- Screen offers extra protection and verification
- Second generation of TREZOR
- High price tag may put it out of reach for some
The TREZOR Model-T is a second generation Bitcoin/Altcoin hardware wallet manufactured by SatoshiLabs. The TREZOR line debuted in 2014 with the TREZOR One (T-One) and has remained one of the most popular cryptocurrency hardware wallet solutions to date.
The footprint of the Model-T is similar to the T-One, with the biggest differentiator being the color touchscreen and lack of physical buttons. The Model-T’s firmware (dubbed TREZOR Core) was written from scratch to further optimize security. As with the T-One, this hardware wallet is designed to be used safely even on malware infected devices (although this is not recommended).
TREZOR T Price
At the time of this review the Model-T costs 139 EUR or about $165. This price tag is steeper than the popular Ledger Nano X. The inclusion of a color touchscreen makes the Model-T competitively priced.
Make sure you NEVER buy a TREZOR or any other hardware wallet from eBay.Only buy from the TREZOR store, Billfodl, or any other authorized reseller.
Here is the TREZOR T compared to the other three popular Bitcoin wallets:
TREZOR has a reputation for providing industry leading security for Bitcoin (BTC) and other cryptocurrencies, protecting against both physical as well as virtual theft.
TREZOR is a hierarchical deterministic (HD) wallet where you control the private keys, so an entire wallet can be backed up with the 12-word recovery seed. The original 12-word seed is generated using random generation from the device and the computer. The seed is generated offline and displayed on the TREZOR’s screen, which ensures that the seed is never on an internet-connected device.
You can recover the entire wallet with the 12-word seed in the event that your TREZOR is lost or damaged. Recovery can be done with another TREZOR or with other software wallets like Electrum on Android/Desktop or Mycelium.
The Model-T ships with a tamper proof seal over the USB-C port that leaves holographic residue on the device when peeled away.We attempted to remove the seal as carefully as possible but were unable to do so without it being evident. While the seal shows to be good tamper-proofing it is worth repeating that you should only ever purchase crypto hardware wallets directly from the manufacturer or an Authorized reseller like PrivacyPros.
A PIN code is required on initial setup as well as for spending.
The PIN number layout on the device shuffles at each prompt for added security. Additionally, the TREZOR T does not share PIN info with the computer. The old TREZOR shared PIN info–like the PIN length–but the TREZOR T does not.
TREZOR’s screen allows you to confirm that you’re sending to the intended recipient, but this does not prevent against phishing attacks (whereby you are provided an incorrect address on your computer screen).
A full overview of how TREZOR handles security threats can be found on the SatoshiLabs website. The firmware for the Model-T has been completely re-written from scratch for enhanced security over the T-One. The code is open source and can be reviewed on GitHub.
Because of this, though, there have been issues with the TREZOR T firmware that don’t affect the TREZOR One.
TREZOR has also started an initiative to develop its own open-source secure element chip. This project is called ‘Tropic square’ standing for “TRuly OPen Integrated Circuit”. One reason TREZOR does not use a secure element, like the Ledger Nano X does, is that all secure elements are closed source. This means you must trust the hardware manufacturer not to create a back door.
TREZOR is trying to solve this by creating one that is open-source like the rest of the TREZOR stack.
In addition to Bitcoin (BTC), the Model-T supports Monero, Bcash, Bitcoin Gold, Dash, Litecoin, Bitcoin Cash, Zcash, NEM, Ethereum (ETH), Ripple (XRP) and Ethereum Classic, as well as hundreds of other coins (1,649, to be exact).
The TREZOR T’s best security feature is its ability to allow the user to enter the BIP39 passphrase on the device’s screen.
This was not possible on older TREZOR devices.
Setup & Initialization
The Model-T is compatible with all major operating systems and works with up to date versions of both Chrome and Firefox. Per the 4-step instructions on your device packaging:
- Connect TREZOR to your computer or smartphone.
- Open trezor.io/start.
- Choose the Model-T option & follow the on-screen prompts.
Once the device firmware has been updated the Model-T will reboot and ask you if you are setting up a new device or if you want to recover a pre-existing wallet. While the Model-T accepts all BIP39 seeds and can restore an older wallet, the manufacturer strongly recommends creating a new seed for added security. If you choose to generate a new wallet, the device will process your request and you will be brought into the revamped user interface.
Now it is time to backup your wallet and create your recovery seed. Click the “Create a backup in 3 minutes” prompt in the web GUI and write down the randomly generated 12-word recovery seed with permanent ink on the included recovery seed papers (water and tear resistant). The device will ask you to re-input two of the words for confirmation before proceeding. Do not power down the device during this process or you will need to start over.
Store the recovery seed in a safe place and do not share it with anyone. It is also advised to never save your recovery phrase in digital format or to take pictures of it.
Remember, your device is only as secure as your recovery seed. If this falls into the wrong hands they can import your wallet and sweep your funds.
Now that you have completed the recovery seed process, you are free to name your device and configure the 4 to 9 digit access PIN. You will be prompted to enter the PIN twice before completion. This PIN is your security mechanism should the physical device be stolen, so be sure to set it to something unique and ideally with more than the minimum 4 digits.
TREZOR T Backup Seed
You backup your TREZOR T by writing down 24 words. These 24 words can then recreate your TREZOR wallet in the event your TREZOR is lost, stolen or damaged.
The TREZOR also has the unique ability to restore a wallet from a seed on the device itself.
The TREZOR comes with paper to write down the words:
For the extra paranoid user, you may want to store your seed in a fireproof safe. Or, get something like the Billfodl from Privacy Pros.
