PIN Security Features

Duress Wallets

This feature enables a secondary PIN in order to unlock your Coldcard device in case you are being coerced into unlocking it.
Once unlocked using the duress PIN, you will arrive in a wallet different than your original one, where you can store some of your funds in order for a potential attacker to be satisfied and leave you alone.
There are ways for an attacked to tell that you have only given them access to a duress wallet, but they must be technically skilled to do so.
The duress wallet acts like a normal wallet on your Coldcard. However, it is derived from the main wallet.
You main wallet backup will also include the duress wallet and funds.

Steps

  1. 1.
    Go to Settings
  2. 2.
    Go to PIN Options
  3. 3.
    Select Duress PIN
  4. 4.
    Enter PIN prefix and note down the anti-phishing words
  5. 5.
    Enter PIN suffix
  6. 6.
    Confirm the PIN once more
Entering 999999-999999 will clear the existing duress PIN, if any.

Recovery of Funds from Duress Wallet

To recover funds from the "duress wallet", import your original seed words into a new Coldcard, and assign a duress PIN again. Then login to the duress wallet and re-import that into your desktop wallet.
Alternatively, if you have the 7Z encrypted backup file, decrypt that and import the xprv shown inside for the duress wallet. You could also calculate the extended private key based on the seed or xprv of the real wallet.
BIP32 subkey paths are used to derive the duress wallet, if m was your real wallet, the duress wallet will be found at:
m/2147431408'/0'/0'
When you login with the duress PIN, the real PIN failure counter cannot (and should not be) reset. The display of that count is suppressed if the duress PIN was recently used.

Brick Me PIN (optional)

When enabled, entering this special PIN will activate your Coldcard's self-destruct feature. All elements and information stored on the device will get destroyed and your Coldcard will be rendered useless.
This process is irreversible! Once activated, the Coldcard can no longer be used.
Please be careful with the Brick Me PIN. The destruction process is quick and irreversible. The Coldcard should be discarded.

Steps

  1. 1.
    Go to Settings
  2. 2.
    Go to PIN Options
  3. 3.
    Select Brick Me PIN
  4. 4.
    Enter PIN prefix and note down the anti-phishing words
  5. 5.
    Enter PIN suffix
  6. 6.
    Confirm the PIN once more
Entering 999999-999999 will clear the existing Brick Me PIN, if any.

Login Countdown (optional)

This feature forces a time delay when logging into the Coldcard. Once you entered your PIN correctly, you must wait for the predetermined time delay before you can log into your Coldcard.
This feature can be useful against an attacker, since the timeline of their attack would be greatly extended and present greater risk for them to get caught.
Choose between 5/15/30 minutes, 1/2/4/8/12 hours, and 1/2/3/7/28 days.
Steps:
  1. 1.
    Go to Settings
  2. 2.
    Select Login Countdown
  3. 3.
    Select time you wish to use for your login countdown
You must provide continuous power to your Coldcard device for the timer to elapse!