Check seals and packaging. If anything looks tampered, stop and contact the seller — never proceed with a questionable device.
Open your browser, type the official Trezor domain manually, and download the desktop Suite. Avoid search ads and emailed links.
Plug the device in and let Suite install the signed firmware. Confirm the update on the physical device screen.
Generate the recovery seed on-device. Write it down on paper or stamp it into a metal backup. Do not photograph or store digitally.
Choose a PIN that’s memorable but not trivial. Consider passphrase only if you understand the recovery implications (it creates separate hidden wallets).
The core protection model: isolate private keys (in hardware) and move only signed messages across the network. Suite constructs transactions but never holds keys. This separation dramatically reduces the risk of key exfiltration caused by malware, theft, or phishing.
A passphrase is effectively a user-chosen extra word appended to your seed that creates a distinct wallet. Use it if you need plausible deniability or separated accounts, but note: lose the passphrase and you lose that wallet. Store passphrase hints safely and separately from your seed.
Only update firmware via Suite. The Suite verifies digital signatures of firmware images; confirm updates on the device. If an update prompt appears unexpectedly, pause and verify Suite’s integrity (re-download from official domain if suspicious).
Create separate wallets using different passphrases. Great for privacy and compartmentalization.
Suite can be configured to route requests via privacy layers to reduce metadata leakage.
Use Suite together with MetaMask, Electrum, and other apps via Trezor Bridge for extended workflows while preserving device security.
Reconnect, reinstall Suite from official domain, and use the recovery flow if necessary. Never install firmware from third-party sources.
A forgotten PIN requires a device wipe — recover funds only via the seed. This is why secure, tested backups are non-negotiable.
Without the seed (or Shamir shares), recovery is impossible. If funds are significant, use geographically distributed, tamper-resistant backups (metal plates, bank safe deposit boxes, trusted-partner Shamir distribution).
No — keys are generated and stored inside the Trezor device. Suite acts as a management UI only.
Signing always happens on-device offline, but Suite needs network access for balance checks, firmware updates, and broadcasting transactions.
Trezor’s firmware and much of its tooling are open-source, enabling public review and contributing to trust and security.