Trezor Connect is a platform for easy integration of "Login with Trezor" into websites and applications.
Trezor is known as the most secure cryptocurrency hardware wallet. Trezor Connect expands its application to the most secure user authentication device. It allows the user to login without the need for a password. It is immune to keyloggers or phishing and provides a simple fluid interface for users with basic computer skills.
Trezor Connect can be used as:
Trezor Connect can be implemented in:
After implementing Trezor Connect, a small file containing a declaration of methods is downloaded. Once the Trezor Connect method is used, the connection to the trezor.io external webpage is established and the Trezor Connect library is going to be downloaded and injected as an invisible iframe into your application. Trezor Connect is open-source, therefore it is provable that it is not saving any information about the device or account. Trezor Bridge has whitelisted domains set to "*.trezor.io" and "localhost" and it is ignoring messages coming from other domains. This ensures that Connect is not providing any data without the user's consent. Trezor Connect works as a tunnel for messages sent from your application to Trezor device via transport layer (Trezor Bridge/WebUSB).
Note that with the newest Trezor Connect API, the iframe element ensures that the communication after authentification with PIN and/or Passphrase persists until:
The advantages are that the session carries on, it is not necessary to re-enter your PIN and/or Passphrase and, furthermore, it is sending events to the application when the device is connected, disconnected or used in another window (application). This feature makes it easier to use the Trezor device with other applications.