Author

Topic: Trezor hardware wallets can be used without verifying and backing up a seed (Read 178 times)

legendary
Activity: 2730
Merit: 7065
In addition, when entering a passphrase, Trezor Suite offers a field for entering it and a large button on the monitor screen, and the option to enter a passphrase on the wallet itself (Trezor T) is written at the bottom in small print, which you will not immediately notice.
Judging by your post, the passphrase can be entered both on the hardware device and Trezor Suite. Good to know.

The question arises? Or maybe it is beneficial for the company that their customers lose their seeds more often and enter passphrases in an insecure way? It's not stupid people who work there. I will not develop this topic further. Let everyone decide for himself why the company needs all this...
We are now walking into a territory where you are questioning the integrity of Trezor and their developers. It's been said thousands of times, but everything about Trezor is open-source (including the Trezor Suite). Those who know how to are welcome to check what exactly happens when you enter your passphrase in the app or on the HW.

I don't think Trezor will benefit from their users losing access to their crypto. It's not like there is a golden rule according to which coins can be considered lost and inaccessible (based on them not moving for a long period of time) so that Trezor can come in safely and simply take them. Again, due to the open-source nature of the codebase, something like that would be discovered sooner or later. Unless all the people and companies that have verified the code have no idea what they are doing and/or they are malicious actors. Sike Grin     
full member
Activity: 343
Merit: 167
Many people who buy a hardware wallet do not yet know how it works, much less why they need a backup copy.
In addition, when entering a passphrase, Trezor Suite offers a field for entering it and a large button on the monitor screen, and the option to enter a passphrase on the wallet itself (Trezor T) is written at the bottom in small print, which you will not immediately notice.
The question arises? Or maybe it is beneficial for the company that their customers lose their seeds more often and enter passphrases in an insecure way? It's not stupid people who work there. I will not develop this topic further. Let everyone decide for himself why the company needs all this...
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I personally have no problems with the way people will handle their money, whether it is something tangible or in the specific case with digital assets in the form of cryptocurrencies. What I have a problem with is that these same people don't blame themselves and their actions for their losses, but in most cases, they publicly say "Bitcoin is a scam", and all because they didn't make a backup or saved it in the wrong way.

I agree that people should not be forced to do something, but they should be warned several times about how important it is to act exactly according to the instructions. The option that allows someone to avoid the backup or not to verify their seed is bad in my opinion - because this way every user will save a few minutes of time, which is insignificant with the possibility that they wrote down the seed with one or more wrong words.
legendary
Activity: 2730
Merit: 7065
What gives you the right to tell people how to manage their money?
It's not about managing, controlling, or removing personal freedoms for the sake of being superior. It's about minimizing the possibilities of causing harm to yourself. Not backing up your seed is worse than backing it up. Not having an option to skip displaying and re-entering the seed for verification purposes (to ensure you backed it up correctly) is better than having one. My personal opinion of course.

If the users who lost money with the Coinbase wallet (the threads I linked to in my OP) could turn back time, do you think they would rather back up their seed or be in a hurry and skip it because there was an option to do that? If there wasn't, they would have been required to save the seed somehow. 

A few years ago, I was going back home from a club with a friend. In front of us, 3 other lads were doing the same. One of the guys was about to cross the street in front of a passing car when his friend grabbed him by the arm shouting watch were you are going dipshit (rough translation of what he said in our local language Grin). I am sure the guy doesn't mind being cursed at and having his personal space and freedoms invaded by a dominant friend who controlled him and maybe or maybe not saved him from being hit or killed by a car. 

True, but the point I was trying to make is that a person can make a temporary back they intend to immediately destroy after verifying they have made a backup, and there would never be a warning against not having a backup.
Yeah but that's just pure stupidity on their part. What you do with your backups is your decision. A piece of software or hardware (in this case) can at least require that you make that backup, re-enter the words to check the seed validity, and everything else is your own free will.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
People should have the choice to be able to make bad decisions.
We will have to agree to disagree then.  Wink
What gives you the right to tell people how to manage their money?

I can tell people I think they are making a bad decision, and I can tell people how I would manage specific situations when asked, but I have no authority over anyone to tell them they have to do something a certain way. I don't think you do either.

