Hardware wallets
Recovery Seed, PIN and Passphrase
Learn the basic security features used by cryptocurrency wallets to better understand how to secure your crypto.
Your recovery seed is the most critical part of your crypto wallet. Keep your device safe from unauthorized access with a strong PIN and encrypt your seed using a passphrase for greater security from physical attack.
Contents
- Recovery seed
- What does the Recovery seed actually represent?
- PIN against unauthorized physical access
- How to choose a good PIN?
- Malware-proof PIN entry
- Forgot your PIN? No problem!
- Passphrase as an advanced security measure
- How to use a Trezor passphrase?
Recovery seed
A Recovery seed is usually a sequence of 12-24 words which are uniquely and securely generated inside your Trezor, when you first set it up. It is of utmost importance to keep this list of words secret and safe — it is your only backup!
If your device is lost or broken, you will need it for recovery. This is a simple process where you enter the words of your seed, in order as prompted, into a new Trezor device. You may also use any other Bitcoin wallet that supports the same standard as Trezor (BIP39).
Do not underestimate the process of writing down the seed; make sure you have all words correctly spelled and in the right order.
Never make a digital copy of your seed, i.e. do not store it in any form on any computer, mobile phone or cloud storage. Consider your seed compromised once you make a digital copy of it, even if you do it on an offline device such as a copy machine or a digital camera. We cannot stress enough to only store the seed offline — written on a piece of paper, engraved, or stored in a Cryptosteel.
What does the Recovery seed actually represent?
The Recovery seed is the representation of your “master key” in simple and easy to remember 12-24 words. (It is much easier to write down English words, in comparison with strings like “a24iqhx98…”.)
From this master key your Trezor creates a unique structure of private keys that are then used to:
- Sign your bitcoin transactions.
- Encrypt your passwords in Trezor Password Manager.
- Log into into websites, or servers via SSH.
- Sign messages.
Your public keys, which are used to generate addresses, are also derived from your master key.
This means that if you ever lose your Recovery seed, you may lose access to all of those features. Moreover, if anyone gains access to your seed, they can access all your wallets and information. Read more about “What If” situations in the Trezor User Manual.
Now let’s have a look at how to protect your initialized Trezor.
PIN against unauthorized physical access
PIN is a number combination that you set during the Trezor initial setup. It protects your Trezor from being physically used by unauthorized individuals. Just like the PIN for your credit card, it should be only known by you.
How to choose a good PIN?
Technically speaking the PIN can be up to 50 digits long when using a Trezor Model T, but we recommend to use a PIN of 6–8 digits. A PIN comprises numbers from 1 through 9.
We strongly discourage you from using easy to guess PINs: number sequences (e.g. 1–2–3–4), your birthday or from reusing the same numbers in a PIN.
Malware-proof PIN entry
We have invented a safe way of entering the PIN so that you can use your Trezor even on a computer with viruses and keyloggers (designed to capture everything as you type).
When PIN entry is needed from you, a PIN matrix with dots instead of the numbers appears on your computer screen. The Trezor display will indicate the placement of the numbers, which are always randomly shuffled. Every time you use your Trezor, you will need to look at the device to find the actual placement of the numbers you want to enter.
This method protects you from keyloggers — your computer never knows what you are actually entering, only the Trezor itself “translates” the clicked positions into the actual PIN numbers. It also makes it difficult for other people to eye up your PIN code — if somebody is looking over your shoulder, he may see you clicking some blank buttons, but he won’t see your PIN digits. The observer would need to see both the Trezor display and your computer screen, which is quite difficult when you are careful.
Forgot your PIN? No problem!
Your PIN is independent from the seed. That means, that you can set a new PIN using the Trezor recovery process in case you forget it. You only need to have access to the seed to do so, which also means that your PIN does NOT protect your seed against being compromised. The PIN is there to protect your device from being used by people around you.
Passphrase as an advanced security measure
A passphrase can be any word, any set of letters or even a sentence. You could also think of the passphrase as the 25th word of the seed, which is never saved on the device. As such, a passphrase generates a different wallet.
As the passphrase is the “25th seed word”, this means that your entire wallet — key-pairs and addresses (all that secret stuff), will be generated from the passphrase too — from all 25 words. Without the passphrase you will not be able to access your wallet, as, if enabled, it becomes a necessary component to your seed.
This is in contrast with PIN, which is device-specific. Passphrase is wallet-specific. In other words, your PIN protects your device from being used. Your passphrase protects your seed/wallet from being used.
Your passphrase should be memorable. Typically, you would not write it down anywhere, to eliminate any possibility of it being discovered. Remember that with the Model One, you enter the passphrase directly into the computer, and this process is not protected against keyloggers like the PIN entry. For this reason, you should never be tempted to disable your PIN even if you use the passphrase!
If you enable passphrase protection, you will be asked for a passphrase every time you connect your Trezor and work with a wallet interface such as Trezor Suite or through Trezor Connect.
The passphrase has a triple security effect:
1. It makes your Trezor impervious to physical attack. Even if your Trezor was stolen and the chip hacked while examined under an electron microscope to discover your recovery seed, your bitcoins will still be safe!
2. It protects your bitcoins in case someone steals your Recovery seed from you. Without your passphrase, the thief won’t be able to access your coins.
3. One or more passphrases can be used with the same Trezor device to create “hidden wallets,” which can be an advantage in situations such as being held at a gunpoint, (also known as the $5-wrench-attack). Use different passphrases to create “decoy” wallets with lower balances next to your main wallet, so you only give away some funds in the event of this attack.
How to use a Trezor passphrase?
Start by setting up your Trezor with the passphrase enabled. Any time you plug in your device to access your bitcoins, you will be asked to enter a passphrase. Anything you enter will automatically generate a new (hidden) Trezor wallet.
Remember your passphrase well. You will never be told that the “passphrase is not correct” when you mistype. Also, there is no way a Trezor could recover it for you, it is only in your memory.
Non-frequent Trezor users may want to set a regular reminder in their calendar to refresh their memory by booting up their device in Trezor Suite and entering the passphrase.
And if you are not sure if you can remember your passphrase and insist on storing it in a written form, same rules as for the seed apply. No digital form, safe place, never online; plus one additional rule: never store your passphrase together with your Recovery seed.
Notice!
As every passphrase generates a different wallet, this means that you will have to move your bitcoins from the ‘[empty]’ wallet to a ‘[new passphrase]’ wallet.
You can do this by starting Trezor with a passphrase you want to use, and copying the receive address. Then restart Trezor and use [empty] passphrase to get into your default wallet, and send all your coins to the copied address. Or move a different amounts of coins at a time, to leave an amount in the [empty] wallet for plausible deniability.
