Each and every wallet on your BC Vault is individually encrypted with a combination of an application password, entered on your computer and a PIN entered on your BC Vault using industry-standard encryption.
In addition, you can specify a Global PIN and password, which adds an additional layer of security to your BC Vault, without which the device won't even respond to public key requests.
This means that in total you have following passwords and PIN's available:
- Global Password - Used for unlocking access to BC Vault along with the device's Global PIN. Entered in the application.
- Global PIN - Used for unlocking access to BC Vault along with the device's Global Password. Entered on the device.
- Wallet Password - Used for sending currencies from individual wallets along with the Wallet PIN. Entered in the application.
- Wallet PIN - Used for sending currencies from individual wallets with along with the Wallet Password. Entered on the device.
You can use ANY COMBINATION of the above. Meaning you can choose not to use Global Password/PIN at all or maybe just Global Password and no Global PIN.
But remember, that you have to use at least 1 method (we strongly recommend password+pin) to properly encrypt all your data. The more you use, more secure the data!
Your Global Password+PIN and Wallet Password+PIN is NOT stored on BC VAULT, thus it can't be exposed, even if somebody would gain physical access to your BC VAULT and disassemble it down to the bits & bytes.
We recommend you also read the following: A deep dive into the BC Vault security model
Also read: Password hints, How can I verify my wallet password/pin?