to back up a single hardware wallet, a seed phrase, and a passphrase than back up all the keys and seed phrases necessary to properly store your bitcoin in a standard multisig wallet.

Availability - To understand the differences between passphrase and multisig for availability of access, you have to consider multiple possible scenarios: singlesig with and without properly secured passphrases, standard multisig, and collaborative custody multisig. Each of these has different availability of access profiles.

Transaction costs - Mining fees in periods of low demand for block space are very cheap, leaving this category often irrelevant. However, it remains true that multisig transactions are more expensive than singlesig transactions. Using a passphrase with singlesig doesn’t add anything additional to the mining fee above standard singlesig; the mining fees are directly correlated with the number of keys involved in the transaction.

Fault tolerance - Multisig shines against singlesig with a passphrase and singlesig in general when it comes to fault tolerance. That’s because the nature of multisig (and, again, proper key storage and seed phrase backups!) makes it very difficult to lose enough keys (and the necessary wallet configuration information) to lose access to your funds.

Resisting attacks - Altogether, multisig has the slight upper hand for attack resistance. In 2-of-3, an attacker would have to physically compromise at least two physical locations without your knowledge and have specific knowledge that the discovered keys are used in multisig and compromise your multisig configuration information.

Financial services - Collaborative custody multisig opens the door to financial services done in a trust-minimized way, such as collateralized loans (where three parties can share custody of funds so that all parties have transparency as to the state of the funds on the blockchain). It also uniquely solves for the problem of bitcoin inheritance.

Can you add a passphrase to multisig?

Yes, you can add passphrases to one or more of the keys used in your multisig m-of-n scheme. But should you?

Most bitcoin users set up multisig wallets without passphrases because multisig already eliminates a given hardware wallet or seed phrase as a single point of failure. Adding passphrases can add unnecessary complexity, and unnecessary complexity diminishes security rather than improves it.

Every decision you make regarding bitcoin custody involves trade-offs. Perhaps multisig helps you sleep better at night, but you might have to drive several hours to get to that second key if you want to benefit from geographically-distributed keys. Or maybe you have to wait for your collaborative custody partner to verify your identity to sign with their key.

Choosing between singlesig (with or without a passphrase) and multisig isn’t an A or B choice; the answer for you might even be both! Maybe you want to secure the more significant portion of your net worth in a multisig collaborative context for peace of mind while keeping smaller amounts for easy access available in a software wallet on your phone.

It’s all about looking at your situation and finding a balance of trade-offs that work best for you and your family or organization.