I bought one last week to protect my cryptocurrency. I wanted to make sure it was recoverable, so first I sent a small amount to it, after setting it up, then wiped it! Then recovered it, and the funds were back. So it's safe, and I stored my savings to it.
Unboxing
There's the hardware wallet device, and a short USB cable -- it really could have been a bit longer; it was difficult to lay flat on the desk and use with the laptop, and I'd imagine it'd be even more difficult with a desktop. Two blank cards to fill the 24-word recovery in, and brief instructions.
Really Bad First Impression, Documentation-Wise
I really want to give a glowing review, but it was quite difficult to get started. The device, and docs, say to go to http://trezor.io/start, but it's not easy to determine that I need to install a Chrome plugin first in order to communicate with the device. That could be made much clearer.
I had to search to find what to do. Which, at least, I was able to do!
Interesting UI
In order to defeat keyloggers, they implemented an interesting user interface, which allows you to use the device even on a compromised computer! That's pretty neat.
It shows a number grid like on a phone (just 1-9, so, 3x3) on the device, with the numbers in random places. On the screen, you click the buttons corresponding to the numbers on the device, to input your PIN. Then it randomizes the numbers on the screen again, and you enter the PIN a second time.
So, someone who had previously hacked your computer wouldn't get the PIN, since they wouldn't see the device's screen, even if they had installed screen-recording software. I suppose they could also try recording the camera, but two pieces of electrical tape fixed that for me. Not on the phone though, but, that's another story. :)
Sending Bitcoins was Almost Immediate!
I sent a small amount of Bitcoin to test it out. The coins arrived almost instantly, which was nice to see. Then I wiped the device, and started over.
Another UI failure -- the button to "Recover" is way over to the right (in the browser's UI), so at first I went through another set of 24 words (you click a button on the device to proceed; it has two buttons, and a screen), to find that I can't recover at that point, so had to wipe it again and then click that obscured button, and proceed.
More Keylogger-Defeating UI
To recover the device, you have to enter the 24 words you saved, and it then recreates the private key from them. From reading about this, apparently only the first four letters of each word are necessary. It asks for the words on the device in a random order, i.e., "Enter the fifth word on the list", then in the browser it predicts the words fairly well; generally, I've needed to type three characters before the right word appears in the list under what I'm typing. Then I can click on it. So a keylogger wouldn't necessarily be able to reproduce those actions in order to hack into my wallet, as even after three letters entered, most words still had three or more options.
Hack into the blockchain, that is. They don't need physical possession of my wallet in order to deprive me of coins. I, in fact, proved it with the above! All they need is those 24 words (or, 24 x 4-letter chunks) to enter into any other device, and they'd be able to send my coins somewhere else, i.e., steal them from me.
So the threat of a keylogger is very real; it could be delivered as malware. I have read reports of malware which modifies cryptocurrency addresses in the clipboard. In other words, for instance you want to send some coins to an exchange to do some trading, you click on the exchange's website to get to the deposit address, and then copy it; you then paste it into your wallet.
The malware pastes the malware author's Bitcoin address into your wallet instead! So, if you aren't careful and compare them (I always do!), then you might lose the amount you're sending.
When I verify, I don't look at the entire address; I just verify the first four-to-six and last four-to-six (whatever's easiest to remember), so it's easy to do with a few glances. Sure, this isn't as secure as verifying every digit, but the chances of creating a similar address are very low -- they'd need a lot of computing power in between copying and pasting in order to do that. Perhaps if they've got a compute farm they can send the address to, but otherwise unlikely on a garden-variety laptop.
Even Better Exists
I read, while researching how to do the recovery (which as I mentioned I shouldn't have had to do -- their documentation could be improved), that there exists an even more advanced version where you enter the words without using the keyboard, similar to how you enter the PIN but of course with a lot more clicking. I didn't test that feature.
Haven't Tested Sending
As I'm typing this up, I realized that I haven't tested sending any coins out of the wallet. I'm somewhat reluctant to, as there's a fee with each send.
Store Safely!
It's now in a safe place, as are the 24 words. And, it's best to never "type" those words -- only write them down on the two cards provided (or other paper). And don't take a picture of them with your phone or other digital camera, as it might "leak". Any camera, really; if you send the negatives out to be developed, they might be intercepted then. An old Polaroid would be okay, since it has self-developing ink. But really, just write it twice, and keep each copy in a separate safe location.
Separate buildings if possible, in case of disaster. Fires happen.
Enjoy!
