User manual:Security best practices
Below is a list of recommended security practices that will ensure maximum safety for your Trezor and your funds.
Choose a good PIN
The PIN is a powerful tool to keep your coins safe. It is a barrier protecting your accounts from lurking hands and unwarranted physical access to your device.
Enable the PIN protection and choose a unique and memorable PIN.
Do not use a simple or predictable PIN, such as "1234," or any series of repeated or sequential numbers.
Suggestion: The numbers displayed on the Trezor screen when it requests a new PIN are in a random order which changes every time you use your device. You can use them as the basis for your PIN if you do not have any better ideas. For example, you can use the first two rows when you see the matrix for the first time.
If you have trouble remembering your PIN, write it on your recovery seed card.
Keep your recovery seed safe
Do not enter your recovery seeds anywhere unless the physical Trezor device instructs you to do so and you confirm your choice on your Trezor. Always trust only the instructions on your Trezor device.
If you do not use a passphrase, your recovery seed is all that is needed to access your coins. The physical security of your recovery seed is much more important than that of your device. If your Trezor is stolen, it is improbable that the thieves would be able to access it without your PIN. However, if someone steals your recovery seed, your coins can be accessed easily using a different device or wallet.
If your Trezor is lost or stops working, the recovery seed is the only way to get your coins back. It is crucial to store your seed somewhere safe from theft or physical damage (e.g., in case of a fire or a flood). We recommend using a piece of paper (e.g., the recovery card provided in the package) or cryptosteel. It might also be a good idea to examine Shamir Backup as an option. Below are some suggestions about where to keep your recovery seed.
Where to keep your recovery seed card
- In a locked drawer, away from water and fire.
- In a place where no potential thieves are likely to access it.
- Somewhere where your family members will find it in case something unexpected happens to you.
Where NOT to keep your seed
- Anywhere online
- Offline (digital) backup
- Encrypted folder
Use the passphrase feature
It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to any physical attack. Even if someone stole your device, disassambled it, and broke the chip to extract your recovery seed, your coins would still be safe. The passphrase can be any word, sequence of words or any set of letters (similarly to a password) and is not stored anywhere on the device.
The flip side to this extreme level of security is that if you forget your passphrase, you will lose your coins forever. There is no other way to recover the funds.
This security feature is for advanced and informed users only - if you are not sure how the passphrase works, we do not recommend using it. To learn more about protecting your funds with multiple passphrases, Passphrase and our blog articles Passphrase - the ultimate protection for your accounts, and Recovery Seed, PIN and Passphrase.
Get a second Trezor device
Getting a second Trezor device is an additional safety feature to protect your funds. If your Trezor device or its recovery seed is stolen, lost, or compromised, you can always send your funds to your second Trezor or recover them using your seed.
Do not talk about how much cryptocurrency funds you have
In general, it is better to keep quiet about the balance of your accounts. Talking too much is particularly dangerous on social media and internet forums.
For example, if you tell someone on the internet that you own a lot of bitcoins, some malicious party might read that conversation. These people might then try to steal your funds using a variety of tactics - including cyber attacks and physical violence.
Just remember, loose lips sink ships.