How to set up a Trezor

Standard Set Up

The device ships blank so the first thing you’ll need to do is install the firmware. Head over to https://trezor.io/start/ and select your device. When you do, it will pop up with a warning about the holographic security seal. Make sure you are using a real Trezor that you bought from a legitimate source. I won’t post a picture of the seal because they have made several improvements over the years and I don’t want to cause panic if this guide is slightly outdated. You can read more about the seal here but check for the most up to date one on the screen.

  1. When you plug it in, you’ll see the name of the device. So if you have multiple devices or someone in your home also owns a device, it makes it easy for you to recognize it before you enter the incorrect PIN over and over. If you enter the PIN incorrectly, it will double the time out time before you can try again for each incorrect entry. It would be rude to do that to someone else’s device.
  2. To ensure that it is really yours but from a security perspective. Let’s say someone is after your coins and creates a fake Trezor and puts it where you keep it. You go and try and use it and enter your PIN into the fake device and it then logs your device’s PIN. The attacker could then enter your PIN into your real device while you’re stuck thinking your device is broken. You can name it “Dave’s Trezor” because odds are that will never happen, but you can also name it something people wouldn’t guess like “I like spaghetti.”

Next Steps For Added Security

This makes the process longer but it gives you better security as well as gives you the peace of mind that you set it up correctly.

Passphrase

The first thing you should do is go to Advanced, and set up a passphrase. There are two things you should know about setting up a passphrase:

  1. If you lose it, your coins are lost. There is NOT a reset passphrase option. There is NOT a phone number or email address you can reach out to for support. You NEED to remember it so ideally you would make it a secure complex passphrase but most people cannot remember passwords so if you make it birthday or some terrible password, that is better than nothing.
  2. There is no wrong passphrase which is why the first point is so important. Each of those 24 words you wrote down earlier correspond to a number. The words are used to make it easier to user and human readable just as Google.com is really an IP address that became more human readable because of DNS. When you use those 24 words, you get a curve that looks like this. All of your public and private keys for all of your past, present, and future addresses are along that curve. When you add a passphrase, it shifts your curve ever so slightly to give you a whole new set of addresses. Since math is infinite, there is no wrong passphrase. If you accidentally type your passphrase with a typo, it will give you a valid address to send your coins to. Later I’ll walk you through a test for this.
Secp256k1 curve from the ECDSA algorithm Source: Bitcoin Wiki
Random Bitcoin transaction. This person had to use two UTXOS (inputs on the left) at 239 sats per byte to send 0.01876007 BTC. Because if was two inputs instead of one, the total fee paid was 0.001 BTC as it was 421 bytes in total. If you send too low of a test transaction, it may cost you more than it is worth later.

Check Recovery Seed

Go to Advanced, then click on Check Recovery Seed. You might be asking yourself, “Why am I checking this? I just wrote it down, checked it, then wrote it down again 15 minutes ago” which is true. This is an extra check to make sure you wrote it down correctly and in the correct order based on what is on the device because people still write it down incorrectly. Enter your seed ON THE DEVICE, and see if you saved it correctly.

Seed and Passphrase Storage

Now that you understand what your seed phrase is and the importance of it along with your passphrase, you need to find a way to store it securely.

  1. Never back up your seed digitally.
  2. Think about using a piece of paper that doesn’t say Trezor on it in case someone stumbles upon it, Google’s what a Trezor is, and then realizes the potential of what they found.
  3. Think about laminating that piece of paper in case it gets wet and the ink bleeds of the paper falls apart entirely. If you do, make sure that the chemicals on the plastic doesn’t eat away at the ink or paper.
  4. Think about imprinting your seed into metal as laminated paper burns and melts. However you should know that not all metal is created equal.
  5. Place your seeds in a secure location. For some that means under your mattress while others it means in a safe.
  6. Place your backup seed in a secondary safe location. For some that means with a friend or relative while others that means a safety deposit box. Take into consideration the time to get your seed vs the need for it. Banks are not open 24/7 which limits the window of opportunity for a safety deposit box. If you are not going to need to recover your coins for years, this is a great option.
  7. Backup your passphrase. If you leave your seed with a friend, family member, or at the bank then you are trusting them to either not know what you are giving them or to use it. A passphrase protects against both so back it up in a separate location than your seed. For some this means the seed goes to someone you trust and the passphrase will be in a safety deposit box. Others may use a password manager like 1Password or LastPass to back up their passphrase then put the seed in a safety deposit box.
  8. If you are putting it in a safe at home, take into consideration the fire proofness and waterproofness of that safe. When your home catches on fire, it may be put out immediately or it may take an hour. Safes come with a rating of how hot it can withstand and for how long. Also take into consideration that odds are your home would not be left to burn down. That means a paper seed in a safe that is not waterproof can get wet when the fire department comes to put it out.
  9. If you are not going to go the paranoid route in a serious manner and are going to back up your seed digitally and use a passphrase that you’ll remember like your birthday, then make sure that digital account is locked down. Use 2FA such as Google Authenticator or Authy, ideally a Yubikey, on your Dropbox, iCloud, or Google Drive account. Print out those backup codes and remove your recovery email address and phone number.

Download the Trezor Suite

I would recommend downloading and using Trezor Suite which is the desktop app version of the web wallet. You can download it and start using it at https://suite.trezor.io/. There are some minor additional features with the desktop app but it is more so a safer way to access your coins. By accessing it on the desktop, you remove the risk of going to a phishing website instead.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raymond Durk

Raymond Durk

Making shoes you love @atoms. Under caffeinated and over connected. MBA in Sustainability. Please consider the environment before printing this tweet.