Official Site® | Ledger.com/Start®: The Definitive **Ledger Device Setup** Guide

This is your **Official Setup Portal** for your **Ledger Hardware Wallet**. Successfully completing this **Ledger Device Setup** process is the *only* path to achieving true **crypto security** and **digital asset management**. We will guide you through the critical steps: device verification, setting your **PIN Code**, and securely recording your **24-word Recovery Phrase**. Your full **non-custodial** control over your **crypto assets** begins now.

Start My Ledger Setup and Security Journey

Ensure your Ledger Nano X or Nano S Plus is charged and ready to begin initialization.

Phase 1: Unboxing, Power, and **Genuine Check** Protocol

Verifying the physical integrity and firmware authenticity of your **Hardware Wallet**.

The first crucial step in the **Ledger Device Setup** is the physical verification of your package. Every Ledger Nano device—be it a **Ledger Nano S Plus** or **Ledger Nano X**—must arrive in packaging with all tamper-proof seals intact. This initial inspection is your first layer of defense against supply chain attacks. Confirm the presence of the device, the USB cable, and the indispensable three sheets of paper for your **Recovery Phrase**. If any seal appears compromised, **stop the setup** immediately and contact official Ledger support. This diligence is fundamental to robust **Ledger security**.

The **Secure Element** and Firmware Integrity

Before generating any **private keys**, the device’s internal integrity is checked. The Ledger device utilizes a specialized chip known as a **Secure Element** (CC EAL5+ certified), a tamper-resistant microcontroller designed to securely host sensitive data and cryptographic operations. This chip is what isolates your **crypto assets** from the risks of a compromised computer. Upon connection to the **Ledger Live** application, an **Attestation Check** (or **Genuine Check**) is performed. This complex cryptographic handshake confirms that the internal firmware is factory-signed by Ledger and has not been altered by malicious actors. Only a genuine Ledger with uncompromised firmware will pass this check, allowing the **Ledger Device Setup** to proceed. This verification process guarantees that the environment for generating your **24-word Recovery Phrase** is completely secure.

It is critical to remember that this process must be initiated by downloading the **Official Ledger App** directly from Ledger.com. Downloading from unofficial sources risks installing malware that could intercept future transaction data, though the **Secure Element** itself remains protected.

Phase 2: Setting Your **PIN Code** – The Local Access Barrier

Establishing the physical security lock for your **Hardware Wallet**.

Next in the **Ledger Device Setup** sequence is the **PIN Code** creation. The device screen will display "Choose PIN Code," and you use the device’s physical buttons to input your choice. This design isolates the input mechanism from your host computer, rendering **keyloggers** or remote screen capture attacks completely ineffective. Your PIN should be between 4 and 8 digits. We strongly recommend a 6 or 8-digit PIN for superior entropy and protection.

The **PIN Code** is essential for **Ledger security** because it provides an immediate physical lock. If the device is lost or stolen, the thief is only allowed three incorrect PIN attempts. On the third failure, the **Secure Element** automatically triggers a factory reset, securely wiping the **private keys** from the device's memory. Your **crypto assets** remain safe on the blockchain, only recoverable by entering the **24-word Recovery Phrase** into a new device. This mechanism ensures that the PIN protects against casual theft, while the **Recovery Phrase** protects against total loss.

Importance of Isolated PIN Entry

Focus on the device screen during this step. Never input the PIN into your computer's keyboard or trackpad. The entire philosophy of the **Hardware Wallet** is built on the principle of the "trusted screen"—the small, dedicated display confirms actions and inputs only on the device itself. This isolation is non-negotiable for maintaining the highest level of **crypto security**.

Phase 3: Generating and Securing the **24-Word Recovery Phrase**

The master key, derived using the **BIP39 standard**—your ultimate backup.

This is the single most critical step of the entire **Ledger Device Setup**. The device will now generate a unique **24-word Recovery Phrase** using a high-entropy source within the **Secure Element**. This phrase, sometimes called the seed, is the cryptographic root from which all your **private keys** and public addresses for all your **digital assets** (Bitcoin, Ethereum, etc.) are derived, following the industry-standard **BIP39 standard**.

**Meticulous Transcription:** As each word (Word 1 to Word 24) is displayed sequentially on the **Hardware Wallet** screen, you must copy it precisely onto the official **Recovery Phrase** sheets. Double-check spelling and order. Errors in transcription are the leading cause of permanent **crypto asset** loss. The **Ledger Device Setup** ensures that this phrase is only ever visible on the device's screen and never transmitted or recorded digitally by the **Ledger Live** application.

