Trezor.io/Start ✦ Advanced® Security™ Guide ❖

This guide is designed for users seeking advanced security ✦ for their Trezor™ device. It dives into protective strategies for firmware, seed backups, PIN/passphrase combinations, and operational security. Understanding these techniques reduces the risk of theft or accidental loss.

❖ Firmware & Device Integrity

Always verify firmware through the official Trezor Suite. Do not install firmware from unknown sources. Checking firmware fingerprints ensures your device hasn't been tampered with. ✦ Hardware-level checks are vital for high-value wallets.

✦ Seed Backup Strategies

1. Keep at least two backups in geographically distinct locations.
2. Consider durable steel backups ✦ for fire/water resistance.
3. Use Shamir Backup (if supported) for multi-part seed distribution.

★ PIN & Passphrase Hardening

Create a strong PIN on-device. ✦ The passphrase feature adds a hidden wallet layer. Use passphrases with mnemonic memory or a secure offline storage method. Avoid digital backups of passphrases to prevent compromise.

❖ Multi-Device & Redundancy

Advanced users may operate multiple Trezor™ devices for redundancy. ✦ Test recovery on each device before storing large amounts. Keep an operational checklist for restoring funds in emergencies.

✦ Operational Security Practices

• Use trusted computers only; avoid public USB ports.
• Confirm all addresses on-device for outgoing transactions.
• Regularly update the Trezor Suite to the latest version.
• Consider air-gapped computers for high-value transfers ✦

★ Incident Response Plan

Have a documented plan for compromised devices. ✦ Include steps for recovery, revoking access, and restoring funds. Test the plan with small amounts to validate procedures without risking major losses.

Secure My Trezor™ Now ✦