Hardware wallet security measures
Disclaimer: When we talk about the services we use in the below article, this should not be taken as a recommendation or an endorsement of these services. This is simply the approach we have chosen to use. We encourage you to do your own research on these topics and choose an approach that works best for you and your particular security needs.
The hardware wallet we use is the Trezor Model T. The way a hardware wallet works is that it requires the physical device to authenticate a transactions. This means that someone hacking into your computer or your phone cannot gain access to your funds - because it requires them to have the physical device in their hands.
You do not need to have your Trezor plugged in to receive funds, only to send them. Because of this, you can leave your Trezor locked up in a drawer, and only ever take it out when you want to move or sell some of your funds.
We have chosen to use Trezor because the Trezor source code is completely open - both software AND hardware. This means the full source code as well as the physical design and specifications are fully available for anyone in the world to view and audit:
It is being constantly audited by independent security researchers, with responsible public disclosure of all discovered vulnerabilities:
They have published documentation on the different threat models that could affect a Trezor, and the methods to mitigate them:
Along with security best practices:
The way a Trezor works is that the keys are only stored inside the device, and never leave it. When a transaction is made, the physical device is required to "sign" the transaction so that it can be broadcast to the blockchain. This means that for any transaction to happen, somebody needs to have the physical device - it is impossible for it to be accessed remotely.
By adding a passphrase to your device, you protect yourself from brute forcing the PIN or extracting the seed: https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925b
To keep your funds safe with Trezor, there are some important points to note:
1. Using a passphrase is something to strongly consider. It is possible (although extremely unlikely) to extract a seed from a stolen device. By using a passphrase, you remove the risk of device loss or theft.
2. When you generate your 12 word seed on your Trezor, this should never be stored on any computer or any digital device. For example, if you put it in a Word document or took a photo with your phone - you would be at very high risk of having the seed stolen. Writing it on a piece of paper and storing that in a fireproof safe would be secure. Using a CryptoSteel and burying it in your backyard would be secure.
3. When generating your seed or writing it down, do not do it in the view of any webcam or digital security camera. Write on a hard surface which can't leave an imprint. Burn any paper that temporarily stored the seed.
4. Your passphrase should never be stored in the same location as your seed. Seed + Passphrase = Full access to your funds.
5. If a website (even trezor.io) asks you for your 12 word seed - this is a phishing attempt to steal your funds. You will only EVER see the phrase on your Trezor Model T's screen - never on your computer. If setting up a new Trezor using the same 12 words, you will only ever enter them on the Trezor screen - never on your computer.
6. Lastly, have a look through our general security guide here.