Thank you to @fishyculture for inspiring me to create this post! :)
Interesting review i think is one of the most easy and safe ways to hold BTC. Regards
Thanks for the review.
The recover seems a bit complicated, but I guess it should be.
Yeah, I wanted to make sure I went through the process once, before I needed to... :)
It's going to be a long while before I even think of owning one of these.. perhaps by that time it will be easier to operate ;)
Happy Thanksgiving day
To you as well, belatedly!
trezor is the best i guess
Thinking about getting one, thanks for the review!
perfectly your hardware peotect your wallet and ensure your imvest and savings
Is it exclusively for Bitcoin?
No, they actually support a wide variety of coins, including ETH -- meaning also all of the ERC-20 coins supported on its blockchain.
https://doc.satoshilabs.com/trezor-faq/overview.html#which-coins-are-currently-supported
I appreciate the review, we are looking to get one fairly soon. I have an odd question... Could we buy our kids one of these for Christmas, and have them get it all set up without having any cryptocurrency?
Yes! The two I finalized my decision on were this and the Ledger. They're both quite similar. Trezor was the first on the market, so longevity sold it for me. There are others as well, including some without screens that are less expensive; I liked the idea that you can use the ones with screens on a compromised computer, and your coins will still be safe.
It doesn't hold STEEM, though! I'll send them $20 worth of ETH once you get it set up and send me the ETH wallet address -- Merry Christmas to them! :)
You are just too sweet! HUGS!
always waiting for your blogs as I get all the benefits thank you dear friend @libertyteeth
Thank you! I just checked your profile, and your background image looks similar to a picture I just painted! :) That's kinda neat. Here it is:
https://steemit.com/art/@libertyteeth/the-spice-must-flow-art
That really useful post thank you for sharing your experience with us. Me and my wife have one but we didn't deal with it yet. You are saveing us a lot of efforts. I am really happy i stumble on you atricale. I wish you all the best @libertyteeth .
Thanks, and good luck to you!
I'm not there yet. The only BTC I ever owned was what I used to get started here on Steemit. And that was tiny.
But at some point... I definitely want to own more and have it on a hardware wallet!
Thank you for this clear record of your experience. It is actually very helpful!
Thx
I want a hardware wallet for Bitshares o.o
I haven't gotten any of those yet. I saw a recent video of @haejin's about it, looks interesting!
Super interesting and informative post, especially for a noob at crypto like me. I've been on Steemit for a few months, and I now realize I'll never be done learning how to optimize and protect my cryptos haha! I only recently traded out some steem, in an attempt to invest into some other currencies. I know this isn't directly related to your post, but you seem like a good person to ask- do you always lose value when trading steem for another currency? I traded 10$ of steem for btc through blocktrades, and had it sent to coinbase. In return I recieved about a dollar of btc- did I make an error in my choice of transfer method, or is this normal?
Thanks for the post, and making me aware of another way to protect crypto... how cool to have your wallet right there on your desk! Good to know that it has solid recovery as well! cheers :)
Hi @amyf, sorry to respond so late. That doesn't seem normal. Usually there's a loss when moving and when trading. Most places the trading loss is around 0.2% or so, very minimal (2 cents, with your $10 example). The transfer fees depend on the coin; with Bitcoin, I have heard it can be as high as $7 so that might account for your experience.
You sent it to Coinbase, so you could look at their website, and click on that transaction. You could then view that transaction at http://blockchain.info, to see more details about the transaction, which includes the fee.
Of course, that's the blockchain fee; blocktrades.us might have their own fees, I'm not sure. But, it sounds worth investigating, if you lost 90% of your investment money, buying into your investment! :( When I buy in at Coinbase it's usually around 5%, 10% at most for obscure coins (i.e., the loss from Coinbase, transfer, and exchange).
Ive been thinking about picking up a hardware wallet. What kind of fees are there to send your BTC? I heard that the fees are kinda high on the hardware wallets?
Not that I'm aware of, it's just another BTC address; the fees don't depend on the address being sent to, that I'm aware of. They depend on the number of transactions happening at the current time, and the data size of the transaction in kB; usually, more coins means more data.
I've done two transactions to the Trezor, and they were from a wallet that's not currently accessible -- so I don't know what the fees actually were, but I don't recall being surprised when I confirmed them.
I got a Trezor myself a couple of months ago and it seems pretty nifty, though like yourself, I haven't sent any coins yet.
Great and interessing what about the Ledger nano S ?
thx for sharing about your experiences with this one so i can learn a little more about it