The Non-Digital Rule for **Ledger Security**

**ABSOLUTE NON-DIGITAL RULE:** You must **NEVER** digitize your **24-word Recovery Phrase**. This means no photographs, no screenshots, no typing it into an email, a document, or a cloud service like Google Drive or Dropbox. If you break this rule, you have voluntarily exposed the master key to your **crypto assets** to the internet, nullifying the $100 price tag of the device and the decades of **hardware security** expertise built into it. True **non-custodial security** relies on the phrase existing only in the physical world.

Phrase Verification and Final Commitment

To finalize this phase, the device will initiate a verification sequence. You will be prompted to confirm specific words from your list (e.g., "Word 8 is..."). This mandatory, manual check ensures you have a usable, correct copy of the phrase. Only after successful verification does the device become "ready" for **digital asset management**. This rigorous process is the cornerstone of **Ledger security**.

Phase 4: **Ledger Live** Configuration and **Firmware Updates**

Connecting the secure hardware to the intuitive software interface for **digital asset management**.

Now that your **Hardware Wallet** is initialized and your **Recovery Phrase** is secured, return to the **Ledger Live Desktop** application. The final steps involve setting up your software interface.

  1. **Final Genuine Check:** The **Ledger Live App** performs a final integrity check to confirm the device is active and configured correctly.
  2. **Install **Crypto Apps**: Use the "Manager" section in **Ledger Live** to install the specific applications (e.g., Bitcoin, Ethereum, Cardano) you need on your device. These are small programs that allow the **Secure Element** to communicate with the corresponding blockchain for transaction signing. They do *not* store your **crypto assets**—the keys remain safely inside the device.
  3. **Add Accounts:** Once the apps are installed, use the "Accounts" section to automatically generate public receiving addresses. This is how you start receiving **crypto assets**.
  4. **Firmware Management:** The Manager is also where you check for and apply **firmware updates**. Keeping your device's firmware up-to-date is vital for patching vulnerabilities and ensuring compatibility with the latest blockchain features. Always verify the **firmware integrity** within the **Ledger Live** interface.

The relationship between the **Hardware Wallet** and **Ledger Live** is symbiotic: the wallet provides the impenetrable security (holding the **private keys**), and Ledger Live provides the convenient, verifiable interface for viewing balances and initiating transactions. This separation of concerns is why Ledger is considered the leader in **crypto security**.

Phase 5: Advanced **Ledger Security** and Usage Protocols

Embracing the **Non-Custodial** Philosophy and Long-Term Protection.

The **Ledger Device Setup** is complete, but your responsibility as a **non-custodial wallet** owner has just begun. By holding your own **private keys**, you have effectively become your own bank, gaining complete sovereignty over your **digital assets**. This comes with the responsibility of safeguarding the **Recovery Phrase**.

The Importance of Physical **Recovery Phrase** Storage

Standard paper storage is sufficient for the short term, but for long-term **digital asset management**, consider **fireproof** and **waterproof** solutions. Many experienced users engrave their **24-word Recovery Phrase** onto metal plates. This is the gold standard for long-term data preservation, ensuring that natural disasters or unforeseen accidents cannot destroy the one key that restores your **crypto assets**. Remember to store this physical backup in a location separate from the **Hardware Wallet** itself—a safe deposit box, a home safe, or another secure location known only to you.

Understanding Transaction Signing

Every time you send **crypto assets** from your **secure Ledger Live Wallet**, you must physically interact with your Ledger device. When you hit 'Send' in **Ledger Live**, the software prepares the transaction details and sends them to the device. The device’s **Secure Element** signs the transaction using your **private keys**. Crucially, the final step requires you to manually confirm the recipient address, amount, and fees on the device's trusted screen by pressing the physical buttons. If a hacker has compromised your computer, they can change the recipient address in the software interface, but the true details displayed on the **Hardware Wallet** screen cannot be manipulated. **Always verify the details on the device screen.** This mandatory physical confirmation is the fundamental safeguard of **Ledger security**.

Advanced Features: Passphrase (25th Word)

For those seeking the pinnacle of **Ledger security**, the optional BIP39 Passphrase (often called the 25th word) can be set up. This is an additional, user-defined word or string that acts as a second **Recovery Phrase**. If the **24-word Recovery Phrase** is discovered by an unauthorized party, they still cannot access your primary funds without this 25th word. This advanced feature is only recommended for expert users, as losing the 25th word means permanent loss of funds, with no recovery possible, even if the original **24-word Recovery Phrase** is intact. Use this feature to manage **digital assets** that require the absolute maximum level of isolation.

