blog.trezor.io Open in urlscan Pro
52.4.38.70  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Open in app

Sign In

Get started


Home
Notifications
Lists
Stories

--------------------------------------------------------------------------------

Write


Published in

Trezor Blog

SatoshiLabs
Follow

Aug 12, 2016

·
7 min read
·

Listen



Save







HARDWARE WALLETS


RECOVERY SEED, PIN AND PASSPHRASE


LEARN THE BASIC SECURITY FEATURES USED BY CRYPTOCURRENCY WALLETS TO BETTER
UNDERSTAND HOW TO SECURE YOUR CRYPTO.



Your recovery seed is the most critical part of your crypto wallet. Keep your
device safe from unauthorized access with a strong PIN and encrypt your seed
using a passphrase for greater security from physical attack.


CONTENTS

 * Recovery seed
 * What does the Recovery seed actually represent?
 * PIN against unauthorized physical access
 * How to choose a good PIN?
 * Malware-proof PIN entry
 * Forgot your PIN? No problem!
 * Passphrase as an advanced security measure
 * How to use a Trezor passphrase?


RECOVERY SEED

A Recovery seed is usually a sequence of 12-24 words which are uniquely and
securely generated inside your Trezor, when you first set it up. It is of utmost
importance to keep this list of words secret and safe — it is your only backup!

If your device is lost or broken, you will need it for recovery. This is a
simple process where you enter the words of your seed, in order as prompted,
into a new Trezor device. You may also use any other Bitcoin wallet that
supports the same standard as Trezor (BIP39).

Do not underestimate the process of writing down the seed; make sure you have
all words correctly spelled and in the right order.

Never make a digital copy of your seed, i.e. do not store it in any form on any
computer, mobile phone or cloud storage. Consider your seed compromised once you
make a digital copy of it, even if you do it on an offline device such as a copy
machine or a digital camera. We cannot stress enough to only store the seed
offline — written on a piece of paper, engraved, or stored in a Cryptosteel.


WHAT DOES THE RECOVERY SEED ACTUALLY REPRESENT?

The Recovery seed is the representation of your “master key” in simple and easy
to remember 12-24 words. (It is much easier to write down English words, in
comparison with strings like “a24iqhx98…”.)

From this master key your Trezor creates a unique structure of private keys that
are then used to:

 * Sign your bitcoin transactions.
 * Encrypt your passwords in Trezor Password Manager.
 * Log into into websites, or servers via SSH.
 * Sign messages.

Your public keys, which are used to generate addresses, are also derived from
your master key.

This means that if you ever lose your Recovery seed, you may lose access to all
of those features. Moreover, if anyone gains access to your seed, they can
access all your wallets and information. Read more about “What If” situations in
the Trezor User Manual.

Now let’s have a look at how to protect your initialized Trezor.




PIN AGAINST UNAUTHORIZED PHYSICAL ACCESS

PIN is a number combination that you set during the Trezor initial setup. It
protects your Trezor from being physically used by unauthorized individuals.
Just like the PIN for your credit card, it should be only known by you.


HOW TO CHOOSE A GOOD PIN?

Technically speaking the PIN can be up to 50 digits long when using a Trezor
Model T, but we recommend to use a PIN of 6–8 digits. A PIN comprises numbers
from 1 through 9.

We strongly discourage you from using easy to guess PINs: number sequences (e.g.
1–2–3–4), your birthday or from reusing the same numbers in a PIN.


The blind matrix keeps the numbers hidden on your Trezor Model One device.


MALWARE-PROOF PIN ENTRY

We have invented a safe way of entering the PIN so that you can use your Trezor
even on a computer with viruses and keyloggers (designed to capture everything
as you type).

When PIN entry is needed from you, a PIN matrix with dots instead of the numbers
appears on your computer screen. The Trezor display will indicate the placement
of the numbers, which are always randomly shuffled. Every time you use your
Trezor, you will need to look at the device to find the actual placement of the
numbers you want to enter.

This method protects you from keyloggers — your computer never knows what you
are actually entering, only the Trezor itself “translates” the clicked positions
into the actual PIN numbers. It also makes it difficult for other people to eye
up your PIN code — if somebody is looking over your shoulder, he may see you
clicking some blank buttons, but he won’t see your PIN digits. The observer
would need to see both the Trezor display and your computer screen, which is
quite difficult when you are careful.


