User manual:Security best practices
Below is a list of recommended security practices that will ensure maximum safety for your Trezor and your funds.
Choose a good PIN
The PIN is a powerful tool to keep your coins safe. It is the only thing between a thief and your funds if someone steals your device.
Do not use a simple or predictable PIN, such as "1234," or any series of repeated or sequential numbers.
Suggestion: The numbers displayed on the Trezor screen when it requests a new PIN are in a random order which changes every time you use your device. You can use them as the basis for your PIN if you do not have any better ideas. For example, you can use the first two rows when you see the matrix for the first time.
If you have trouble remembering your PIN, write it on your recovery card.
Keep your recovery seed safe
Do not enter your recovery seeds anywhere unless the physical Trezor device instructs you to do so and you confirm your choice on your Trezor. Always trust only the instructions on your Trezor device.
If you do not use a passphrase, your recovery seed is all that is needed to access your coins. The physical security of your recovery seed is much more important than that of your device. If your Trezor is stolen, it is improbable that the thieves would be able to access it without your PIN. However, if someone steals your recovery seed, your coins can be accessed easily using a different device or wallet.
If your Trezor is lost or stops working, the recovery seed is the only way to get your coins back. It is crucial to store your seed somewhere safe from theft or physical damage (e.g., in case of a fire or a flood). We recommend using a piece of paper (e.g., the recovery card provided in the package) or cryptosteel. It might also be a good idea to make multiple copies. Below are some suggestions about where to keep your recovery seed.
Where to keep your recovery card
- In a locked drawer, away from water and fire.
- In a place where no potential thieves are likely to find it.
- Somewhere where your family members will find it in case something unexpected happens to you.
Where NOT to keep your seed
- Online backup
- Offline backup
- Encrypted folder
Use passphrase (for advanced users only)
It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to physical attack. Even if someone stole your device and examined its chip under an electron microscope to discover your recovery seed, your coins would still be safe. The passphrase can be any word, sequence of words or any set of letters (similarly to a password). However, your passphrase should be easy to remember.
The flip side to this extreme level of security is that if you forget your passphrase, you will lose your coins forever. There is no other way to recover your funds.
This security feature is for advanced and informed users only - if you are not sure how the passphrase works, we do not recommend using it. To learn more about protecting your funds with multiple passphrases, see Multi-passphrase encryption (hidden wallets).
Get a second Trezor device
Getting a second Trezor device is an additional safety feature to protect your funds. If your Trezor device or its recovery seed is stolen, lost, or compromised, you can always send your funds to your second Trezor or recover them using your seed.
Do not talk about how much cryptocurrency funds you have
In general, it is better to keep quiet about the balance of your accounts. Talking too much is particularly dangerous on social media and internet forums.
For example, if you tell someone on the internet that you own a lot of bitcoins, some malicious party might read that conversation. These people might then try to steal your funds using a variety of tactics - including cyber attacks and physical violence.
Just remember, loose lips sink ships.