---

Common Questions During **Ledger Device Setup**

The **PIN Code** is strictly a local access key. It is used to unlock the **Hardware Wallet** for daily use and protects against casual physical theft. The **24-word Recovery Phrase** is the global master backup. It is the only key that can restore your entire portfolio of **crypto assets** on any compliant **non-custodial wallet** device worldwide. Losing the PIN is inconvenient; losing or compromising the phrase is catastrophic and final.

Is it ever safe to save a digital copy of the **Recovery Phrase** if it is highly encrypted?

No, under no circumstances should the **24-word Recovery Phrase** ever be digitized. The moment it enters a computer's memory—even if encrypted—it is exposed to potential side-channel attacks, keyloggers, or advanced remote access Trojans. The core of **Ledger security** is its **air-gapped** nature. Always store the phrase physically, using specialized solutions like metal backups for superior fire and water resistance.

What should I do if the **Genuine Check** protocol fails during the **Ledger Device Setup**?

If the **Genuine Check** fails in **Ledger Live**, it means the device’s **Secure Element** could not be cryptographically verified as authentic and uncompromised. **Do not use the device.** Contact Ledger Support immediately. This protocol is in place to protect you from using a counterfeit or tampered **Hardware Wallet** that may have a pre-generated, compromised **Recovery Phrase**.

If my Ledger device is lost, but I have my **Recovery Phrase**, how quickly can I access my **crypto assets**?

Immediately. The funds are not stored on the device; they reside on the blockchain. Once you acquire a new Ledger device (or any other compatible **BIP39 standard** wallet), you simply use the **24-word Recovery Phrase** to restore your accounts. This process typically takes only a few minutes within the **Ledger Live** application. Your access to your **digital assets** is based solely on the phrase, not the device itself.

Does uninstalling a **crypto app** from my **Hardware Wallet** delete my **crypto assets**?

Absolutely not. Uninstalling an app (like the Bitcoin app) only removes the software necessary for transaction signing. Your **private keys**, which secure your **digital assets**, are permanently stored within the **Secure Element** and derived from your **Recovery Phrase**. Your funds remain safe on the public blockchain. You can uninstall and reinstall applications as needed to manage space on the device.

If my computer is infected with a virus, can my **Hardware Wallet** still be compromised?

The **Ledger security** model is designed specifically to prevent this. Since the **private keys** never leave the **Secure Element** chip, and every critical action (like signing a transaction or viewing the **Recovery Phrase**) requires confirmation on the device's isolated screen, a virus on your computer cannot steal your funds. The only way for an attacker to compromise your funds is if they gain physical access to your **Recovery Phrase**.

What exactly does **non-custodial** mean in the context of my **Ledger Device Setup**?

**Non-custodial** means that you, and only you, have custody (control) of your **private keys**. Unlike an exchange or custodial wallet where a third party manages the keys on your behalf, a Ledger device gives you total, sovereign control. This is the foundation of true ownership of **crypto assets**. It means Ledger cannot freeze, seize, or access your funds—but it also means you are entirely responsible for the security of your **Recovery Phrase**.

I hear about the '25th Word' or Passphrase. Should I use it during the **Ledger Device Setup**?

The Passphrase (25th word) is an advanced feature that adds an extra layer of security, creating a hidden wallet separate from the one derived by the **24-word Recovery Phrase**. It significantly enhances security but comes with a major caveat: if you forget the 25th word, the funds associated with it are permanently lost, even if you still have the **24-word Recovery Phrase**. It is recommended only for experienced users who understand the extreme responsibility it entails.

Do I need to re-add every single account (Bitcoin, Ethereum, etc.) after using the **Recovery Phrase** on a new device?

Yes, partially. Once you restore the device with the **24-word Recovery Phrase**, the device contains the master key again. You then open **Ledger Live**, reinstall the necessary **Crypto Apps** (e.g., Bitcoin), and then select 'Add Account.' **Ledger Live** will automatically scan the blockchain paths associated with your seed and automatically detect and display all your existing **crypto assets**. You don't lose the account history or funds.

Is a 4-digit PIN enough, or should I choose the full 8 digits during the **Ledger Device Setup**?

While the 4-digit PIN is secure because the device wipes itself after three failed attempts, choosing 6 or 8 digits is strongly recommended. The increased complexity makes brute-force guessing during the limited three attempts virtually impossible, offering superior protection against a dedicated physical attacker trying to access the device before it wipes the **private keys**. Prioritize an easily memorable but non-obvious 8-digit combination for maximum **Ledger security**.