Before you begin: prerequisites
- Your Ledger hardware wallet (in box) and original USB cable.
- A desktop/laptop for the initial setup with a trusted browser and internet access.
- Pen and the supplied recovery card, or a dedicated metal backup plate for long-term storage.
- A calm, private space with about 30–60 minutes to allocate for the initial setup and verification steps.
If you are setting up multiple devices for an organization, coordinate roles: one person should verify device authenticity while another documents backup locations and labeling conventions.
Download Ledger Live (safe download practices)
Always download Ledger Live from the official Ledger website. Look carefully at the URL and TLS certificate in your browser and prefer direct downloads from the vendor page to reduce the risk of spoofed or malicious installers. If your environment demands higher assurance, verify the installer checksum or digital signature where provided.
Why verify? Verifying the installer reduces the chance of running a tampered copy of the app. For most consumer setups, ensuring the download originates from the official site is sufficient. For corporate or high-security environments, require signed hashes and policy checks.
Install and launch Ledger Live
Run the installer for your OS and follow the platform prompts. On macOS you may need to allow the app in Security & Privacy; on Linux you might need to install distro-specific packages or add udev rules for non-root access. Launch Ledger Live after installation. The app will present options such as "Set up a new device", "Restore device", or "Open existing Ledger Live." Choose the option that matches your situation.
If you are restoring from a seed, be sure to perform the restore only on the device using the official restore flow — never enter seed words on a computer or website.
Connecting your Ledger device
Connect the device using the supplied USB cable directly to your computer — avoid unknown hubs during setup. Ledger Live will detect the device. The device will display welcome messages and prompts; always read the hardware display carefully and approve only actions that match your intention. Use the device buttons (or touchscreen on supported models) to interact with it; never type your PIN or seed into the host machine.
Initialize the device & create a PIN
During setup you will choose to create a new wallet or restore an existing one. For a new wallet, the device will prompt you to set a PIN. Choose a PIN that you can remember but that others won't guess. The PIN protects the device from casual misuse if lost or stolen. The device may wipe itself after repeated incorrect attempts — this is configurable on some models but is a common anti-brute-force protection.
Be mindful: do not write the PIN on the recovery card or store it alongside the seed. Keep the PIN and seed separate.
Generate and secure your recovery phrase
The device generates a recovery phrase (commonly 24 words). Write each word clearly and in order on the supplied recovery card. Confirm the words when prompted by the device — it will ask you to verify some words to ensure you recorded them correctly. Consider making two physical copies and storing them in different secure locations (for example, a home safe and a safety deposit box) for resilience against fire, flood, or theft.
Never store your recovery phrase digitally — no photos, notes apps, cloud backups, or email. Digital storage is the most common vector for seed compromise.
Optional: metal seed plates provide long-term durability. If you use a metal backup, ensure compatibility and correctly stamp or engrave the words in order.
Firmware verification & updates
Ledger Live checks device firmware and will offer verified updates when available. Firmware updates can contain important security fixes and feature improvements. Only apply firmware updates via Ledger Live — the Suite verifies update signatures. Read update notes and confirm the update prompts on the device screen. If firmware authenticity checks fail, stop and reach out to official support before proceeding.
Installing apps & adding accounts
Ledger devices use small on-device apps for different blockchains (for example, Bitcoin and Ethereum). Install the required apps from Ledger Live's Manager and then add accounts to your portfolio. Ledger Live will discover addresses derived from your seed; you may label accounts to keep personal, business, and savings funds separated for bookkeeping and privacy.
Note: some tokens and chains may require third-party integrations — prioritize reputable integrations and read community notes before enabling complex features.
Receiving funds — verify on device
When receiving funds, generate a receive address inside Ledger Live and always verify that the address shown in the application matches the one displayed on the Ledger device screen. Host-side malware can alter what the app displays; the device display is your single source of truth. Only share addresses that you verified on device.
Sending funds — sign on device
To send funds, prepare the transaction in Ledger Live. Ledger Live will send an unsigned transaction to your device for on-device verification and signing. Carefully read the recipient address, amount and fee on the device screen before approving. If anything looks off, cancel the operation and investigate. If you are interacting with smart contracts, review human-readable summaries where available and verify calldata descriptions carefully.
Optional: passphrase and hidden wallets (advanced)
A passphrase is an optional extra secret appended to your recovery seed to create a hidden wallet. It affords plausible deniability and compartmentalization of assets. However, passphrases increase operational risk: if you lose the passphrase, the hidden wallet is irrecoverable. Use passphrases only if you have disciplined secret handling and document your secret management procedures.
If you enable a passphrase, store it separately from the seed and rehearse restores in a controlled environment before storing large amounts.
Advanced workflows: multisig, air-gapped signing & institutional custody
For higher security or organizational custody, consider multisignature setups (multiple keys required to sign transactions) or air-gapped signing (a device never directly connects to the internet, and data is transferred via QR or secure USB between machines). Multisig reduces single-point-of-failure risks; air-gapped setups reduce exposure of signing devices. These workflows require well-documented operational procedures and thorough testing before use in production.
Troubleshooting common issues
Device not detected
Try a different USB cable or port, avoid untrusted hubs, restart Ledger Live and the computer. On Linux, check udev rules for device permissions. If the device is still not detected, review Ledger Live diagnostics or consult official support resources.
Forgot PIN
If you forget the device PIN you must reset the device to factory settings and then restore from your recovery seed. Do not reset if you do not have a secure copy of the seed — resetting without the seed will permanently remove access to the funds stored under that seed.
Suspicious prompts or phishing
Any request for your recovery seed or passphrase outside the device restore flow is a scam. Close the session, disconnect, and reach out to official support via the verified vendor site. Never provide secret words to anyone claiming to be support.
Operational best practices
- Keep Ledger Live and device firmware up to date via official channels.
- Store seed backups in geographically separated, secure locations.
- Rehearse recovery procedures on a test device to ensure you can restore under stress.
- Limit the number of people who know backup locations; maintain a documented custody plan for teams.
- Use strong, unique PINs and consider an app password for local profile protection.
Incident response: lost device or suspected compromise
If a device is lost but the seed remains secure, restore the seed to a new Ledger device or compatible hardware wallet and resume operations. If you suspect the seed has been exposed, move funds to a newly generated wallet as soon as practical, using a secure device and network. Document the incident and review custody and backup processes to prevent recurrence.
Frequently Asked Questions
Do I need Ledger Live every time?
Ledger Live is the recommended companion for day-to-day management and firmware updates. For some advanced operations, you may use third-party integrations, but prefer official tools for firmware and critical updates.
How many copies of my recovery phrase should I keep?
At least two physical copies in separate secure locations is a common baseline. Consider durable metal backups for long-term resilience against fire and water damage. Avoid digital copies under all circumstances.
What is the difference between PIN and passphrase?
The PIN protects local access to your device (like a lock on the device). The passphrase is an extra secret appended to the seed that creates a hidden wallet. PINs are required for everyday access; passphrases are optional and add extra security but also complexity and recovery risk.