Review of Trezor Model T
September 18, 2018
The latest product from SatoshiLabs, Trezor Model T, aims to be your digital vault, not only for bitcoin and other cryptocurrencies but also for your passwords and other sensitive information. Model T can also be used for two factor authentication instead of e.g. your phone and follows the U2F standard. For the price of EUR 149 you expect a quality product so we have put it to the test to see if it can live up to the expectations.
The delivery to Sweden was quick (2 week days with DHL) and the Model T is delivered in stylish packaging that is easy to open. In addition to the USB cable used to connect the device to your computer a small magnetic dock that will keep your Trezor in place when you don't use it is included. You also get a a couple of small cards to write down your backup words (more on this later) and some stickers, in case that you really love your Trezor and want to spread the word.
Before getting started you have to peel off the hologram sticker that covers the port. This is one of the security measures used by SatoshiLabs to make sure that you don't get a product that has been tampered with. The sticker is a bit tricky to remove and it immediately breaks so it it obvious that it does its job in that it is impossible to remove and reattach it. It is slightly annoying that it leaves glue marks that it's a bit of a struggle to remove but, hey, that's the price you pay for security, right? It's important to understand that this security is dependant on the fact that it is actually the sticker from SatoshiLabs and not a copy, so make sure to compare it in detail to the image shown during installation.
The "getting started" booklet is almost not necessary since all you need to do is to connect your Trezor to your computer and then type in the URL https://trezor.io/start. The rest is as simple as following the on screen instructions. First of all the firmware will be installed. This is another security measure, that the devices are never delivered with preinstalled software that could potentially have been modified. This whole process is quick and all you have to do is to press "Next" a few times.
Moving on, it's time to create a wallet! You get to write down your receovery seed, the 12 words that is your backup. In case that you would lose your Trezor these 12 words (and only these 12 words) will help you restore your wallet and avoid losing your money. This obviously means that it is extremely important not to lose your backup words or letting anyone you don't trust see them. Use the included card to write down the words and in case you plan to store a significant amount of cryptocurrency or sensitive information I would recommend that you keep this card in some sort of safe or vault.
You also get to name your Trezor and choose a PIN code which is also a simple process. The chosen name is displayed on the device so that you know that it is your device that's in front of you.
The Model T has a touchscreen and all sensitive operations are performed using this screen. That's where you see your backup words, enter your PIN etc. which ensures that it's impossible to steal your data even in case you computer has been hacked. The touchscreen works well overall but is definitely more basic than phone screens that we're used to now. If your fingers are big it might be a bit hard to touch the part of the screen near the corners.
The Bitcoin wallet is similar to other wallets. The receiving address is also presented on the Trezor display and the QR code will not be displayed until you have verified the address using the touchscreen. This way you can be comfortable knowing that no malware is trying to replace the address. When sending bitcoin the address and amount is displayed on the touchscreen for you to confirm. During my first attempt to send the screen becomes unresponsive and I need to reboot the device to continue. I don't know if this is a bug or just a problem with my copy but it was the only problem that I had during the test.
Trezor's wallet does not only support Bitcoin but also a number of other cryptocurrencies such as Ether, Dash and more. There is also support for pretty much any cryptocurrency if you use 3rd party wallets. See the complete list here.
So, Trezor is not only a cryptocurrency wallet but can help you secure your logins and passwords. Setting up the device to be a second factor in two factor authentication was ridicolously simple. I tries this on my Google account and all you have to is to find the settings for 2-step verification, then the option called "Security Key" and click "Add". If your Trezor is connected you get to confirm the action on the touchscreen and you're done! The next time you log in to your account you get to confirm the login on your Trezor. You can still keep e.g. your phone as an alternaive in case you don't have your Trezor nearby.
Model T can also be used as a password manager, i.e. a place where you keep all your passwords. Traditionally password managers rely on a master password to access all other passwords which of course comes with the drawback that if someone gets hold of your master password you're in big trouble. With a Trezor the device itself is the master password. Each password is encrypted with a unique key that never leaves the device and the encrypted passwords are stored in Dropbox or Google Drive. Model T is also fitted with a SD card slot that will enable you to keep the encrypted passwords and other sensitive data on the card. This function is marked as "coming soon" on the Trezor homepage.
Even this has a possible weak link of course. If someone manages to get your 12 backup words (or your device + PIN) it is just as catastrophic as if a master password leaks. The advantage of this solution is that your 12 words can be kept somewhere safe, locked up, and never ever be entered on a computer or mobile device that might be hacked.
For the real geeks it is also possible to let Trezor handle your SSH och PGP keys.
The Trezor brand is the oldest in the market of hardware wallets and Model T is both he latest and, in my opinion, greatest model so far from SatoshiLabs. Security wise it has improvements from previous models where e.g. PIN entry and recovery is done on the computer.
Getting started is really simple and in addiation to getting a wallet for cryptocurrences you get a secure way to store passwords and logins. The price, EUR 149, may seem high but is definitely worth it if you have significant amounts of cryptocurrency or other sensitive data.
The Trezor Model T can be purchased on shop.trezor.io.