Topic: How many failed PIN attempts does Trezor Model T wallet allow? (Read 203 times)

I do recall your response to me at that earlier time.  My repeated attempts here are to make sure that those users caring enough to come here and learn, have in fact read that these enhancements are available.  Users don't need to be confined to using trezorctl on a daily basis while they use their hardware wallets.  You are CORRECT that the power features offered by trezorctl cannot be initialized on web wallets.  BUT after enabling these features (using trezorctl) a user can wander around on Androids with mobile capabilities enjoying their web wallets while still be protected by these features.  You only need the command line powers to enable not to use!  e.g. - Electrum and trezor.io work perfectly well and these powers/features don't interfere at all.  I know you are aware of that Rath, I placed this post/rebuttal here so other readers might consider their options.

Housekeeping:   The Trezor/GitHub team(s) have put some work into making sure Trezors are secure.  If people don't enable their devices to maximize its capabilities and something like a coin loss happens (from not being fully enabled) then at least know they did their job.  I hope Trezor users that are here in this forum will consider this.  In the end, if you decide NOT to pursue this, at least employ long passphrases using BIP enhancements.  I say do both, its what I do for sure.

In addition to what Rath and HCP posted above:  the "timer" on those error attempts won't negate when you disconnect the hardware device either.  According to the Rath's chart above; after 12 errors the reset time is 2048 seconds.  You have to leave your Trezor connected for 2048 seconds before you can enter the 13th attempt.  I believe if you unplug the the 2048 seconds starts over when you re-connect, although I haven't examined this myself.  It would be easier for me to reset my Trezor than wait for hours and hours (attempts 14-16).  I can fully recover my Trezors in well under 10 minutes, but I have done extensive testing and I don't have any fears throughout the process.

That is correct... the incorrect PIN counter is only reset once the device is unlocked correctly with the correct PIN (or the device is wiped).

1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768 seconds for each attempt respectively. After the 16th attempt, the device is wiped.


As far as I know, the failed attempts reset only if you enter the correct PIN.

I have a question regarding these delays that Trezor has in connection to the PIN entry. Each time you enter a wrong PIN, they will make you wait a bit before your can try again. How big of a waiting period are we talking about? And one more thing. Do the failed attempts reset to 0 after some time has passed? Let's say I used the wrong PIN 10 times. Will those 10 wrong attempts still be valid after a day/week/year?

I have already pointed out some time ago in a reply to one of your posts that it won't be that easy for the majority of Trezor owners. Both of these features cannot be enabled in neither the web interface nor Trezor Suite (yet); trezorctl is required. I highly doubt that an average user knows about these features and the vulnerability affecting their device.

I would like to add something to this thread.  As some here know, I am a coder and pursue Trezor specifics.  On the subject of "attempts" to enter a PIN there is an item that many non-power users may be unaware of.  Your Trezor T will show 16 attempts on the screen when you start entering codes.  For power users with SD protect enabled things change from normal.  Many folks are concerned that someone may pick up their Trezor and start entering PINs recklessly (spouse, child, etc....).  I don't know why anyone would leave a Trezor T laying around but it happens in home offices.  Enter enabled SD protect.  Now have it known that entering PIN attempts don't even record at all IF the SD card is missing/hidden.  In such an event you will see SD card errors and then the screen will STILL show 16 attempts.  Without the SD card, which encrypts the contents of the Trezor, the PIN code attempts simply cannot be registered.  However (and I have tested this many times); if a power user also enables a PIN wipe code, the Trezor T will wipe the device if that code is entered whether or not the SD is present in the device.  The code is written in a way that the PIN wipe code is beyond the SD protect, which is a great thing!!

As a side note just in case Trezor T users are unaware.  MY opinion is that you should not use a Trezor T without enabling SD protect and PIN wipe.  It takes seconds to employ those features.  Remember that SD protect means your SEED is encrypted completely so regardless of who physically holds your hardware wallet they CANNOT by any means ever acquire the SEED.  You simply conceal the super small miroSD or in my case wipe (not simply delete) the small file, which you can write back to it in under a second.  [Safe storage of that small file is a subject for another thread].  For PIN wipe use your home address, last 4 of your phone number, etc.....  then simply tell someone that code, they enter it and boom totally wiped device.

It was never clear to me why the Trezor determined the number of these attempts in such a large number, because it happened to me that I entered the wrong PIN only once, but after that I was much more careful, and I no longer have that problem. If someone enters the wrong PIN more than 3 times, then it is very likely that they have the wrong PIN, and that the result will be the same after 16 attempts. Since people often put in a PIN that is the date of their birth, or someone close to them - the more attempts available, the greater is the chance that someone will be able to unlock the device.

However, considering the vulnerability of this HW, the PIN is something that can be easily cracked in less than 5 minutes, so you should be very careful that the device does not fall into the wrong hands without a passphrase or SD card protection.

They were probably all correct at some point...

Note that the story from wired is a number of years old (29th October 2017)... that's before the Model T was even released (~26 February 2018)... and was for the older Trezor ONE model. Same with the reddit thread that you linked... it's 6 years old. Hence, the different system used.

Oh I missed that...    I need my Clark Kent glasses

That was supposed to be a joke. Take a closer look at the small text under the links.

Why would you say in public exact amount of Bitcoins you have and want to store on Trezor or any other wallet?
That's never a good idea to say.
I know that ColdCard have 13 failed PIN attempts and after that it becomes a brick, and ledger only resets wallet after 3 wrong pin attempts.

It is just like the Trezor wiki says - your device will be wiped after 16 failed attempts. Each time you enter a wrong PIN, the delay increases twofold. By the way, since you have the model T, you might be interested in the SD card protection feature. It helps to mitigate the unfixable seed and PIN extraction attack.

I just bought a Trezor Model T hardware wallet to store 10,127 BTC.

I wonder how many failed PIN attempts are allowed before this device wipes itself out or locks up indefinitely? On Trezor Wiki it says 16 times then Trezor will wipe out data, but Google search returns different answer. Some Redit posts say there is no hard limit but after each failed attempt the delay time increases exponentially, and at some point the time is like infinity. There is also a story on wired.com about a guy forgetting his Trezor PIN and each time he failed the delay got longer. So which answer is correct?

https://wiki.trezor.io/PIN#:~:text=ImportantAfter%2016%20incorrect%20attempts,use%20of%20your%20recovery%20seed.
https://www.reddit.com/r/TREZOR/comments/2l9do0/trezor_pin_entry_number_of_allowed_attempts/
https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

(No I don't have 10,127 BTC. It's a joke :=)))  )