User manual:Security best practices

From Trezor Wiki
Jump to: navigation, search
Trezor Wiki/User/User manual/ Security best practices

Below is a list of recommended security practices that will ensure maximum safety for your Trezor and your funds.

Choose a good PIN[edit]

The PIN is a powerful tool to keep your coins safe. It is the only thing between a thief and your funds if someone steals your device.

Do not use a simple or predictable PIN, such as "1234," or any series of repeated or sequential numbers.

Suggestion: The numbers displayed on the Trezor screen when it requests a new PIN are in a random order which changes every time you use your device. You can use them as the basis for your PIN if you do not have any better ideas. For example, you can use the first two rows when you see the matrix for the first time.

If you have trouble remembering your PIN, write it on your recovery card.

For more information, see also Set up a PIN and our blog articles 3 simple rules for a good PIN, How easy would it be to guess your PIN? and Recovery Seed, PIN and Passphrase.

Keep your recovery seed safe[edit]

WarningMalicious websites masquerading as the official Trezor Wallet might ask you to enter your recovery seed in your browser in the order specified by the website.

Do not enter your recovery seeds anywhere unless the physical Trezor device instructs you to do so and you confirm your choice on your Trezor. Always trust only the instructions on your Trezor device.

If you do not use a passphrase, your recovery seed is all that is needed to access your coins. The physical security of your recovery seed is much more important than that of your device. If your Trezor is stolen, it is improbable that the thieves would be able to access it without your PIN. However, if someone steals your recovery seed, your coins can be accessed easily using a different device or wallet.

If your Trezor is lost or stops working, the recovery seed is the only way to get your coins back. It is crucial to store your seed somewhere safe from theft or physical damage (e.g., in case of a fire or a flood). We recommend using a piece of paper (e.g., the recovery card provided in the package) or cryptosteel. It might also be a good idea to make multiple copies. Below are some suggestions about where to keep your recovery seed.

For more information, see also: Recovery, Recovery seed and our blog articles Recovery Seed, PIN and Passphrase and Learn about: Recovery seed.

Where to keep your recovery card[edit]

  • In a locked drawer, away from water and fire.
  • In a place where no potential thieves are likely to find it.
  • Somewhere where your family members will find it in case something unexpected happens to you.

Where NOT to keep your seed[edit]

  • Dropbox
  • Email
  • Online backup
  • Offline backup
  • Encrypted folder

Use passphrase (for advanced users only)[edit]

It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to physical attack. Even if someone stole your device and examined its chip under an electron microscope to discover your recovery seed, your coins would still be safe. The passphrase can be any word, sequence of words or any set of letters (similarly to a password). However, your passphrase should be easy to remember.

The flip side to this extreme level of security is that if you forget your passphrase, you will lose your coins forever. There is no other way to recover your funds.

NoteEvery passphrase generates a new wallet. If you have stored some funds in your Trezor before setting up the passphrase encryption, they will not appear after enabling the passphrase. But do not worry, they are not lost. You can access them by entering an empty passphrase.

This security feature is for advanced and informed users only - if you are not sure how the passphrase works, we do not recommend using it. To learn more about protecting your funds with multiple passphrases, see Multi-passphrase encryption (hidden wallets).

For more information see also Passphrase and our blog articles Passphrase - the ultimate protection for your accounts and Recovery Seed, PIN and Passphrase.

Get a second Trezor device[edit]

Getting a second Trezor device is an additional safety feature to protect your funds. If your Trezor device or its recovery seed is stolen, lost, or compromised, you can always send your funds to your second Trezor or recover them using your seed.

WarningIf you lose access to both your device and the recovery seed, your funds are lost.

Do not talk about how much cryptocurrency funds you have[edit]

In general, it is better to keep quiet about the balance of your accounts. Talking too much is particularly dangerous on social media and internet forums.

For example, if you tell someone on the internet that you own a lot of bitcoins, some malicious party might read that conversation. These people might then try to steal your funds using a variety of tactics - including cyber attacks and physical violence.

Just remember, loose lips sink ships.

Like Trezor? Get one here!