User manual:Security best practices

From Trezor Wiki
Jump to: navigation, search
Trezor Wiki/User/User manual/ Security best practices

Below is a list of recommended security practices that will ensure maximum safety for your Trezor and your funds.

Choose a good PIN

The PIN is a powerful tool to keep your coins safe. It is the only thing between the thief and your funds in case someone steals your device.

Do not use a simple or predictable PIN, such as "1234" or any series of repeated or sequenced numbers.

Suggestion: The numbers displayed on the Trezor screen when it requests a new PIN are in a random order which changes everytime you use your device. You can use them as the basis for your PIN if you don't have any better ideas. For example, you can use the first two rows when you see the matrix for the first time.

If you have trouble remembering your PIN, write it on your recovery card.

For more information, see also Set up a PIN and our blog articles 3 simple rules for a good PIN, How easy would it be to guess your PIN? and Recovery Seed, PIN and Passphrase.

Keep your recovery seed safe

If you do not use a passphrase, your recovery seed is all that is needed to access your coins. The physical security of your recovery seed is much more important than that of your device. In case your Trezor is stolen, it is very improbable that the thieves will be able to access it without your PIN. However, if someone steals your recovery seed, your coins can be accessed easily using a different device or wallet.

If your Trezor is lost or stops working, the recovery seed is the only way to get your coins back. It is therefore crucial to store your seed somewhere safe from theft or physical damage (e.g. in case of a fire or a flood). We recommend using a piece of paper (e.g. the recovery card provided in the package) or cryptosteel. It might also be a good idea to make multiple copies. Below are some suggestions about where to keep your recovery seed.

For more information, see also: Recovery, Recovery seed and our blog articles Recovery Seed, PIN and Passphrase and Learn about: Recovery seed.

Where to keep your recovery card

  • In a locked drawer, away from water and fire.
  • In a place where no potential thieves are likely to find it.
  • Somewhere where your family members will find it in case something unexpected happens to you.

Where NOT to keep your seed

  • Dropbox
  • Email
  • Online backup
  • Offline backup
  • Encrypted folder

Use passphrase (for advanced users only)

It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to physical attack. Even if someone stole your device and examined its chip under an electron microscope to discover your recovery seed, your coins would still be safe. The passphrase can be any word, sequence of words or any set of letters (similarly to a password). However, your passphrase should be easy to remember.

The flip side to this extreme level of security is that if you forget your passphrase, you will lose your coins forever. There is no other way to recover your funds.

NoteEvery passphrase generates a new wallet. If you have stored some funds in your Trezor before setting up the passphrase encryption, they will not appear after enabling the passphrase. But don't worry, they are not lost. You can access them by entering an empty passphrase.

This security feature is for advanced and informed users only - if you are not sure how the passphrase works, we do not recommend using it. To learn more about protecting your funds with multiple passphrases, see Multi-passphrase encryption (hidden wallets).

For more information see also Passphrase and our blog articles Recovery Seed, PIN and Passphrase and Hide your wallets with multiple passphrases.

Get a second Trezor device

Getting a second Trezor device is an additional safety feature to protect your funds. In case your Trezor device or its recovery seed is stolen, lost or compromised, you can always send your funds to your second Trezor or recover them using your seed.

Warning:If you lose access to both your device and the recovery seed, your funds are lost.

Do not talk about how much cryptocurrency funds you have

In general, it is better to keep quiet about the balance of your accounts. Talking too much is particularly dangerous on social media and internet forums.

For example, if you tell someone on the internet that you own a lot of bitcoins, some malicious party might read that conversation. These people might then try to steal your funds using a variety of tactics - including cyber attacks and physical violence.

Just remember, loose lips sink ships.