The Billfodl is stainless steel backup solution. It allows you to store your 24 word backup seed on material that is much more resistant to fire, electricity, water and other potential dangers to your backup seed.
For example, one user had $1 million worth of cryptocurrency backed up on a seed. His house was flooded, and the water destroyed his paper backup seed. This would not have happened had the user been storing his backup seed on stainless steel like the Billfodl.
The Billfodl protects your seed from both fire and potential floods. For $80, this can be worth it depending on the amount of cryptocurrency you’re storing on your device.
The TREZOR wallet UI is clean and easy to understand for both beginners and advanced users alike.
It is easy to send or receive a variety of coins, review previous transactions, buy coins directly from TREZOR or from other users on their exchange.
However you decide to use the TREZOR wallet software, be aware that unless you take certain steps to hide your IP address (by using a VPN or Tor) TREZOR (the company) will have access to your IP address.
Additionally, if you do not hide your XPUB (by running a full node), TREZOR will know about all of your transactions (even if they probably cannot tie them to your identity directly). This is because you need to connect to a node of some kind to broadcast transactions. If you aren’t running one yourself, then you must use TREZOR’s hosted node.
Shamir's Secret Sharing Scheme (SSSS)
TREZOR Model T now supports n-of-m key shares via a standard known as Shamir’s Secret Sharing. Using this standard, a user can take a private key where supported coins are held and cut it up into however many “shares” they want and also specify how many of the total shares are needed to reconstitute the key.
This allows the user to separate the shares in multiple locations to mitigate certain threats
- Environmental threats, such as fires and floods
- Technological threats, such as bit rot or bad hardware
- Human threats, such as hackers and thieves
For instance, a user could create 5 shares and require any 3 to recover.
- Put one in his safe
- Put one in a safety deposit box
- Give one to his sister
- Bury one in his backyard
- And custody one with his lawyer
If he did, perhaps the third is lost in a fire at his sisters house and the fifth is stolen from his lawyer’s office.
He’d still be able to recover his coins because he’d still have 3 of the shares left.
If you’d prefer to do proper multisig over seed sharding, as with SSSS, then there is a way to do it with TREZOR. However, trezor has no native support for this.
Instead, you will need to use a software wallet like Electrum to set up the multiple signatures.
The nice thing about using Electrum is you can use multiple crypto hardware wallet brands like Ledger and TREZOR.
If you run your own Node, you can use MyNode to help you run either Specter or UnchainedCapital’s Caravan. This makes multisig with TREZOR even simpler!
You can see an image of Specter’s multisig wallet user interface below:
The TREZOR T features a MicroSD slot. This allows you to send Bitcoin without connecting the trezor to an internet connected device at all.
Using an SD card is widely regarded to be safer than connecting the TREZOR to your computer using a USB cable.
You can also get full functionality out of your TREZOR T through a command line interface. With the CLI, you can skip the wallet software and run commands directly on the TREZOR.
Why would you do this?
For one thing, you know exactly what commands are being issued to the TREZOR. When you use a wallet UI like the one shown above, you don’t know for sure that the software has been tampered with or that it is necessarily doing the things you think it is doing.
Password Manager and FIDO2
You TREZOR Model T can also act as a password manager and FIDO2 Authentication. This means that you can use the TREZOR to store all your passwords to various accounts online and/or require that the accounts only login when they receive a signature from the TREZOR device itself.
If you are using your TREZOR to hold crypto, it is best not to connect it to other devices if you can avoid it. For this reason, we DO NOT recommend that you use your TREZOR as both a password manager and a crypto wallet. It is best to use each TREZOR device as one or the other. If you want to use it for both, buy two TREZOR's and dedicate one to holding crypto and another to managing passwords and authenticating accounts.
- TREZOR T Price
- Altcoin/Token Support
- Setup & Initialization
- TREZOR T Backup Seed
- Wallet UI
- MicroSD Slot
- TREZOR CLI
- Password Manager and FIDO2
- TREZOR Model-T vs. Ledger Nano X
- TREZOR Model-T vs. Ledger Nano S
- TREZOR Model-T vs. TREZOR One
TREZOR Model-T vs. Ledger Nano X
Ledger launched the Ledger Nano X in March 2019.
The main difference between the two are that the Ledger Nano X has Bluetooth. Because of this, the Nano X can work directly with an iOS device, while the TREZOR T cannot.
TREZOR Model-T vs. Ledger Nano S
TREZOR and the Ledger Nano S are often compared.
The main differences are that the TREZOR Model-T has more compute functionality, as well as a color touchscreen, while the Ledger Nano S uses a secure chip and small LED screen with physical button functionality.
In summation, the Model-T is another solid product from SatoshiLabs and the most feature rich hardware wallet to date. If you are looking for a secure and user friendly option to store your cryptocurrency, the Model-T is a great choice.
TREZOR Model-T vs. TREZOR One
The main advantage offered by the TREZOR Model T is that it has a larger, full-color LCD touch screen. The TREZOR One only has a small, black and white screen with no touch capabilities. The TREZOR T also supports SD card support for truly air-gapped transactions, however with the TREZOR One, you must use a USB cable to connect it with the wallet software. As opposed to TREZOR One, the Model T has a security hologram sticker covering the USB-C input on the device itself, not on the outside of the packaging. Both TREZOR models have Windows 8+, macOS 10.8+, and Linux compatibility and support for over 1000 ERC-20 tokens.
Review By: Jordan Tuwiner
Rating: 4.7Buy a TREZOR T