Hi. My model T doesn’t give an option to type passphrase into the device, only allows using the keyboard.
Is that an issue? Is there a way I can change it to give me the option to type into the device? Thanks
If you are using Trezor Suite, there is a button on your PC screen under the passphrase fields labeled “Enter passphrase on device”. Clicking that button will let you to enter passphrase on Trezor screen.
If you want to always enter passphrase on Trezor device, without ever going through the PC dialog, you can use trezorctl to configure that: trezorctl set passphrase on --force-on-device
Thanks.
Is there is risk with inputting into the computer keyboard? I understand that T1s only have this option…?
Both your seed and your passphrase are required to get access to your funds. So even if your passphrase is stolen by malware, it cannot be used to endanger your funds – as long as you keep your seed purely offline.
The ability to type the passphrase on device can defend you better against targeted attacks, or against attacks of opportunity if your seed ever does get exposed. So it is more secure in that regard.
These situations do not figure in the typical threat model though. It is still more secure to use passphrase that you type on your computer than it is to not use passphrase at all.
Thank you very much. Appreciate the speedy response
Hi there.
When a passphrase is typed into suite - is it captured by Trezor systems? Can it be logged/saved by Trezor? Thanks
Can it?
Yes, sure thing. Everything you type into your computer can be logged. If you’re typing it into a particular program, specifically, it can be logged by that program.
Is it captured by Trezor systems?
Of course not. What do you take us for, Facebook? 
2 Likes
Ha ha. Thanks.
So in theory trezor could record passphrases but doesn’t?
That is correct.
You can of course verify this by reviewing the open-source code of Trezor Suite and Trezor Connect, and/or by capturing traffic from your PC to Trezor’s servers.
Hello,
I hate to put some fuel to the fire. But according to (hxxps://docs.trezor.io/trezor-firmware/common/communication/passphrase.html), section 5.1.2, there is an option “Passphrase always on device”.
Is this correct?