How do you enter your PIN into Trezor? Watch the video!


FORGOT YOUR PIN? NO PROBLEM!

Your PIN is independent from the seed. That means, that you can set a new PIN
using the Trezor recovery process in case you forget it. You only need to have
access to the seed to do so, which also means that your PIN does NOT protect
your seed against being compromised. The PIN is there to protect your device
from being used by people around you.




PASSPHRASE AS AN ADVANCED SECURITY MEASURE

A passphrase can be any word, any set of letters or even a sentence. You could
also think of the passphrase as the 25th word of the seed, which is never saved
on the device. As such, a passphrase generates a different wallet.

As the passphrase is the “25th seed word”, this means that your entire wallet —
key-pairs and addresses (all that secret stuff), will be generated from the
passphrase too — from all 25 words. Without the passphrase you will not be able
to access your wallet, as, if enabled, it becomes a necessary component to your
seed.

> This is in contrast with PIN, which is device-specific. Passphrase is
> wallet-specific. In other words, your PIN protects your device from being
> used. Your passphrase protects your seed/wallet from being used.

Your passphrase should be memorable. Typically, you would not write it down
anywhere, to eliminate any possibility of it being discovered. Remember that
with the Model One, you enter the passphrase directly into the computer, and
this process is not protected against keyloggers like the PIN entry. For this
reason, you should never be tempted to disable your PIN even if you use the
passphrase!

If you enable passphrase protection, you will be asked for a passphrase every
time you connect your Trezor and work with a wallet interface such as Trezor
Suite or through Trezor Connect.


THE PASSPHRASE HAS A TRIPLE SECURITY EFFECT:

1. It makes your Trezor impervious to physical attack. Even if your Trezor was
stolen and the chip hacked while examined under an electron microscope to
discover your recovery seed, your bitcoins will still be safe!

2. It protects your bitcoins in case someone steals your Recovery seed from you.
Without your passphrase, the thief won’t be able to access your coins.

3. One or more passphrases can be used with the same Trezor device to create
“hidden wallets,” which can be an advantage in situations such as being held at
a gunpoint, (also known as the $5-wrench-attack). Use different passphrases to
create “decoy” wallets with lower balances next to your main wallet, so you only
give away some funds in the event of this attack.




HOW TO USE A TREZOR PASSPHRASE?

Start by setting up your Trezor with the passphrase enabled. Any time you plug
in your device to access your bitcoins, you will be asked to enter a passphrase.
Anything you enter will automatically generate a new (hidden) Trezor wallet.

Remember your passphrase well. You will never be told that the “passphrase is
not correct” when you mistype. Also, there is no way a Trezor could recover it
for you, it is only in your memory.

Non-frequent Trezor users may want to set a regular reminder in their calendar
to refresh their memory by booting up their device in Trezor Suite and entering
the passphrase.

And if you are not sure if you can remember your passphrase and insist on
storing it in a written form, same rules as for the seed apply. No digital form,
safe place, never online; plus one additional rule: never store your passphrase
together with your Recovery seed.

> Notice!
> 
> As every passphrase generates a different wallet, this means that you will
> have to move your bitcoins from the ‘[empty]’ wallet to a ‘[new passphrase]’
> wallet.
> 
> You can do this by starting Trezor with a passphrase you want to use, and
> copying the receive address. Then restart Trezor and use [empty] passphrase to
> get into your default wallet, and send all your coins to the copied address.
> Or move a different amounts of coins at a time, to leave an amount in the
> [empty] wallet for plausible deniability.




LINKS

Trezor Shop: shop.trezor.io

Documentation: User Manual, FAQ, Trezor Apps





478



7



478

478

7





MORE FROM TREZOR BLOG

Follow

The official blog for the world’s first hardware wallet — Trezor. All you need
to keep your bitcoin and digital identity safe.

Braiins | Slush Pool

·Aug 11, 2016


HOW TREZOR WAS BORN FROM A HACKING ATTACK THAT AFFECTED SLUSH POOL

In these days, the most trending topic is definitely the Bitfitnex hack. What
naturally comes to everybody’s mind, as a comparison, is the…

Bitcoin

3 min read





--------------------------------------------------------------------------------

Share your ideas with millions of readers.

