KeepKey has an optional security feature called a passphrase. A passphrase can be used to encrypt your private keys. This is an additional word that you can choose to create a "hidden account" or "hidden wallets".
A passphrase can be any word or any set of letters that you might use as a password. Your passphrase should be memorable though. You typically would not write it down anywhere, to eliminate any possibility of it being discovered.
If your recovery sentence is compromised, the thief will only see the accounts that are not passphrase protected. By storing a small amount of bitcoin there, you can trick them into thinking they have accessed your funds. The protected wallets are only visible and accessible when the additional word (passphrase) is entered.
However, if you lose or forget your passphrase, you have lost access to your assets. Your passphrase is not stored anywhere and no means of recovering it exists other than brute force (trying every possible passphrase). Additionally, the device can't tell when you mistype your passphrase. If you send transactions to an account after a passphrase has been mistyped, it is likely that you will not be able to recover your crypto assets sent to addresses derived from the passphrase.
Once you log into your ShapeShift Membership account on your KeepKey device, you will not be required to log back in until you log out. If you have a passphrase enabled you'll need to enter it every time you'd like to access your KeepKey device and your associated ShapeShift Membership account. Please note, the passphrase feature is still available if you're using the ShapeShift Beta Platform.
Keep in mind, your passphrase will still be required to access the correct accounts upon logging in. Your assets will remain on the same private key - 12-word recovery sentence - they were originally located on with the corresponding passphrase.
If you would like to disable your Passphrase please refer to this article.