The wipe code is an advanced feature that allows the user to set, and later enter, a "self-destruct" PIN code.
Entering the wipe code erases all data from your Trezor device.
- The feature was first made available in the firmware version 1.9.0 for the Trezor Model One and 2.3.0 for the Trezor Model T.
- The feature is currently accessible only with Trezor command line interface (v0.11.6 or newer).
TABLE OF CONTENTS
- Enabling the feature
- Configuring the wipe code
- Using the wipe code
Enabling the feature
- Open the terminal
- Connect the device. Be sure to have the PIN protection enabled on your device. If it is disabled, enable it by using the command trezorctl set-pin
- Use the command trezorctl set-wipe-code to enable the wipe-code:
Configuring the wipe code
In the process of configuring your new wipe code, the device will first authenticate you by requesting your standard PIN. Then, you set your new Wipe code.
The method of entering the wipe code is identical to that of entering the standard PIN:
- To enter the wipe code on your Trezor Model T, use the matrix displayed on the touchscreen.
- To enter the wipe code on your Trezor Model One, use your keyboard to enter the digits into the terminal.
The wipe code must differ from your PIN
Using the wipe code
Once set, you can enter the wipe code in the PIN dialog whenever you connect your device. When the wipe code is entered, the device immediately erases all private data including the recovery seed.
The Trezor Model T does not have to be connected to any kind of host interface to use the wipe code. You can wipe your device by entering the wipe code after powering the device with a power bank, USB in your car, or a socket on your bedroom wall.