Trezor devices are hardware wallets, a physical device which stores your private and public keys offline. They are sometimes also referred to as cold wallets.
The main advantage of using a hardware wallet is that it generates the seed offline, making it theoretically impossible to compromise, if used correctly. Software wallets, used on an internet-connected device, can be hacked and have the seed stolen. Knowledge of a seed provides access to all of your accounts and coins.
What sets Trezor apart from other hardware wallet manufacturers?
-
Trezor’s hardware architecture is public and the Trezor bootloader and firmware are completely open-source, which allows users to independently verify the functionality and security of Trezor devices. With the Trezor Wallet and Trezor Bridge, using your Trezor device is as convenient as using a software or web wallet.
-
Trezor’s Trusted Display can only show the true details of any message (such as a transaction) that is being signed. Even if your host computer is compromised, your Trezor will let you see that what is shown on your computer is not the same as what the device is signing, so you can safely abort any transaction to an attacker’s address and try again from a safe machine.
-
BIP-39 passphrase, a standard developed by a team including SatoshiLabs engineers, acts as an extra word to encrypt your seed, preventing even the most sophisticated physical extraction attack.
-
On-device passphrase and PIN on the Trezor Model T ensures that no sensitive data ever passes through an internet-connected device and cannot be intercepted. On the Trezor Model One, secure PIN entry is achieved by a randomized keypad that prevents any spyware from seeing the PIN you enter.
-
SLIP-39 Shamir seed is a cryptographically-secure method for creating a split recovery seed. Currently only available on the Trezor Model T, a Shamir seed comprises multiple lists of 20 words, known as shares, which combine to restore the wallet. This is particularly useful as the user can set a threshold number of shares that will be able to restore the wallet. For example, one could create 5 shares and require 3 for recovery. This means that two shares could be lost - or even stolen - and the wallet would remain secure and recoverable. Competitor’s solutions - such as splitting a regular 24-word seed into multiple parts - are highly insecure and endanger funds, as loss of one share makes it thousands of times easier to brute force the remaining words. By keeping each share in a different place, a Shamir seed backup becomes perhaps the most secure way to protect your cryptocurrencies.