Hidden features of Trezor that enhance crypto security..

[WIYO1]

Hii..
I'm hoping to get answers to a few questions from the experts, so that it's easier for beginners like me to understand.



https://trezor.io/trezor-suite?srsltid=AfmBOopTtHa4wzFnygHlGmmllpTqE12NFsFVbKEdhY4Gg9Cl-83Y92UM
Trezor is a hardware wallet created to store Bitcoin and other cryptocurrencies safely offline, also known as "cold storage." However, the Trezor has many features that help ensure secure storage of your cryptocurrency assets, but most people do not use them correctly or even know what they are.

*Does using a passphrase really make the wallet 100% secure?

*What features of Trezor are often misused by ordinary users?

*Trezor vs. other hardware wallets—which one is more secure and why?

*What are the benefits and risks of using a hidden wallet?

[Zaguru12]

*Does using a passphrase really make the wallet 100% secure?

No Passphrase doesn’t actually make your wallet 100% secure. Yes extension of your seed phrase (passphrase) adds another layer of security to your wallet only if both the seed phrase and passphrase are stored securely and separately. The security your wallet even if it’s a cold wallet depends on how you secure your wallet keys or seed phrase.

*Trezor vs. other hardware wallets—which one is more secure and why?

The security of your wallet depends on how you handle the back seed phrase. But also the choice of your wallet goes a long way towards securing your wallet. Trezor wallet isn’t bad in my opinion but my choice of hardware wallet is one which is open source and also airgapped too.

*What are the benefits and risks of using a hidden wallet?

I think you mean benefits of hardware wallet; it’s simply because it’s a cold storage of your coins which means your keys doesn’t leave the wallet and as such is more secure than those hot wallets.

There is no risky other than if you expose your seed phrase or private keys, third party can get access to your wallet and steal your funds

[Cricktor]

*Does using a passphrase really make the wallet 100% secure?

It depends.

A wallet with only the mnemonic recovery words required for a full restore is as safe as you can keep the mnemonic recovery words backup safe. If some entity finds your mnemonic recovery words, the wallet usually can be restored and your coins can be drained away.

If you extend the mnemonic recovery words with a mnemonic passphrase, then both parts are required to restore the wallet. Obviously it doesn't make sense to store the recovery words and the mnemonic passphrase together where they could be found together.

If you store them securely and separately now if an entity finds your mnemonic recovery words, your wallet remains safe because the evil entity can't restore your wallet without the mnemonic passphrase.

*Trezor vs. other hardware wallets—which one is more secure and why?

I would argue that most if not any hardware wallet that is open-source, has preferably reproducible firmware builds and documented hardware components and documented attack mitigation can give you confidence that you know what this wallet does under the hood, if you're able to read and understand it.

A good and open communication of the hardware wallet's company is an additional bonus and in my opinion important, too.

Companies with some years of experience in the field are also preferable over the newest shit. Long-time experience is beneficial.

So, Ledger crap with its closed-source firmware shit is out of discussion.

I would also say, that hardware wallets with Bluetooth are less secure, because Bluetooth hardware and software stack are complex and error-prone and just open another attack vector.

*What are the benefits and risks of using a hidden wallet?

Benefits:
A sacrificial and "canary" wallet which can be restored just by the recovery words can indicate a compromise of the recovery words.

Any unique mnemonic passphrase generates an unique wallet. So with one set of mnemonic recovery words you can have as many unique wallets as you use unique mnemonic passphrases.

Risks:
You have to carefully and securely store any mnemonic passphrase separately from your recovery words. There is no error tolerance. The smallest error in your mnemonic passphrase gives you a different and empty wallet.
If you loose all copies of your mnemonic passphrase, your wallet is lost even when you still have the mnemonic recovery words. Because if you had a complex enough mnemonic passphrase, it's not likely you can brute-force it. Well, it shouldn't be feasible to brute-force it.

[rat03gopoh]

*What features of Trezor are often misused by ordinary users?

Thinking of it like a hot wallet, where they can access any dApp or service that implements a smart contract. The assumption that a hardware wallet is safe from private key theft is correct, but if beginners think they're also safe from hacking, they're wrong. Essentially, the more you make a hardware wallet "one for all," the more you increase the risk exposure.

I think you mean benefits of hardware wallet;

I think he's referring to a specific feature of Trezor wallet, the hidden wallet. https://trezor.io/support/troubleshooting/trezor-suite-issues/passphrase-hidden-wallets-issues

[WIYO1]

The security of your wallet depends on how you handle the back seed phrase. But also the choice of your wallet goes a long way towards securing your wallet. Trezor wallet isn’t bad in my opinion but my choice of hardware wallet is one which is open source and also airgapped too.

Exactly,security is a combination of tools and behavior. Even a cold wallet isn’t safe if the seed phrase isn’t handled properly.

I think you mean benefits of hardware wallet; it’s simply because it’s a cold storage of your coins which means your keys doesn’t leave the wallet and as such is more secure than those hot wallets.

There is no risky other than if you expose your seed phrase or private keys, third party can get access to your wallet and steal your funds

That’s why many people prefer devices like Ledger Nano X or Trezor Model T for long-term storage.

Risks:
You have to carefully and securely store any mnemonic passphrase separately from your recovery words. There is no error tolerance. The smallest error in your mnemonic passphrase gives you a different and empty wallet.
If you loose all copies of your mnemonic passphrase, your wallet is lost even when you still have the mnemonic recovery words. Because if you had a complex enough mnemonic passphrase, it's not likely you can brute-force it. Well, it shouldn't be feasible to brute-force it.

