Step-by-step: What to do first
Inspect the packaging. A genuine device arrives sealed. If the seal looks tampered with, stop — contact official support immediately. Treat the hardware device like a secure key: physical integrity matters.
Power & connect safely. Use the supplied cable and, when possible, connect to a clean system. For the initial setup prefer a personal laptop you trust. Avoid public or shared computers for initializing wallets and recovering seeds.
Create a PIN. The PIN is your first line of defense. Enter it directly on the device screen (not on your computer) and memorize it — do not store it digitally. Longer PINs add protection against brute-force attacks.
Record your recovery seed. Your seed (24 words or custom length depending on model) is the master key to your funds. Write it on the included card or a fireproof metal plate. Do not store the seed online, as a photo, or in cloud backup.
Verify firmware & addresses. Use only official software (Trezor Suite or the official start.trezor.io endpoint) to check firmware signatures. When receiving funds, always verify the receive address on the Trezor device screen — malware can alter addresses displayed on your computer.
Use extra layers. Consider passphrases for advanced users — they act like an additional secret word that modifies the seed. Understand the trade-offs and securely document your chosen passphrase approach.
Everyday best practices
Keep your device’s firmware up to date, but only download firmware when you are on official channels. Re-check recovery backups yearly and store at least two copies in geographically separate, secure locations. If you ever suspect compromise, move funds to a new device with a new seed immediately.
By following these steps you’ll greatly reduce risk and be ready to sign transactions with confidence. Your Trezor® is built to keep your crypto keys offline and under your control — treat it as such, and it will protect your assets for years.
Open official Trezor® Start ➜