All articles

Create wipe code to erase device

The wipe code is an advanced feature that allows the user to set and later enter a "self-destruct" PIN code.

Table of Contents

Entering the wipe code erases all data from your Trezor device.

The feature is available in all Trezor Safe Family firmware releases. It was first introduced in firmware version 1.9.0 for the Trezor Model One and 2.2.0 for the Trezor Model T.

Enabling the feature

Using Trezor Suite

Wipe code settings can be found in Settings > Device, under the Danger Area section.

dangerarea_wipecodeisnotset_Suite25-2.png
Setting a wipe code
  1. Click Set up wipe code.
  2. On your Trezor device, select Turn on.
  3. Enter your device PIN.
  4. Enter a new wipe code.
  5. Re-enter the new wipe code to confirm it is correct.
  6. Click Continue on your Trezor.
  7. Trezor Suite will display a notification: "Wipe code changed successfully".

After setting up a wipe code, Trezor Suite will display options to Change wipe code and Remove wipe code.

dangerarea_wipecodeisset_Suite25-2.png
Changing a wipe code
  1. Click Change wipe code.
  2. On your Trezor device, select Change.
  3. Enter your device PIN.
  4. Enter a new wipe code.
  5. Re-enter the new wipe code to confirm it is correct.
  6. Click Continue on your Trezor.
  7. Trezor Suite will display a notification: "Wipe code changed successfully".
Removing a wipe code
  1. Click Remove wipe code.
  2. On your Trezor device, select Turn off.
  3. Enter your device PIN.
  4. Click Continue on your Trezor.
  5. Trezor Suite will display a notification: "Wipe code removed successfully".

Using trezorctl

  1. Open the terminal.
  2. Connect your device. Ensure PIN protection is enabled. If it is disabled, enable it using the command trezorctl set-pin
  3. Use the command trezorctl set-wipe-code to enable the wipe-code:
wipe_code_combi-1.png

Configuring the wipe code

In the process of configuring your new wipe code, the device will first authenticate you by requesting your standard PIN. Then, you set your new wipe code.

The method of entering the wipe code is identical to that of entering the standard PIN:

  • Trezor Safe 5 / Model T: Use the matrix displayed on the touchscreen.
  • Trezor Safe 3: Use the device buttons to select and enter the digits.
  • Trezor Model One: Use your keyboard to enter the digits into the terminal.

The wipe code must be different from your PIN!

wipe_code_combi-2.png

Using the wipe code

Once set, you can enter the wipe code in the PIN dialog whenever you connect your device. When the wipe code is entered, the device immediately erases all private data, including the wallet backup (recovery seed).

Trezor Safe Family and Trezor Model T devices do not have to be connected to a host to use the wipe code.

You can wipe your device by entering the wipe code after powering it on using a power bank, USB in your car, or a wall socket.

wipe_code_combi-3.png
;