Accessing Your Trezor: The Secure (Non-Login) Process

Trezor secures your funds by eliminating the risk of online "login" credentials. Access is granted only by connecting your physical device and entering two layers of protection: the **PIN** and, optionally, the **Passphrase**.

See the 3-Step Access Protocol

Why "Login" Doesn't Apply to Trezor

When you use a centralized exchange or web wallet, "login" involves sending a username and password to a server. If that server is breached or your computer has malware, your credentials are at risk.

Traditional Login (Centralized)

Credentials (password) are typed on a keyboard and transmitted online. Your private keys are held by the exchange (third party). Vulnerable to server breaches and keyloggers.

Trezor Access (Self-Custody)

Access is granted when you physically plug in the device and enter your PIN directly on the device (Model T) or via the scrambled interface. **The private keys never leave the hardware.**

The 3-Step Protocol for Wallet Access

Accessing your portfolio in Trezor Suite requires linking the software interface to the physical security of your Trezor device.

Step 1: Launch & Connect

Launch Trezor Suite: Open the official **Trezor Suite** desktop application (downloaded from trezor.io/start). Do not use web-based versions or unauthorized software.
Connect Device: Plug your Trezor device into your computer using the original USB cable. Trezor Suite will detect the hardware.

Step 2: Enter PIN (The First Key)

PIN Scramble: The Trezor screen (or the Trezor Suite prompt) will display a randomly scrambled set of numbers.
Secure Entry: Based on the pattern shown on the **physical device**, you enter the corresponding positions into the Trezor Suite (Model One) or directly onto the Trezor's touch screen (Model T). This ensures the PIN is never typed traditionally, defeating keyloggers.

Step 3: Enter Passphrase (The 25th Word)

Passphrase Prompt: If you enabled the Passphrase (recommended for advanced users), Trezor Suite will prompt you for it next.
Final Access: Enter your Passphrase (your 25th seed word). If correct, Trezor Suite will load the corresponding hidden wallet. If incorrect, or if you skip this step, it loads the standard, unhidden wallet.

The Recovery Seed: The Master Key You Never Use for Access

The **24-word Recovery Seed** is the ultimate key, but you should **never** enter it during a normal access sequence. It is designed only for two scenarios:

Daily Transaction Security

The PIN and optional Passphrase unlock the device to *use* the private keys for signing transactions. They are the daily access mechanism.

Disaster Recovery (The Only Time)

The Seed Phrase is only used when restoring your wallet onto a brand new device after the original Trezor has been lost, stolen, or damaged.

Advanced Security Layers: Passphrase and Transaction Signing

The Passphrase (or 25th word) is what generates separate, hidden wallets, dramatically enhancing security against physical threats or coerced access.

1. Plausible Deniability

Hidden Wallets

If you enter no passphrase, or a different one, a completely different wallet will load. You can use this for plausible deniability—loading a "decoy" wallet with minimal funds while your main funds are secured behind a separate passphrase.

2. Touchscreen Input (Model T)

Zero Keyboard Exposure

The Model T's touchscreen allows both the PIN and the Passphrase to be entered directly on the device, ensuring neither key ever touches the potentially malware-infected computer. This is the gold standard for secure access.

3. Signing Transactions

Confirmation Required

Even after accessing your wallet, any outgoing transaction requires you to physically confirm the recipient address and amount on the Trezor's screen by pressing a button or tapping the screen. This final step prevents silent malicious transfers.