Starting Up Your Trézor Device

1. Unbox and inspect

When your Trézor arrives, inspect the packaging before opening. Genuine packaging will include tamper-evident seals and manufacturer's branding. If anything looks tampered with, contact official Trézor support immediately.

• Check the box seals and holograms (if present).
• Verify contents: device, USB cable, quick-start card, recovery sheet (if included), and any documentation.
• Never accept a used device. A second-hand or pre-initialized device may be compromised.

2. Download official companion software

Always download wallet software or firmware only from the official Trézor website or authorized channels. Attackers often create fake websites and apps to steal recovery seeds.

• Visit the official site and verify the URL (look for the padlock and correct domain).
• Prefer official desktop or web-based wallets the manufacturer recommends.

3. Connect your device

Use the provided USB cable and connect the Trézor to a computer you trust. The device screen and onboard buttons are your primary secure interface—never share what appears on the device with others.

1. Plug the Trézor into a desktop or laptop USB port (avoid public or shared computers).
2. Open the official companion app or website as instructed by the manufacturer.
3. Follow the prompt on both the device and the app.

4. Verify device authenticity

Modern hardware wallets include an attestation or device-checking routine. Follow the manufacturer's recommended verification procedure to confirm the device is genuine and running authorized firmware.

Tip: A verified device will typically show a signature or checksum you can match with the companion app. Do this before initializing your wallet.

5. Initialize the device and create your PIN

Initialization prepares the device to generate private keys. During setup you’ll choose a PIN. This PIN protects the device locally—without it an attacker cannot access the device functions even if they have physical possession.

• Choose a strong PIN (longer than 4 digits). Avoid obvious sequences, repeated digits, or dates tied to you.
• Never type your PIN into a computer—use the device buttons or the device’s secure input method.
• If you enter your PIN incorrectly too many times, the device may implement a delay or wipe depending on settings—this is a security feature, not a bug.

6. Create and record your recovery seed

The recovery seed (a list of 12, 18, or 24 words) is the single most important backup. It can restore your wallet and funds if the device is lost, stolen, or broken. Record it carefully and keep it offline.

1. Write the words exactly as displayed and in the correct order on the supplied recovery card or another secure medium.
2. Do not store the seed on a computer, phone, or cloud service.
3. Consider using multiple physical copies stored in separate secure locations (safe deposit box, home safe, trusted person). Use metal seed plates for fire/water protection if desired.
4. Do not take a photo or digital copy of the seed—digital copies can be exfiltrated by malware or cloud breaches.

7. Confirm your seed (device check)

Many devices will ask you to confirm a subset of the recovery words to ensure you recorded them correctly. Complete this step carefully on the device screen to avoid errors.

8. Install firmware updates

Keeping firmware up to date ensures you have the latest security fixes and protocol support. Only install firmware obtained through official channels and follow the manufacturer’s upgrade flow which usually includes cryptographic verification.

• Check firmware release notes for important changes.
• Never skip signature checks during firmware upgrade.

9. Create or import wallets

After initialization you can create new wallets or import an existing seed. When creating new wallets, the device generates keys deterministically from your seed—no private keys ever leave the device.

• Use the companion software to create accounts for the coins and tokens you plan to manage.
• For advanced users: you may use passphrases (an additional word added to the seed) to create hidden wallets. Use passphrases with extreme caution and understand the recovery implications.

10. Receive and verify transactions

When receiving funds, always verify the receiving address on the Trézor device screen—not only in the companion app. Displayed addresses on the device are generated from your keys and provide the ground truth.

• Copy the receiving address from the device or use the QR code the device displays.
• Confirm the address matches what you expect before sharing it with others.

11. Signing and sending transactions

Signing is performed on the device. The companion app assembles the transaction, but the device displays crucial details (amount, destination, fees) for your approval before signing—this prevents remote manipulation.

• Read every field shown on the device screen before confirming.
• If anything looks incorrect (unexpected destination, wrong amount, or strange fee), do not confirm the transaction.

12. Advanced security: passphrases and multisig

Two advanced features increase security but also complexity:

• Passphrase: An optional secret word that creates additional wallets derived from the same seed. If you use one, store it separately from the seed and never forget it—losing it means losing access to those derived wallets.
• Multisig: Multiple signatures required to move funds. Multisig setups reduce single-point-of-failure risk but require careful coordination between signers.

13. Routine maintenance and best practices

• Periodically check for firmware and software updates.
• Test your recovery seed by performing a recovery onto a spare device or using a standard testnet—do this only in a controlled environment and never reveal the seed during the test.
• Keep at least one offline copy of your recovery stored securely; consider geographic redundancy (one copy off-site).
• Use a dedicated computer for large or sensitive transactions if you have one available.