Anyone who doesn't hold their own Bitcoin doesn't own Bitcoin — they own a promise from a bank or exchange. Switching to a hardware wallet (cold storage) is the most important step toward financial sovereignty. But especially for users of Linux or the new iPhone model (BitBox02 Nova), there are a few pitfalls during setup.
In this guide we walk through the process step by step — securely, cleanly, and without panic.
1. Preparation: The "Clean Room" Phase
Before connecting any hardware, we prepare the digital environment. Security doesn't start when you plug in — it starts with downloading the software.
Official source: Download the BitBoxApp exclusively here:
https://bitbox.swiss/start
(This link automatically redirects you to the correct version for Linux, Android or iOS).
Critical Note for Linux Users (the "udev" Checkpoint)
Running Debian, Ubuntu, Fedora or Arch? Then first contact often fails. The app can't see the BitBox even though it lights up.
The reason: Linux doesn't grant USB devices automatic user access for security reasons (User Permissions).
The fix: You need to install the so-called udev rules for the BitBox.
- Open the Shift Crypto Help Center and search for "Linux" or "udev".
-
There you'll find the file
52-bitbox02.rules, which must be installed to/etc/udev/rules.d/. -
Optional (only required on some distributions):
sudo usermod -aG plugdev $USER -
Important: After that, log out and back in once
(or restart the system).
Only then launch the BitBoxApp.
2. The Setup Process (Universal Protocol)
Whether Linux, Android or Apple (Nova) — the core process is identical and follows the principle of "Don't Trust, Verify".
Step 1: The Handshake (Pairing)
You connect the BitBox02 to your device:
- Linux/Android: via USB-C cable.
- Apple (BitBox02 Nova only): via Bluetooth (scan in the app).
The BitBox02 Nova connects under iOS exclusively via Bluetooth. This is due to Apple's strict USB restrictions, which prevent direct USB communication with hardware wallets. On Linux, Android and desktop systems, the BitBox connects normally via USB.
Security check: A pairing code appears on the BitBox display and on your screen. Only confirm if both codes are absolutely identical. This prevents man-in-the-middle attacks.
Step 2: The Device Password
You choose a password directly on the device (by touching the sensors on the sides).
Important to understand: this password only protects against physical theft of the device itself — it is not your recovery key (seed).
Step 3: The Cold Storage Backup (MicroSD vs. 24 Words)
The BitBoxApp now prompts you to insert the MicroSD card to write the encrypted backup of your seed phrase.
- Never insert this card into your PC or phone to "check" whether anything is on it.
- The card stays air-gapped. It only ever touches the BitBox.
Do I need to write down the 24 words?
Default: No. The BitBox is designed so that the MicroSD backup is sufficient. This prevents transcription errors, which happen often.
Alien recommendation: Yes, do it anyway! A MicroSD card is electronics and can fail. A piece of paper (or better yet, steel) lasts forever.
You can view the words at any time in the app:
Manage device > Show recovery words.
Mission-critical rules when writing down your seed phrase:
- No witnesses: Make sure you are completely unobserved.
- No cameras: Watch out for webcams on your laptop or surveillance cameras in the room.
- Silence: Never speak the words aloud! Everything nowadays has microphones (phone, smart speaker, laptop) and could be listening.
3. Expert Level: The Optional Passphrase
In the BitBox settings you'll find the option "Optional passphrase". This is the feature that trips up most beginners.
"The passphrase is not an 'extra password' for your existing wallet. It mathematically generates a completely new wallet."
Before you enable this switch, you must read this article:
Warning & Guide: Optional Passphrase – Benefits and Risks
Here's how the math works:
- Seed = Wallet A (your "main wallet")
- Seed + passphrase "Secret123" = Wallet B (completely empty, new wallet)
- Seed + passphrase "Secret124" = Wallet C (yet another wallet)
The risk: The BitBox does not store this passphrase. It also doesn't check whether it is "correct".
If you make a typo during setup or recovery, you simply open a new, empty wallet.
If you send coins there and forget the typo, the coins are mathematically inaccessible — gone forever.
Only use this feature if you know exactly what you're doing (e.g. for "plausible deniability").
4. Platform Summary
| System | Connection | Notes |
|---|---|---|
| Linux | USB-C | Requires udev rules! Most secure environment (open-source OS). |
| Android | USB-C | Often requires enabling "OTG" (On-The-Go) in Android settings. |
| Apple (iOS) | Bluetooth | BitBox02 Nova only. Uses the "Whisper" protocol. USB connection is not supported by the app under iOS. |
Security is not a state — it's a process. Take your time with setup, don't rush, and double-check everything.
Your financial freedom is worth it.