Last updated: November 5, 2017
When Floridian Laszlo Hanyecz paid 10,000 BTC for two large pizzas in 2010, the last thing on his mind was protecting his private keys. How things have changed. Laszlo’s transaction is widely accepted as being the first documented purchase of a tangible item using Bitcoin. The Bitcoin community commemorates the occasion each year on May 22 — Bitcoin Pizza Day — the date of the original transaction. The staggering magnitude of this exchange becomes more acute each year as the value of Bitcoin reaches new highs. Much like bi-annual time changes provide a reminder to replace smoke detector batteries, celebrated moments in Bitcoin’s history should encourage digital asset holders to review their cryptocurrency protection strategy.
Many general rules of thumb pervade the cryptosphere when it comes to protection best practices. One fundamental rule is to never store digital assets on a centralized exchange. Exchanges provide a platform for swapping one asset for another, not for storage. An exchange controls the private keys for the digital assets that reside in its accounts. If you own digital assets but don’t control your own private keys, then you don’t control your digital assets. The fall of Mt. Gox, the closure of BTC-e and the withdrawal delays of Coinbase each in their own way reinforce the importance of holding your own private keys.
Yet keeping private keys in your possession comes with its own set of anxieties and foreboding. Keyloggers, malware, spyware, and phishing are very real, serious and evolving threats to your digital assets. Software wallets and wallet updates, paper wallets tucked away in great grandmother’s family bible, flash drives, backups, redundant backups, and old laptops forever banished from the internet all have potential points of failure. Not to mention the ongoing inconvenience, maintenance, and organization required to keep the private keys of multiple cryptocurrencies and cryptographic tokens safe and secure under your own care. How much redundancy is too much redundancy to protect five, six or seven figures worth of virtual currency wealth?
High security level. Easy to use.
The Trezor hardware wallet overcomes these concerns by marrying the high level of security offered by cold storage with ease of use. Hardware wallets are physical devices that isolate digital asset private keys from potential threats. The Trezor hardware wallet is a USB device manufactured in the Czech Republic by Bitcoin and blockchain pioneers, SatoshiLabs (they also created Slush’s Pool, the first Bitcoin mining pool). Introduced in 2013, Trezor was the first Bitcoin hardware wallet to hit the market. The word “trezor” translates from Czech to English as “safe” or “vault.”
Trezor is unique from a regular USB flash drive because it is a single-purpose computer. It does not have a battery, Wi-Fi, camera, Bluetooth, NFC, fingerprint reader, or any other common attack vectors. Trezor’s single purpose is to protect your private keys. Say, for example, you store your private keys on a flash drive. Once the flash drive connects to a computer, Bitcoin wallet software must read the private keys from the flash drive. The keys become vulnerable at that moment. Trezor signs transactions internally without ever exposing your private keys to threats.
Layers of protection
With tamper-resistant packaging, Trezor protects your digital assets before you even use it. When Trezor arrives on your doorstep, inspect the box carefully for any sign of intrusion. Getting to the device itself is like peeling back layers of an onion. The first line of defense is shrink-wrap surrounding a cardboard box. Next, two silver holographic security seals overlap the top and bottom box flaps. The seals say “TREZOR” and indicate you are using an authentic Trezor device. The box itself is sealed tight with a sort of impossible glue — a glue strong enough that you’ll rip the cardboard trying to open it instead of having the glue give way. Signs of any tampering in transit should be evident.
Once you unpack the device and connect it for the first time, Trezor asks you to write down a recovery seed. The recovery seed is a list of 24 words. Trezor displays each word on its display in a numbered order. Carefully write down each word in order on the provided recovery seed card. In the event of a Trezor theft or failure, the recovery seed allows you to access your digital assets using other methods. The words and their order are important, so triple-check your work. As SatoshiLabs states on the Trezor recovery seed card:
Act responsibly and do not disclose the seed to anybody. Keep your recovery seed in a safe place. Also, never make a digital copy of your recovery seed and never upload it to online services. Be aware that having a digital copy of the seed in a computer, mobile phone or an online service significantly decreases the security of Bitcoin wallets.