Write on Medium

--------------------------------------------------------------------------------

SatoshiLabs

·Aug 8, 2016


MYTREZOR.COM IS LEARNING NEW LANGUAGES

Up until now, myTrezor.com was only available in English. But even though it is
the world’s most commonly spoken foreign language, not everyone is perfect at
it. In any case, it’s still nicer to communicate in your mother tongue,
especially with a device that you trust with your hard-earned money. …

Bitcoin

2 min read





--------------------------------------------------------------------------------

SatoshiLabs

·Aug 5, 2016


TREZOR: MITIGATING RISK FOR BITCOIN EXCHANGES

Bitcoin is the most secure digital asset of today. Yet the infrastructure,
legislative burdens, complexity or nature of the processes often prevent bitcoin
businesses from adopting the best security practices. Bitcoin has experienced
many heists and thefts and each of them has resulted in many disappointed users
abandoning this great…

Bitcoin

3 min read





--------------------------------------------------------------------------------

SatoshiLabs

·Jul 13, 2016


TREZOR 2 HACKATHON INVITATION

SatoshiLabs To Unveil Next Generation TREZOR — SatoshiLabs is calling security
hackers, developers and designers to hack to protect online security and privacy
under the guidance and mentorship of the most renowned security experts Andreas
M. Antonopoulos, Jochen Hoenicke, Marek Palatinus and Pavol Rusnak. SatoshiLabs
will kick-start the hackathon by the first public presentation of TREZOR 2…

Hackathons

2 min read





--------------------------------------------------------------------------------

SatoshiLabs

·Jul 1, 2016


NEW TREZOR CHROME EXTENSION - RE-ENABLE WHEN PROMPTED IN YOUR BROWSER.

July 01, 2016 — SatoshiLabs pushed a new version of the TREZOR Chrome Extension
1.1.1. Users will be gradually asked by their Chrome browser to re-enable the
extension by simply hitting the “Re-enable” button. What is TREZOR Chrome
Extension? TREZOR Chrome extension allows websites and web applications to
communicate with a TREZOR device. The Chrome…

Bitcoin

1 min read





--------------------------------------------------------------------------------

Read more from Trezor Blog


RECOMMENDED FROM MEDIUM

SatoshiLabs

in

Trezor Blog

INTRODUCING RECEIVE ADDRESS VERIFICATION IN TREZOR WALLET.



Bright Union

BRIGHT UNION PARTNERS WITH INSPEX TO SECURE THE BRIGHT RISK INDEX



Flashgordan Bloghub

WORDPRESS INTEGRATES ETHEREUM



Manish Kumar

in

System Weakness

KERBEROASTING — PART 1: LAB SETUP



Eric Chow

INFORMATION TECHNOLOGY (IT) VS. OPERATIONAL TECHNOLOGY (OT) & WHY OT SECURITY IS
SO IMPORTANT



Alex Parfentiev

in

Major threats to your business: human factor

AN URGENT ASSIST OR STRATEGIC RISK MANAGEMENT



Micheal Lanham

in

DataDrivenInvestor

HACKING HARRY POTTER : WIZARDS UNITE



think

MR. ROBOT



AboutHelpTermsPrivacy

--------------------------------------------------------------------------------


GET THE MEDIUM APP


Get started

Sign In




SATOSHILABS


11.7K Followers


Innovating since we founded the industry in 2013 with production of the first
crypto hardware wallet, the Trezor One. Open-source, secure, community-driven.


Follow



MORE FROM MEDIUM

Isaiah McCall

in

Yard Couch

YOUTUBE IS DEAD AND SOMETHING NEW IS COMING



Ganesha Upadhyaya

in

Harmony

HARMONY’S CROSS-CHAIN FUTURE



ThunderCore Team

in

ThunderCore

CROSS-CHAIN BRIDGE SECURITY: PART 1



Vittorio Minacori

in

NONCEPT

TOKEN GENERATOR: CREATE AN ERC20 TOKEN WITHOUT CODING.



Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable

To make Medium work, we log user data. By using Medium, you agree to our Privacy
Policy, including cookie policy.