# Mobile Wallet Payment Password Assessment

Canonical HTML: https://czb.com/en/mobile-wallet-payment-password.html

Last updated: 2026-06-02

## Summary

This CZB Security Lab topic explains how to handle forgotten mobile wallet app payment passwords, transaction passwords and unlock PINs for wallets such as imToken, TokenPocket, MetaMask Mobile, OKX Wallet, Trust Wallet, Bitget Wallet, SafePal and OneKey.

The core distinction is between a local app password and the key material that controls assets. A local app password protects wallet data on the phone. Seed phrases, private keys, keystore files and passphrases determine whether a self-custody wallet can be safely re-imported or assessed.

## Useful Assessment Signals

- The owner has a complete seed phrase, private key, keystore file, hardware wallet or verifiable backup clue.
- The app still opens and shows addresses, but signing or transfers fail because of a forgotten payment or transaction password.
- The old phone, app version, visible error prompts, public address and transaction history can still be preserved.
- There may also be phishing, approval exposure or suspicious on-chain activity that requires incident-response triage.

## Strong Boundaries

- CZB does not ask users to submit complete seed phrases, private keys, passphrases or full keystore files through public pages, chats or forms.
- CZB does not provide unauthorized access, third-party account bypassing, device security bypassing or wallet security circumvention.
- If no seed phrase, private key, keystore, passphrase or verifiable backup material exists, self-custody wallets usually have no customer-support reset path.

## Related Sources

- https://czb.com/en/methodology.html
- https://czb.com/en/crypto-incident-response.html
- https://czb.com/en/security-lab.html
- https://czb.com/mobile-wallet-payment-password.html