Bitcoin Trezor Reviewed – is it that safe?

In a previous post we talked about Bitcoin security tips which included backing up your wallet, using 2 factor authentication and keeping your Bitcoins in cold storage. In my last visit to Shanghai for a Bitcoin Expo I met Alena, the CEO of TREZOR – a device that seems be an optimal solution for Bitcoin security. That’s why I decided  to create this Bitcoin TREZOR review.

More Bitcoin security = Less flexibility

When you look at the various options for Bitcoin security the more secure the methods is – the less flexibility you have in spending your coins. For example, storing your coins on a secure paper wallet, which is considered pretty safe allows you only to deposit coins. When you want to withdraw them you will have to find a Bitcoin client and export your private keys.

What is TREZOR and why is it different ?

TREZOR is an offline Bitcoin wallet. It holds your private keys and know how to sign a transaction without the need to connect to the internet. Trezor seems to give you the best of both worlds as it acts as a highly secured cold storage (i.e. offline) device but still allows you flexibility when wanting to spend your coins. The device is pretty small and you can carry it around on your Keychain or even in your pocket. So you can store your Bitcoins offline on TREZOR and whenever you want to spend them just connect your TREZOR device to any computer and you can spend them. TREZOR uses a limited USB connection – just like your computer mouse or keyboard. A mouse tells the computer where it is, but the computer cannot move the mouse. So only Bitcoin transactions can go from the computer to Trezor and back. This is why even compromised and infected computers can be used with TREZOR safely. 99bitcoins Trezor And what if it gets stolen ? Well, the security measure that I’ll explain later on prevent someone from stealing your Bitcoins even if they steal your TREZOR device.

How to setup TREZOR

Setting up TREZOR is pretty simple. You hook up the device to the computer, install a “bridge” which allows the TREZOR to communicate with the computer and follow the instructions.

Choosing a PIN code

A PIN code will be used to identify that you are the actual owner of the TREZOR each time you plug it into a computer.  The setup process is that is uses a cleaver combination of both the TREZOR device and the computer in order to make sure it will be pretty damn hard to steal you PIN. It will ask you to click the relevant numbers on your computer screen like this: Trezor pin code pad Meanwhile the display of the actual numbers is only visible on your TREZOR: trezor pin code device This way even if someone is monitoring your keystrokes they won’t be able to know what your PIN is. When you are setting up your TREZOR for the first time, you’ll have to enter your new PIN twice. Notice that the numbers shown on TREZOR change between the entries.

Jotting down the TREZOR seed – your master private key

Next you will be prompted to write down your recovery seed. Your seed is a list of secret set of words that you will use to recover your money in case you ever lose your TREZOR. The device will show you a list of 12 words (you can choose more for additional security) which you will need to write down. This list should be kept in a safe place as it can be used to recover your private keys. trezor seed recovery

You’re good to go!

Once you finish the setup you will need to connect the TREZOR to any computer and access MyTREZOR.com – This is the client for the Bitcoin TREZOR. From there you will be able to send Bitcoins to whoever you like. Trezor web interfacce Can TREZOR be hacked ? One of the great things about TREZOR is that there’s no “username” or “password” for your account. Your credentials are your TREZOR device. So if someone doesn’t get physical access to my device there’s no way he can access my account. But if someone could get access to my device ? how about your evil made ?!? The “Evil Maid” attack is a name given for an attack that is made physically (not remotely) on a computer that is left unattended. The attacker has the ability to physically access the computer multiple times without the owner’s knowledge – just image that you had a house maid that was evil :)

For extreme protection – set up a passphrase

In case of an “Evil Maid” your seed and private keys are at risk. TREZOR has solved this by allowing you to add an additional passphrase protection. This means that you will remember a phrase that will be used for accessing your Bitcoins. The passphrase shouldn’t be written down anywhere and should be memorized.

How about extortion ?

When all things fail, physical force can be the last thing that will be used to get access to your Trezor, also known as the “5 dollar wrench attack” as explained in the following image: 5 dollar wrench For this scenario you can use different passphrases – each one leading to a different amount of coins. So you will “give away” the decoy passphrase leading to a small amount of coins while keeping the majority of your coins secure.

So is TREZOR 100% full proof secure ?!?

No. Nothing is, but it’s as close as it gets. Even the latest security flaw found in USB drives doesn’t apply to TREZOR. One thing that TREZOR can’t protect you from is phishing attacks. This means that someone can try and fool you by having you send Bitcoins from your TREZOR to a wrong address. However, this is not a device malfunction – it’s more of a human malfunction. You need to make sure that the person you are sending your Bitcoins to is who they say they are ( here’s my own experience with phishing). For detailed information about possible TREZOR threats and how they are being dealt refer to TREZOR’s security threats section inside their FAQ.

Additional thoughts about the TREZOR

My experience with TREZOR was extremely pleasant. The setup was easy, the device is intuitive and the security measures seem pretty robust. I also was very impressed with the company’s team as they seem to be very skilled professionals in the field of Bitcoin security. Anyone who’s serious about their Bitcoins’ security should get a TREZOR. My only concern with TREZOR is regarding their Bitcoin client. I mean, let’s say the company goes out of business – how will I still be able to send my Bitcoins if the client is inoperative ? Well apparently several wallets out there have already began working on TREZOR compatibility. For example, Electrum has a TREZOR plugin which allows you to enjoy TREZOR’s enhanced security with Electrum’s flexibility.

TREZOR Bitcoin wallet

TREZOR Bitcoin wallet
8.8

Ease of use

9.1 /10

Design

8.5 /10

Security

9.6 /10

Price tag

8.1 /10

Pros

  • Easy to use
  • Extremely secure
  • Portable design

Cons

  • Price tag a bit high

Bitcoin Video Crash Course 

Join over 94,000 students and know all you need to know about Bitcoin. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.

61
Leave a Reply

avatar
 
29 Comment threads
32 Thread replies
4 Followers
 
Most reacted comment
Hottest comment thread
34 Comment authors
MusicaldocSteven HayTimothy P BoltonMadafadfasfsdZsofia Elek Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Musicaldoc
Guest
Musicaldoc

Hi, I’m a newbie,
do I need different hardware wallets for different cryptocurrencies? I mean, If I want to buy bitcoins and Eth, can I use a single Trezor or Ledge?
How does it work, If i buy coins let’s say on something like Bitstamp, how do I load the hardware wallet with the bought cryptocurrencies?
Thanx

Madafadfasfsd
Guest
Madafadfasfsd

Trezor is a scan, it asks u to store your BTC in its website, request high sending fee, and ask a tip( u can not withdraw all of your balance, the rest is robbed by Trezor

James
Guest
James

hi I live in Colombia, how can I buy Ethereum here.

Ahmad Dhaher
Guest
Ahmad Dhaher

If I want to sell a BTC using my account from coinbase or any other exchange , do I need to find first a buyer or it can be sold in any minute similar to the case of selling a stock ?

Ahmad Dhaher
Guest
Ahmad Dhaher

can I use TREZOR to create ETH wallet or only BTC ?

Bathlov
Guest
Bathlov

Does this device support bitcoins cash (BCC)?

Sten
Guest
Sten

If TREZOR adds support for new coins in the future do I have to buy a new TREZOR device or will a software update be enough?

John Tee
Guest
John Tee

Can you store litecoin with this trezor? thanks

Mikael Arhelger
Guest
Mikael Arhelger

A bit pricy but the de facto standard in wallets. I bought three for all of us, so maybe I am a bit biased.