Hello, I have a question. I understand that Trezor has everything Open Source and that is why I stayed with you with all the devices, but I wanted to ask you what other measures we could use for security in physical attacks in addition to a PassPhrase
Hi @Nato96,
it depends which attack vector is on your mind => you want to protect yourself against this/these threat(s). “Physical” against you or Trezor HW?
You: keep your profile low and don’t talk about your Bitcoin hodling.
Trezor HW: use TS5 with additional protection layer (Secure Element chip) against SEED extraction, use long & non-sequential randomized PIN, use wipe code PIN, start to use SD card protection with additional encryption key stored on external SD card, use MultiShare 33 words backup with geograpihcally separated shares, use MultiSig with Electrum or Sparrow wallets (Trezor Suite application/wallet can’t handle MultiSig unfortunately).
But strong Passphrase is good start, if handled correctly 
1 Like
Hi, thanks for responding. Oh, of course. I really don’t understand those people who say and show how much worse they are, but anyway, with the SD issue, I still don’t fully understand it. And that’s only possible on the S5 or also on the S3
Definitely you can use SD card protection with Model T and TS5 anytime (without resending your BTC). The SD card need to be formated with MBR & FAT32 of any size (it will store 48bytes long key-file). It will store just one key-file in folder per generated ID of your Trezor. So if you recover your Trezor with your wallet backup, your ID changes and key is also no-longer valid (you just create a new key-file). Also you can use one SD card with multiple Trezor HW, because they will have different ID.
You need to use trezorctl command and it will use ChaCha encryption i guess. Maybe TS5 will use AES, as STM32 U585QI natively supports AES128/256 in HW, but really i can be wrong here (wild guess).
trezorctl device sd-protect on
Anyway with TS5 your PIN is combined with external SD card key-file and such stretched key is further passed into Secure Element 
Note: Never leave the SD card in Trezor HW 
You need to keep these two things separated.
1 Like
Ahhh now I understand everything, thank you very much, no yes hahaha it would be weird to leave them on the same level
1 Like
As i checked the spec sheet now, Model One and TS3 don’t have microSD card slot, i.e. these two models don’t support SD protect.
1 Like
Using the hidden wallet feature can prevent physical attacks. Because the passphrase is not stored in the device. Even if someone can get your device and crack the seed phrase in it, they will not be able to access the hidden wallet you use without the passphrase.
2 Likes
But with Safe 5 you can mostly avoid that problem, right?
Original question was about additional security if you already use Passphrase, so not really sure what you mean by “that problem”.
@Nato96
All Trezor models can work with a passphrase feature. An additional security layer as an SD card can be used with Trezor Model T or Trezor Safe 5.