Trezor is the most trusted cryptocurrency hardware wallet, and because the security of your coins is of the utmost importance to us, we’re always working on improvements. Our most recent firmware updates (Trezor One version 1.9.0 and Trezor Model T version 2.3.0) include some exciting enhancements.

Passphrase Updates

If you are using a passphrase, you already know that it is an optional, although highly recommended feature on Trezor devices that gives you an extra layer of security. When enabled, your device asks you to enter a secret phrase every time you connect. Using a passphrase allows you to create multiple hidden wallets. And even if someone steals your recovery seed, they still can’t get into your wallet without the passphrase because it’s not stored anywhere on your device. (Pro tip: If you have to make a physical backup of your passphrase, do not store it right next to the backup of your seed.)

There are two new passphrase updates that were just released that will make it easier for you to use this feature.

First, on both of our Trezor device models, we have introduced passphrase caching. Up until now, if you used multiple passphrases, you had to enter your passphrase every time you switched to a different passphrase-protected wallet. And switching wallets meant disconnecting and reconnecting. Trezor devices are now capable of caching up to 10 passphrases at the same time. So if you are connected and checking multiple wallets, your session will temporarily cache your passphrase to make this easier. Once you disconnect, nothing is saved.

Second, there has been a change in the way you enter your passphrase for the Trezor Model T. Before, Model T users could choose to enter the passphrase either on the host device (a computer or phone) or directly on the Trezor by using the touchscreen. Now, the decision of whether the passphrase will be entered on the device or in the Wallet is prompted directly in the Wallet.

Need more security? We can’t guarantee that you’ll feel like you’re in a Mission Impossible movie, but we can guarantee that your coins will be safe with careful use of these advanced updates which are only accessible via trezorctl, the command line interface.

The Wipe Code

Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.

SD Card Protection

This new option further increases the physical security of your device. The SD card protection feature serves as additional protection against physical attacks on the Trezor Model T. When it is enabled, a randomly generated secret is stored on the microSD card that you can insert into your device. During every PIN checking and unlocking operation this secret is combined with the entered PIN value to decrypt data stored on the device. Simply put, the device gets bound to the SD card and cannot be unlocked without it. So if you are concerned about physical attacks and have this feature enabled, you can remove the SD card whenever the device is not in use and keep the two in separate locations. One without the other is worthless to an attacker, because the SD card secret is an entirely random value which carries no information about your seed or passphrase.

We want to keep all our products and services secure for everyone. We hope that you enjoy our latest updates to our devices. If you want to dig deeper, visit our dev corner article).