All articles

Trezor Connect

Trezor Connect is a platform for easy integration of "Login with Trezor" into websites and applications.
 

Trezor is known as the most secure cryptocurrency hardware wallet. Trezor Connect expands its application to the most secure user authentication device. It allows the user to login without the need for a password. It is immune to keyloggers or phishing and provides a simple fluid interface for users with basic computer skills.
 

Trezor Connect can be used as:

  • Authentication tool, as used in Sign in with Trezor
  • Cipherkey tool, as used in Password manager
  • Cryptocurrency wallet tool, as used in MyEtherWallet


Trezor Connect can be implemented in:

  • Google Chrome Extension
  • Websites (Google Chrome/Chromium/Mozilla Firefox)
 

How Trezor Connect works

Full documentation of Trezor Connect and its methods is on this GitHub page


After implementing Trezor Connect, a small file containing a declaration of methods is downloaded. Once the Trezor Connect method is used, the connection to the trezor.io external webpage is established and the Trezor Connect library is going to be downloaded and injected as an invisible iframe into your application. Trezor Connect is open-source, therefore it is provable that it is not saving any information about the device or account. Trezor Bridge has whitelisted domains set to "*.trezor.io" and "localhost" and it is ignoring messages coming from other domains. This ensures that Connect is not providing any data without the user's consent. Trezor Connect works as a tunnel for messages sent from your application to Trezor device via transport layer (Trezor Bridge/WebUSB).
 


Note that with the newest Trezor Connect API, the iframe element ensures that the communication after authentification with PIN and/or Passphrase persists until:

  • Application is closed or reloaded
  • Device is unplugged or used in another application
  • Ten minutes of being idle
 

The advantages are that the session carries on, it is not necessary to re-enter your PIN and/or Passphrase and, furthermore, it is sending events to the application when the device is connected, disconnected or used in another window (application). This feature makes it easier to use the Trezor device with other applications.