Security
Trezor Suite is designed with security as the top priority. This guide covers the security features built into Suite and best practices for keeping your cryptocurrency safe.Core security principles
Trezor’s security model is based on several fundamental principles:Hardware isolation
Your private keys never leave the Trezor device:- Keys are generated on the device
- All signing happens on the device
- Suite only receives signed transactions
- No software can extract your private keys
Even if your computer is compromised by malware, your funds remain safe as long as you verify transaction details on your Trezor device screen.
Device verification
All critical information must be verified on the device screen:Receiving addresses
Transaction amounts and recipients
Firmware fingerprints
Passphrase entry (when using device entry)
Open source transparency
Both Trezor firmware and Suite are open source:- Code is publicly auditable
- Security researchers can review
- Community can verify there are no backdoors
- Regular security audits are performed
PIN protection
Your PIN is the first line of defense against unauthorized device access.Setting a strong PIN
Length matters
Use at least 6 digits. Longer PINs are more secure.
- Minimum: 4 digits (not recommended)
- Recommended: 6-9 digits
- Maximum: 50 digits (firmware 1.10.0+)
Avoid obvious patterns
Don’t use:
- Sequential numbers (123456)
- Repeated digits (111111)
- Birth dates
- Common PINs (1234, 0000)
PIN entry system
Suite displays a numbered grid (1-9) that corresponds to the positions on your device:PIN attempts and wipe
To prevent brute-force attacks:- Each failed PIN attempt increases delay
- After 16 failed attempts, the device wipes itself
- Delay doubles after each failure (exponential backoff)
Passphrase protection
Passphrases add an extra security layer beyond your recovery seed.How passphrases work
A passphrase modifies your recovery seed to create an entirely different wallet:- Addresses
- Private keys
- Transaction history
- Balances
Plausible deniability
Passphrases enable plausible deniability:- Keep small amounts in your standard wallet
- Store larger amounts in passphrase-protected hidden wallets
- If coerced, reveal only your standard wallet
There’s no way to prove a passphrase-protected wallet exists. Any passphrase is valid and creates a wallet, even if it’s empty.
Passphrase best practices
Use strong passphrases
Use strong passphrases
- Long phrases are better than short passwords
- Mix words, numbers, and symbols
- Make it memorable but not guessable
- Example: “My grandmother’s garden has 47 roses!”
Store passphrases securely
Store passphrases securely
- Write down offline
- Store separately from recovery seed
- Never store digitally
- Consider using a password manager for reference
Entry methods
Entry methods
- On device (most secure): Enter on Trezor screen
- In Suite (convenient): Type in Suite interface
Test before funding
Test before funding
- Create passphrase wallet
- Write down passphrase
- Eject and reconnect
- Access wallet with passphrase multiple times
- Only then transfer significant funds
Wipe code
A wipe code provides an emergency self-destruct mechanism.What is a wipe code?
A wipe code looks like a PIN but wipes the device when entered:- Acts as a PIN alternative
- Immediately wipes device when used
- Appears as failed PIN attempt to attacker
- Requires recovery seed to restore funds
When to use
Use a wipe code for scenarios like:- Threat of physical coercion
- Device seizure by authorities
- Emergency situations requiring quick data destruction
Device security features
Anti-tampering measures
- Firmware verification
- Secure element (Safe 3)
- Bootloader protection
- All firmware is cryptographically signed
- Multiple signatures required
- Bootloader verifies signatures before installation
- Warning shown for unofficial firmware
Device authenticity check
Verify your device is genuine:Authenticity checks verify your device was manufactured by Trezor and hasn’t been tampered with.
Suite security features
Discreet mode
Hide sensitive information in Suite:- Enable via settings or top-right icon
- Balances shown as ••••
- Transaction amounts hidden
- Protects privacy when sharing screen
Tor integration
Use Tor to hide your IP address:- Go to Settings → Application → Tor
- Enable Tor routing
- All Suite communication routes through Tor network
- Prevents IP-based tracking
Tor is currently available in Suite Desktop only.
Backend privacy
Suite connects to blockchain backends to fetch data:- Default: Trezor-operated backends
- Custom: Use your own blockchain node
- Tor: Route through Tor for IP privacy
Protecting against attacks
Phishing protection
Phishing is the most common attack vector:Only download Suite from trezor.io
Verify HTTPS and certificate before entering sensitive info
Bookmark official Trezor sites
Never enter recovery seed into any website or software
Ignore unsolicited support messages (Trezor never initiates contact)
Malware protection
Even with malware, Trezor keeps funds safe:- Address verification: Always check addresses on device
- Amount verification: Confirm amounts on device screen
- Transaction details: Review all outputs on device
Clipboard malware
Clipboard malware
Attack: Malware replaces copied addressesProtection: Always verify addresses on device screen before sending
Fake Suite
Fake Suite
Attack: Malicious Suite clone steals dataProtection: Download only from trezor.io, verify signatures
Screen capture
Screen capture
Attack: Malware screenshots recovery seedProtection: Never display seed on computer, use device entry for passphrases
Physical security
Store device in secure location
Don’t leave device connected when not in use
Use device entry for passphrases when possible
Consider using SD card protection (Model T/Safe 3)
Store recovery seed separately from device
Recovery seed security
Your recovery seed is the master key to your funds.Protecting your seed
Write it down
- Use the provided recovery seed card
- Write clearly and legibly
- Double-check each word
- Never photograph or store digitally
Verify backup
- Use device’s backup check feature
- Verify you wrote down correct words
- Test recovery on a secondary device if possible
Secure storage
- Fireproof/waterproof container
- Safe deposit box
- Multiple geographically separated locations
- Consider metal backup (fireproof)
Advanced: Shamir Backup
Shamir Backup splits your seed into multiple shares:- Create 2-16 shares
- Set threshold (e.g., 3 of 5 shares needed)
- More flexible than single seed
- Only available during setup
Shamir Backup is only available on Trezor Model T and Safe 3.
Security checklist
Essential security practices
Set a strong PIN (6+ digits)
Create secure backup of recovery seed
Enable passphrase for significant holdings
Verify all addresses on device screen
Keep firmware updated
Only use official Suite from trezor.io
Never share recovery seed or passphrases
Use Discreet mode when needed
Store recovery seed securely offline
Test recovery before funding device
Advanced security measures
Use Tor for IP privacy
Run your own blockchain node
Use CoinJoin for transaction privacy
Enable SD card protection (T/Safe 3)
Set up wipe code
Use multiple devices for different purposes
Implement Shamir Backup
Regularly verify device authenticity
Incident response
If device is lost or stolen
Don't panic
Your funds are safe if you have:
- Recovery seed
- Passphrase (if used)
- Strong PIN on device
If you suspect compromise
- Stop using the device immediately
- Transfer funds to a new wallet with new seed
- Investigate the potential compromise
- Update security practices based on findings
Related topics
Backup and recovery
Creating and verifying device backups
Device settings
Configure PIN, passphrase, and security features
Wallet management
Managing standard and hidden wallets
CoinJoin privacy
Enhanced transaction privacy