Enhanced Security with Trezor Safe 3 - Hardware Wallet
The new Trezor Safe 3 Hardware Wallet is now even more secure with the addition of a Secure Element. This extra layer of security not only protects against physical attacks on your Trezor, but also plays a crucial role in verifying the authenticity of your device.
How does device verification work?
During the Trezor Safe 3 manufacturing process, a unique certificate is issued to each new Trezor before it leaves the production line. This certificate is stored in the Secure Element. When setting up your device:
- Trezor Suite generates a random challenge which is then sent to the Trezor Safe 3.
- In response, the Trezor Safe 3 uses the Secure Element to sign this random challenge and returns both the signature and the device certificate.
- To confirm the authenticity of the device, Trezor Suite verifies the challenge signatures and the signature on the certificate.
Trezor has made every effort to implement robust measures to protect your privacy. During the authentication process, the device certificate is checked exclusively by Trezor Suite and deleted immediately afterwards. It is of utmost importance to note that this certificate is not sent anywhere else and Trezor Suite does not store any part of it.
Is device verification mandatory?
If you only use Trezor Suite with official Trezor devices, do not disable this check. This feature is a security measure designed to protect you from using potentially fake or compromised devices. Users can choose to disable the device authentication process, but we strongly advise against it.
The authenticity check should only be disabled if you want to connect unofficial devices to Trezor Suite, such as home-made models.
If you are absolutely sure that you want to disable the device control feature, you can do so under the Settings tab in Trezor Suite.
Are there privacy concerns associated with device authentication?
No, because the device certificate is not tracked or stored anywhere. It is only checked by Trezor Suite and then immediately deleted. It is not sent anywhere, which means your privacy is always guaranteed.
