A collection of our most frequently asked questions.
We offer payments via credit card or Bitcoin. Credit card payments are processed by Stripe and Bitcoin payments are processed by our self-hosted BTCPay Server. Foundation encourages Bitcoin payments.
Yes, preorders are refundable if you cancel your order before we ship. If you change your mind for any reason, let us know and we will issue a refund to your original payment method.
If you pay in Bitcoin but change your mind, we’ll refund your entire purchase amount denominated in Bitcoin.
Likewise, if you pay in Bitcoin but the price appreciates between the day you preorder and the day we ship, we’ll refund your Bitcoin gains before shipping. This way you won’t have to make the difficult choice between paying in Bitcoin to preserve your privacy or losing out on potential Bitcoin gains!
Upon delivering Passport, returns are not accepted for security reasons. Passport cannot be factory reset and re-sold to another customer.
Yes, Passport includes a one year warranty to cover manufacturing defects only. Accidental damage, such as drops or liquid exposure, is not covered. Nor is accidentally bricking the device!
Bitcoin is sovereign money; it gives you ownership over your own financial destiny. There is a common expression in the Bitcoin world: not your keys, not your coins! Whether you own Bitcoin as an investment, as a censorship-resistant currency, or as a convenient way to transact on the Internet, it is important that you store your own private keys (and we can help with that).
Exchange hacks and losses of funds are common occurrences in the Bitcoin world, and no exchange is too big to fail. The more Bitcoin owned by a single exchange, the larger the incentive for attackers to try to steal your coins – whether external hackers or malicious insiders.
By storing your own private keys, you can have true ownership over your Bitcoin while removing the ability for hackers to steal large quantities of Bitcoin from custodians – this strengthens the Bitcoin network! For most users, the best way to store your keys is on a specially designed device called a hardware wallet.
All hardware wallets make tradeoffs between usability, security, and openness. Below is a brief explanation of the tradeoffs from the leading hardware wallet vendors.
Ledger’s hardware and firmware are closed source, with a closed source operating system running on the device. This makes it more difficult for security researchers to discover vulnerabilities that may exist on Ledger’s hardware. Many find Ledger devices difficult to use, as there are only two buttons to navigate and a small screen. And Ledger devices are not airgapped; they use USB and/or Bluetooth. This has been shown to cause certain vulnerabilities
Trezor’s hardware and firmware are open source, but they do not use a security chip (more specifically a secure element). This means that an attacker can extract the private keys in only 15 minutes with commonly available hardware (this can be mitigated by using a strong passphrase). Trezor’s Model T is easy to use due to the capacitive touch screen, but makes clear security tradeoffs as the screen and touch panel have embedded processors running unknown firmware. Trezor devices are also not airgapped; as they use USB.
Coldcard has, in our opinion, the best security model, with open source hardware and firmware plus a secure element for storage of private keys. Coldcard also has great security features, such as a phishing-resistant PIN entry process and security lights. However, Coldcard is designed for the hardcore Bitcoiner and is challenging for normal users.
Passport uses the same security architecture as Coldcard, with open source hardware and firmware plus a secure element, but places a significant emphasis on intuitive design and ease-of-use.
Passport’s larger display, alphanumeric keypad, and navigation pad create a pleasant user experience. Its camera and microSD slot ensure airgapped operations. And it uses more trustable components, like a screen without an embedded processor and AAA batteries for power.
For new users, Passport is designed to be intuitive and approachable. The navigation pad and familiar interface make it easy to set up and use Passport. If you’ve previously found hardware wallets to be intimidating or difficult, we think you’ll have a better experience with Passport.
For expert users, Passport uses the same general security architecture as Coldcard and Bitbox02, but introduces (1) integrated AAA batteries and (2) a camera for more convenient airgapped transactions. Passphrase entry is also a breeze with Passport’s alphanumeric keypad.
Bitcoin is open source software, and we believe open source software should run on open source hardware. Bitcoin necessitates a completely new type of hardware security model – since transactions are immutable, there is no recourse if your Bitcoin are stolen or lost.
Today’s hardware is mostly closed source and uses proprietary designs with confidentiality agreements.
This model worked in a world where thefts could easily be reversed by your bank or credit card company. But in a Bitcoin world, this model is fundamentally broken.
Open source hardware means that security researchers can more easily identify vulnerabilities in our products. It also means that we can adopt best practices from other open source hardware projects – and other open source hardware projects can adopt our best practices too! This leads to a healthy, more secure hardware ecosystem and means that your Bitcoin will be safer.
No, Passport only supports Bitcoin. We do not have any immediate plans to support other cryptocurrencies, and are laser-focused on building the best Bitcoin hardware wallet.
No, Passport is designed instead to work with most popular Bitcoin wallets and services. This ensures that you have the ability to select your preferred software wallet, instead of being forced to use our software or services. And it also ensures that Passport strives for mass-compatibility with the Bitcoin ecosystem.
Passport is compatible with any software wallet that supports PSBTs (partially signed Bitcoin transactions). This standard is supported by Coldcard, so it’s likely that any software wallet that supports Coldcard also supports Passport.
This includes Bitcoin Core, Electrum, Wasabi, BTCPay, BlueWallet, Sparrow, Specter, and more.
At first, most of these wallets will support Passport via microSD card. We plan to work with them to add compatibility for Passport’s camera via QR codes. BlueWallet and Specter currently support PSBTs over QR codes, and we expect most popular wallets will also support QR codes by the time Passport ships. Thank you to Blockchain Commons for putting together a standard format for data transmission via QR codes.
Yes, Passport supports both single-sig and multisig PSBTs.
All components require trust in the supplier, but some components are more trustable than others. Foundation strives to use components that are easy to verify and inspect both during and after production. We also purchase components from American distributors and reputable suppliers.
For example, most touchscreens (and screens in general) contain embedded processors running unknown firmware. This means that (1) it is difficult to verify whether the screen has been tampered with and (2) the screen is running code that is impossible to audit. These screens are typically produced in China.
Passport instead uses a more trustable screen, made by Sharp (a reputable Japanese company), that has noembedded processor and instead uses circuitry etched directly into the glass. This makes it easy for us to inspect screens at production and gives users more confidence that Passport is secure.
We bring this philosophy to our product design – our use of the Sharp display, a physical keypad, and AAA batteries combined with our American supply chain are examples of design decisions that emphasize the importance of using more trustable components.
Passport uses the same general security architecture as Coldcard, with a processor by STMicroelectronics and a 608a secure element by Microchip. Like Coldcard, the Bitcoin private keys are encrypted on the processor and stored on the secure element to minimize trust in a single chip.
All circuit designs and firmware are open source and auditable.
Passport is completely airgapped, with only a camera and microSD slot for communications. There are no USB ports and no wireless communications of any kind. This is important because it closes off numerous attack vectors and ensures that Passport can never communicate directly with an Internet-connected device.
Passport is powered by AAA batteries.
Foundation Devices is based in the USA, and we believe it is important to have close control over our supply chains. By assembling Passport in the USA, we can ensure that (1) we are on the factory floor and closely overseeing production, (2) our manufacturers are held to higher regulatory and transparency standards, and (3) we can purchase components from reputable American suppliers.
Bitcoin represents sovereignty, privacy, and freedom. We believe it is important to build our products in jurisdictions which represent these same values. This is why Foundation will never manufacture products in China.