All articles

Create wipe code to erase device

The wipe code is an advanced feature that allows the user to set, and later enter, a "self-destruct" PIN code. 
 

Entering the wipe code erases all data from your Trezor device.

 

  • The feature is available in all releases of Trezor Safe Family firmware. It was first made available in the firmware version 1.9.0 for the Trezor Model One and 2.2.0 for the Trezor Model T.
 

Enabling the feature

Using Trezor Suite

Wipe code settings can be found by going to Settings > Device, and scrolling down to the Danger Area:
 


Setting a wipe code:
  • Click Set up wipe code
  • On your Trezor device, select Turn on
  • Enter your device PIN
  • Enter a new wipe code
  • Re-enter the new wipe code, to confirm it is correct
  • Click Continue on your Trezor
  • Suite will then display the notification 'Wipe code changed successfully'

After setting up a wipe code, Trezor Suite will display the options to Change wipe code and Remove wipe code:
 


Changing a wipe code:

  • Click Change wipe code
  • On your Trezor device, select Change
  • Enter your device PIN
  • Enter a new wipe code
  • Re-enter the new wipe code, to confirm it is correct
  • Click Continue on your Trezor
  • Suite will then display the notification 'Wipe code changed successfully'
 

Removing a wipe code:

  • Click Remove wipe code
  • On your Trezor device, select Turn off
  • Enter your device PIN
  • Click Continue on your Trezor
  • Suite will then display the notification 'Wipe code removed successfully'
 

Using trezorctl

  • Open the terminal
  • Connect the device. Be sure to have the PIN protection enabled on your device. If it is disabled, enable it by using the command trezorctl set-pin
  • Use the command trezorctl set-wipe-code to enable the wipe-code:
 


 

Configuring the wipe code

In the process of configuring your new wipe code, the device will first authenticate you by requesting your standard PIN. Then, you set your new wipe code. 
 

The method of entering the wipe code is identical to that of entering the standard PIN: 
 

  • To enter the wipe code on your Trezor Safe 5 or Trezor Model T, use the matrix displayed on the touchscreen. 
  • To enter the wipe code on your Trezor Safe 3, use the device buttons to select and enter the digits.
  • To enter the wipe code on your Trezor Model One, use your keyboard to enter the digits into the terminal. 

 

The wipe code must differ from your PIN!

 


 

Using the wipe code

Once set, you can enter the wipe code in the PIN dialog whenever you connect your device. When the wipe code is entered, the device immediately erases all private data including the wallet backup (recovery seed).
 

Trezor Safe Family and Trezor Model T devices do not have to be connected to any kind of host interface to use the wipe code. You can wipe your device by entering the wipe code after powering it on with a power bank, USB in your car, or a socket on your bedroom wall.