Trezor also protects your digital assets with a Personal Identification Number (PIN). But the PIN doesn’t work in a traditional way. Trezor uses a PIN Matrix. The PIN numbers display on Trezor in a random position each time Trezor requires a PIN. A dot pad on your computer or phone corresponds to the PIN Matrix on Trezor. As such, malware like keyloggers can’t record your actual PIN since the PIN numbers aren’t visible and they change position each time. Your PIN stays the same, but the input order is different. If needed, you could connect Trezor and input a PIN even on a computer you don’t trust.
Trust your own eyes and hands
Every transaction with Trezor is verifiable on its display and confirmed before sending by pressing a physical button. When you send a payment, review the sending address and amount on Trezor’s display to make sure it matches the sending address you input in Trezor Wallet. Once verified, physically press the button on Trezor to confirm the transaction. If the address and/or amount do not match, cancel the transaction instead. With traditional online or desktop wallet applications, you may not know or see if a hack has changed the recipient address or amount you send. Again, even on a computer you may not trust, Trezor lets you verify and confirm that transactions are correct before they are sent. Funds cannot leave your wallet without physically accepting a transaction.
Supported digital assets
Trezor currently supports Bitcoin (BTC), Bitcoin Cash (BCH), Dash, Litecoin, and Zcash via its Trezor Wallet interface. Trezor Wallet is an online client wallet developed by SatoshiLabs.
Trezor has also partnered with MyEtherWallet (MEW) to support Ethereum, all ERC-20 tokens, and Ethereum Classic through its MEW online wallet interface.
Supported operating systems and devices
Trezor Wallet is the user interface for Trezor. So that your Trezor can communicate with Trezor Wallet, install Trezor Bridge on your computer. Trezor Bridge is available for Windows, Mac OS X, and Linux.
If you use the Google Chrome web browser (or a browser based on Chrome, like Vivaldi, that supports Chrome extensions), you can install the Trezor Chrome Extension instead of installing Trezor Bridge.
The option exists to use Trezor with Android, although it is a bit more involved. Your Android device must support USB Host, and you will need an OTG cable. It requires the Trezor Manager app for Android, available for download from the Google Play Store. The Trezor Manager app only allows you to initialize and recover the device and set up the PIN and passphrase. If you want to use your phone to make payments with digital assets on Trezor, the Trezor Manager will link you to the Mycelium wallet. Visit the Trezor User Manual for details about using Trezor with Android.
Recovery in case of theft or damage
If your Trezor is lost, stolen or damaged, all hope is not lost. As long as you have your recovery seed, you can recover the funds protected by Trezor with another Trezor device, or without one. In the event of loss or theft, your PIN and/or passphrase is the only barrier protecting your digital assets. It is important to note that for every incorrect PIN entered on your TREZOR by a thief, the time it takes to attempt another PIN increases exponentially.
To recover your digital assets if you have another Trezor, visit Trezor Wallet and click the TREZOR Recovery button. Follow the instructions on the Trezor display to input the recovery seed words.
If you do not have another Trezor, the following software wallets allow you to recover your digital assets with the Trezor recovery seed words:
How to order
Purchase a Trezor hardware wallet directly from SatoshiLabs for 89 euros (plus shipping). Reduce the cost per device when you buy a multipack. Available colors are black and white. SatoshiLabs accepts payment with Bitcoin, or by credit card (Visa, V Pay, MasterCard, Maestro)
Trezor is also available through some resources on Amazon. Prices may vary.
Nothing is fool-proof. Protecting your cryptocurrencies is your own responsibility. Using common sense and following security best practices helps to avoid scams and prevent theft. For a fraction of the cost of one bitcoin, the strides taken by SatoshiLabs to help you protect your digital assets with Trezor are unprecedented. At each stage — in transit, in use, and in recovery if needed — Trezor abides by its claim of being the most secure hardware wallet.
Thank you for visiting Tech Help Knowledgebase to learn how to protect your digital assets with Trezor.