Topic: PIN codes and Hardware Wallets - page 3. (Read 428 times)

While I know you are aware of this, newer members, or those new to Trezor Hardware wallets may not be:

The Trezor T Hardware wallet device has the capability to encrypt the PIN and the SEED.  I use that feature with my Trezors.  Its important to utilize software encryption, and I strongly prefer it to the notion that some devices have a "secure chipset".  If you believe that I want to sell you the Brooklyn Bridge, LOL!  Of course unrelated to this thread you should consider employing a passphrase to fortify your defenses.  NO hardware wallet stores passphrases so there is nothing to hack from the physical device along those lines of attack.

I am starting this topic as an exploration and research about PIN codes and how they work in various hardware wallets.
Not all hardware wallets are made equal, and nor all PIN codes work the same in hardware wallets.

What is PIN code?
- Postal Index Number or PIN code is usually a four to six digit number code, that was first introduced in 1972 by Shriram Bhikaji Velankar for Indian Post.
This year we celebrate 50 years since usage of PIN codes, and today we use them everywhere including in hardware wallets.

In hardware wallets PIN code is used as protection, and entering wrong PIN can create different results for different hardware wallets.
PIN codes can be hacked with right tools and equipment so don't consider them as ultimate protection for your devices.
Some wallets use regular Password instead of PIN, and they can use letters, pattern or biometrics like fingerprints.
Note that some hardware wallets can be bricked and permanently unusable if wrong PIN was entered specific amount of times!

Ledger wallet
Enter an incorrect PIN code 3 times in a row and device will reset after the third incorrect attempt as a security measure.
https://support.ledger.com/hc/en-us/articles/360017582434-Reset-to-factory-settings-?docs=true

Trezor wallet
Trezor hardware wallet will be wiped after entering 16 failed attempts, but delay time was longer each time you enter wrong pin.
https://wiki.trezor.io/Security:Threats

Coldcard wallet
Coldcard permanently bricks itself after entering wrong PIN 13 times!
https://coldcard.com/docs/

Passport wallet
Passport permanently bricks itself after entering wrong PIN 21 times!
The Secure Element includes monotonic counters that enable PIN attempt tracking, where the Secure Element will “brick” itself by no longer permitting login attempts if the maximum number of attempts is exceeded.
https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md

Keystone wallet
After 12 incorrect attempts using the pattern unlock option, users will be required to unlock their devices with the text password.
After 5 incorrect attempts to unlock your device with the text password option, the device will automatically wipe itself of all data.
If your device is wiped in this way, please be advised that your Keystone can only be restored with the recovery phrase. The system password can also only be reset by entering the recovery phrase.
https://support.keyst.one/basic-features/password

SecuX
If you enter the PIN incorrectly five times, it'll reset the device.
https://secuxtech.com/faq#wallet_device_issues

Ngrave
Ten wrong PIN codes results in the device wiping itself.
https://support.ngrave.io/hc/en-us/articles/4409603287185-The-wallet-doesn-t-recognize-my-fingerprint-how-do-I-access-my-wallet-

Jade
PIN entered wrong 3 times are locked out by the server.

---

This page is a work in progress.
Feel free to post your suggestions for new hardware wallets, and correct any mistake I accidently made.