Thank you@Cricktor.
It is essential that you store your mnemonic passphrase separately and in an extremely careful manner. Any small inaccuracy in the passphrase will give you a new, empty wallet. Therefore, should you lose your mnemonic passphrase, it is impossible to recover your funds as even recovery words will not suffice due to the strength of the mnemonic passphrase making it virtually impossible to brute force it to recover.

[satscraper]

*Does using a passphrase really make the wallet 100% secure?

Nope, but  strong, properly managed passphrase does increase security in certain circumstances ^{one of them being when your seed is accidentally exposed}.

*What features of Trezor are often misused by ordinary users?

I would highlight just one point, i.e. users do not verify every character of the destination address shown on their display, which means they can easily become victims of address poisoning attack.

*Trezor vs. other hardware wallets—which one is more secure and why?

In my view air‑gapped wallets that communicate with online device via theoptical channel are safer because the attack surface is smaller compared with Trezor.

*What are the benefits and risks of using a hidden wallet?

Many people think the benefits might show up in $5‑wrench attack, but I don’t think so.

The risk? For instance, your passphrase could be forgotten.

[Cricktor]

Benefits:
A sacrificial and "canary" wallet which can be restored just by the recovery words can indicate a compromise of the recovery words.

I forgot to add that if you use such a "canary" wallet and/or for plausible deniability, you have to very carefully separate and "unlink" your coins, especially for plausible deniability. Coins in the sacrificial wallet shouldn't easily be linked to your main coin stash which isn't easy to achieve. You should know what you're doing to unlink of strongly obfuscate their histories.

I wouldn't want to rely on this, plausible deniability is a minor option for me, because if I had to defend myself against 5$-wrench attacks, I would pay more attention to keep a low profile and not brag in public about me being in crypto. But, well, YMMV.

[NotATether]

I think coin control is an essential feature for any wallet, and I've heard that Trezor now supports this feature.

It's not really a security feature per se, but it keeps your bitcoin away from the compliance teams.

[Lucius]

~snip~
That’s why many people prefer devices like Ledger Nano X or Trezor Model T for long-term storage.

I'm just curious where X came from in this story of yours? Trezor isn't perfect, but at least it doesn't allow you to share your seed with third parties, and you still have to pay $10 a month for that. Besides, for long-term storage, the only real choice is an air-gapped wallet, whether you buy one or create one on a computer that you won't use for the internet.

[WIYO1]

Trezor isn't perfect, but at least it doesn't allow you to share your seed with third parties, and you still have to pay $10 a month for that. Besides, for long-term storage, the only real choice is an air-gapped wallet, whether you buy one or create one on a computer that you won't use for the internet.

While it's not without flaws, Trezor's strengths lie in offering offline storage of your seed and, hence, strong protection. Although monthly payments are not great, the best way to achieve true long-term security is with properly managed and maintained air-gapped wallets.

[joniboini]

Although monthly payments are not great, the best way to achieve true long-term security is with properly managed and maintained air-gapped wallets.

I don't think he's referring to Trezor tbh, but Ledger with its recovery service or something which means you have to share your seed with third-parties for $10/month, IIRC. So there's no monthly payment with Trezor, or any properly maintained air-gapped devices as you said above. I'd be surprised if they'll introduce one. At least for their HW products.

[PrivacyG]

*Trezor vs. other hardware wallets—which one is more secure and why?

What kind of 'Secure' are you looking for?  There are positives and negatives for each kind of Hardware Wallet.  Trezor is 'more Secure' as in it is fully Open Source compared to others, such as its competitor Ledger.  This means you can inspect Trezor as much and in detail as you like, or you can even build your own from scratch.  Or at least you could a long while ago but I doubt you can not now, considering the firmware is open source.

But is this really more 'Secure'?  It depends.  It is very probable that ALL Hardware Wallets have a vulnerability to exploit.  Anyone who writes a code knows there will inevitably be one at some point, particularly the longer the code gets.  Years ago Trezor models One and T were found with a vulnerability, and it did the worst thing you can think of.  It allowed extraction of the Seed from the device.  This however required the 'hacker' to have physical access to your Trezor.

More details here,
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

And at the same time, this is also an answer to your other question,

*Does using a passphrase really make the wallet 100% secure?

It makes it MORE Secure.  But there is no such thing as '100 percent Secure'.  There are always flaws, gaps in any method you use.  But if you use a strong Passphrase, the exploit I explained above means nothing.  The attacker may physically get your Trezor and extract the Seed out of it, but the Seed is worth no thing if all your Bitcoin is actually stored on the Passphrase.

Now back to what I was explaining about the old Trezor vulnerability.  The other way around is using a Hardware Wallet like Ledger, which has a closed source Secure Element.  This pretty much makes it less probable that a vulnerability can be found and exploited by a general user as only Ledger knows what code lays in that Secure Element.  But this is a risk too.  Ledger had a justified anger coming from its customers after they announced they would let them 'back up the encrypted Seed', years after they told everyone that the Seed is impossible to extract from the Secure Element.

So now you are left with the transparent option which would be Trezor, and the possibly lying option which would be Ledger.  Are you afraid of physical attacks?  Are you afraid of remote attacks?  If you are afraid of a physical attack.  What is the chance the thief will know how to exploit a Trezor vulnerability?  If someone posesses that level of knowledge, experience and abilities, chances are they are not thieves.

Trezor firmware can be audited by anyone at any given time.  If you have the ability to audit the code, you can do it yourself as it is all public.  This is my reason for considering Trezor the superior Hardware Wallet.  If you want the MOST Secure and you do not need portability, build your own Airgapped Computer.