All articles

Passphrase Confirmation on Trezor Screen

As a Trezor user, you may have noticed that your device asks you to confirm your passphrase on the device's screen. While this might seem like an extra step, it is a crucial part of securing your digital assets.

Importance of confirming your passphrase

Passphrase confirmation is a security feature that protects against specific types of attacks. It is designed to prevent a malicious entity from replacing your passphrase when you enter it on your host device.

Without confirmation on the Trezor device, an attacker could potentially substitute your passphrase with one known only to them.

This substituted passphrase would then be used to derive your private keys, essentially locking you out of your own wallet. In a ransom scenario, the attacker could demand payment in exchange for the true passphrase.

This situation, known as a Trezor Passphrase Ransom Attack, was a potential vulnerability on Trezor devices before certain firmware updates.

Learn more about these firmware updates here: Trezor One v1.9.3 and Trezor Model T v2.3.3.


How does passphrase confirmation work? 

When you enter your passphrase on your host device, your Trezor device will display the entered passphrase for you to confirm. By visually checking the passphrase on your device's screen, you can ensure that the passphrase being used to derive your wallet is indeed the one you intended.

This additional step plays a crucial role in ensuring that your private keys (and hence your digital assets) remain under your control.

Can I skip passphrase confirmation?

The short answer is no. There is no option to switch off passphrase confirmation on the device in Trezor Suite, as this would compromise your wallet's security.

On Trezor Model T the passphrase can be entered directly on the device. This procedure is completely secure as it provides no avenues for malware intrusion. 

However, if you want to enter you passphrase in Trezor Suite and hide the passphrase confirmation, there is a hidden setting that allows you to disable the confirmation, it's important to comprehend the possible security implications linked to this step. 

For more information, please refer to the trezorctl user guide.

Passphrase confirmation on your Trezor screen is an essential security feature that protects you from potential ransom attacks. It ensures that the passphrase used to derive your private keys matches the one you intend to use, keeping your digital assets secure.

Always remember to confirm your passphrase on your Trezor device and keep your device's firmware up-to-date to ensure maximum protection.

a part of SatoshiLabs Group
Copyright belongs to Trezor company s.r.o. All rights reserved.