trezor wallet questions

[breezyu]

Just got a few questions regarding the trezor hardware wallet.

1) If you forget the pin, you can still recover the account with all the funds in them with the recovery seed right. But if you forget the password then you cannot, right. Is this correct?
2) I click on my account on the web wallet, I see a receiving segwit adres. Can I keep on re-using this adres as in sending 10+ in a month transactions to it and everything will be fine as in receiving the funds on my trezor wallet?
3) how can I view private keys of the wallets that are in the trezor and how can I add a bitcoins adres private key myself into trezor?

thanks

[bL4nkcode]

1) If you forget the pin, you can still recover the account with all the funds in them with the recovery seed right. But if you forget the password then you cannot, right. Is this correct?

I don't know the password thing on trezor but even if you forget your pin as long as you have copy of your recovery seed you can still recover your funds using a compatible wallet like electrum or a new trezor.

2) I click on my account on the web wallet, I see a receiving segwit adres. Can I keep on re-using this adres as in sending 10+ in a month transactions to it and everything will be fine as in receiving the funds on my trezor wallet?

Yes, you can, but others will suggest don't do it if you care your privacy and its bad for anonymity.

3) how can I view private keys of the wallets that are in the trezor and how can I add a bitcoins adres private key myself into trezor?

Viewing private keys from your hardware recovery seed is a no no unless your hardware wallet breaks or stop operating and you need to recover your funds.

And you can't import private keys to a hardware wallet.

[breezyu]

Thank you but I dont understand your answer on my first question

If I have a pin only added to my trezor and I lose this pin I can simply recover my wallet with my seed and use the funds right?
but if I have a pin and a password on the trezor, then I could recover it but I wouldnt be able to spend my funds because i dont know the password. Is that correct?

[Coin_trader]

Thank you but I dont understand your answer on my first question

If I have a pin only added to my trezor and I lose this pin I can simply recover my wallet with my seed and use the funds right?
but if I have a pin and a password on the trezor, then I could recover it but I wouldnt be able to spend my funds because i dont know the password. Is that correct?

What password? There is no password on the trezor, only pin and the recovery seed. What is your trezor version? The only thing you need to recover trezor is the recovery seed which is the equivalent of your private key. All pins and other things you mention is not needed when recovering account. I try it myself many times in my trezor before I transfer my funds there to check first whether I will recover my account in case my trezor broke.

[breezyu]

This password? https://imgur.com/a/QiF6Yxl

I have trezor black it says, bought it two years ago or so

[breezyu]

Just read this

Security benefits and risks
Just as the PIN is used to protect your device, we can say that the passphrase serves as second-factor protection for your seed.

It only exists in your head
Because the passphrase is not stored anywhere on the device, it is impervious to any attacks involving physical access and tampering with the chip. Furthermore, if somebody compromised your physical copy of the recovery seed, they still would not be able to access your passphrase protected wallet unless they knew the passphrase.

[nc50lc]

1) If you forget the pin, you can still recover the account with all the funds in them with the recovery seed right. But if you forget the password then you cannot, right. Is this correct?

Correct, the pin is just for accessing the device,
the passphrase however is a BIP39 passphrase that changes the derived seed from your seed phrase mnemonic.
In other words: Different passphrase will create an entirely different wallet with different set of prv keys and addresses.
So better keep a backup of that passphrase in a separate safe/location.

2) I click on my account on the web wallet, I see a receiving segwit adres. Can I keep on re-using this adres as in sending 10+ in a month transactions to it and everything will be fine as in receiving the funds on my trezor wallet?

Yes, but that's not recommended for your privacy.

3) how can I view private keys of the wallets that are in the trezor and how can I add a bitcoins adres private key myself into trezor?

AFAIK, you cannot import private keys to Trezor.
AFAIK, the only way to view your private key(s) is through the seed phrase (+ passphrase if enabled) and use a third-party tool that supports BIP39 like "iancoleman's BIP39 tool";
that will defeat the purpose of using a hardware wallet though.

[HCP]

Thank you but I dont understand your answer on my first question

If I have a pin only added to my trezor and I lose this pin I can simply recover my wallet with my seed and use the funds right?
but if I have a pin and a password on the trezor, then I could recover it but I wouldnt be able to spend my funds because i dont know the password. Is that correct?

That is not quite correct... if you had a PIN and a passphrase, and you lost both, you would not even be able to recover your wallet.

As nc50lc noted, using a BIP39 passphrase fundamentally changes the seed that is derived from your seed mnemonic (the 24 words)... without that passphrase you will never be able to recover your wallet. This is why the BIP39 passphrase is sometimes referred to as a "25th word" for your seed mnemonic... without that "25th word" you simply cannot recover the wallet.


FUN FACT: even if you don't explicitly use a passphrase, the wallet is still using one in the background... it simply sets the passphrase to be an empty string... ie. ""

A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.

[Lucius]

Trezor HW have a vulnerability that allows someone who comes into physical possession of the device to hack a seed with what they say very cheap equipment and in some 5-15 minutes. Therefore, all users are advised to take extra protection and to add passphrase. Of course, it matters how strong that one is, because some common word from a dictionary or something like 1234 will be a very easy task for someone who wants to hack a device.

There have already been discussions about how complex passphrase should be, and some say that the number of characters should be at least 37, since it gives the same power as a 24-word seed. Of course, that doesn't mean that your 30-character password isn't good - it doesn't really matter if it takes someone 100 or 200 years to brute force such a password, because you'll have plenty of time to move your coins to safety.

[Chikito]

But what if someone uses a fairly simple password (qwerty or something like that), and the attacker has physical access to your Trezor, can he use some kind of software to quickly find the password for the Trezor? Or will he get twice the waiting time every time if the password is incorrect?

A passphrase is temporary, Passphrase has not stored anywhere on the device (Trezor or PC). if someone has physical access to your Trezor he only thinking about you (your name, your birthday, car and etc). whatever he entered the word (incorrect), Trezor will be opening, but with a different address of course.

[o_e_l_e_o]

And my password is quite long - more than 30 characters. Such a password will probably be very difficult to guess using the brute force method.

It depends massively on which thirty characters you have chosen. Something like 11111.... or abcdef.... could be brute forced very quickly. If your passphrase is the first name of all your immediate familiar members concatenated together, or something else which could potentially be guessed (or least, guessed enough to massively reduce the search space), then that is also potentially brute forcable. If, on the other hand, your passphrase is 30 random characters and looks something like 9&!hC)zR$x[.... then it will effectively never be brute forced.

Or will he get twice the waiting time every time if the password is incorrect?

As above, the seed phrase can be extracted from Trezor devices by a knowledgeable attacker with physical access to the device. After they have the seed phrase, they no longer need the Trezor device and certainly do not have to use it to try to brute force the passphrase and be subjected to its timeouts. They can set up a piece of software on any computer (or even, across multiple computers they own or even rent cloud computing) to start brute forcing various passphrases and looking for funds.