If someone is intent on making bad decisions, they could create a text file with their seed on their computer...
That's a bad way to manage your seed, but even a digital backup is better than no backup at all.
True, but the point I was trying to make is that a person can make a temporary back they intend to immediately destroy after verifying they have made a backup, and there would never be a warning against not having a backup. If having a backup is not required, it is unlikely that someone will create a temporary backup, so someone intent on not creating a prominent backup will choose the "skip backup" option, and receive appropriate warnings.
legendary
Activity: 2730
Merit: 7065
The seed phrase backup (like on paper) can only be verified if it is correct or not on the device, but the device can not display the seed phrase. The seed phrase can not be seen on the hardware wallet directly, except the physical attack on it.
Isn't there a difference between the old Trezor One and the Model T when it comes to the entry of the seed words? If I remember some older threads I used to read, one of the things people didn't like about the Trezor One is that the seed words weren't entered on the hardware device but through the software on your computer. With the Model T that changed and the seed words never leave the screen of your device, meaning you can't see them on Trezor Suite and your PC. 
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
That wouldn't be a reason why I would not use a Trezor. Proper seed backup is something that should be practiced by the users and people should know the dangers of not backing up a recovery phrase with or without that option. But I would prefer keeping mistakes to a minimum.
Agreed, you are right. But I did not mean that I can not use Trezor, but just saying I may not recommend it, I know I have to backup seed phrase. So, I can use it as well. But I will just take it that Trezor is a recommendable wallet because it is completely open source.

I doubt Trezor allows you to display your seed after the initial setup and onboarding process, do they? That should be the only time the seed is displayed to you. At least that's how it works for Ledger. You are only shown the seed when you create a wallet.
That is true. Trezor is also a hardware wallet, seed phrase are not displayed. The seed phrase backup (like on paper) can only be verified if it is correct or not on the device, but the device can not display the seed phrase. The seed phrase can not be seen on the hardware wallet directly, except the physical attack on it.
legendary
Activity: 2730
Merit: 7065
If using it and I saw that you can use the the wallet without seed phrase backup, I may not really recommend it anymore
That wouldn't be a reason why I would not use a Trezor. Proper seed backup is something that should be practiced by the users and people should know the dangers of not backing up a recovery phrase with or without that option. But I would prefer keeping mistakes to a minimum.

Looks like it's the nmemonic (seed) backup you can skip and not the seed creation part?
Good catch, thank you. The phrase and the keys do get generated, you just have an option not to back them up. I will make some corrections to the OP.

What I know about other wallets is that once you skipped the seed phrase backup, the seed phrase will not display for you to see unless you later check it on the wallet for backup.
I doubt Trezor allows you to display your seed after the initial setup and onboarding process, do they? That should be the only time the seed is displayed to you. At least that's how it works for Ledger. You are only shown the seed when you create a wallet. 

People should have the choice to be able to make bad decisions.
We will have to agree to disagree then.  Wink

If someone is intent on making bad decisions, they could create a text file with their seed on their computer...
That's a bad way to manage your seed, but even a digital backup is better than no backup at all.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
But I would be happier if the option to skip backups wasn’t there at all.
I disagree.

People should have the choice to be able to make bad decisions.

I would also note that removing the "skip backup" button does not actually force someone to make a proper backup. If someone is intent on making bad decisions, they could create a text file with their seed on their computer, or they could write down their seed, and immediately throw it away. The "skip backup" button at least allows for the opportunity to warn the user of the dangers of not having backups.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Looks like it's the nmemonic (seed) backup you can skip and not the seed creation part?

I skipped backing up my phrase for a while as I was just playing with the wallet to start with. I think it's likely that option is in place because they might've had bad ways of backing up your wallet and it was safer to skip the backup steps after you copied down all of the nmemonic (to skip any verification steps of there were any that weren't just on the device).
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
That was of the reasons I hate Coinbase noncustodial wallet, but there are more about its disadvantages.

I tried to research about some wallets in the past and I saw many others that do encourage 'no seed phrase backup' before use, the last I remember was Coinomi which is also close source.

Trezor is one of the hardware wallets I like to recommend people because it is completely open source, but I am not also using the wallet. If using it and I saw that you can use the the wallet without seed phrase backup, I may not really recommend it anymore, or maybe I will just include that people should backup their seed phrase before anything else. It would be good if Trezor can change this, it is highly not recommendable.

This can lead to easy means someone can lose his coins forever.
legendary
Activity: 2730
Merit: 7065
Not that long ago, I researched the TOS agreements and Privacy Policies of some of the most popular hardware wallet manufacturers. Trezor was one of them.

I noticed the following sentences in their TOS, which got me curious:

Quote
You may at any time after your Device initialization create a recovery seed – a chain of randomly selected words. Recovery seed enables you to recover the information stored on your Device. Without a recovery seed, you may not recover information stored in your Device and your wallet and your cryptocurrency coins stored in the wallet may be lost forever.
Source: https://data.trezor.io/legal/wallet-terms.pdf


That sounded like you could start using a Trezor HW and skip the seed verification process. We know that this is dangerous, provides a false sense of security, and can lead to losing your coins.

Here are just a few examples of what has happened in the past with the Coinbase wallet because people didn’t write down their seed phrases:

Coinbase Wallet - Is my $ lost because I pressed this one button (dangerous)?
Coinbase Wallet: Re-set Face ID, recovery phrase not saved
Didn’t store 12 word phrase for coinbase wallet

Since I don’t own a Trezor, I wasn’t sure how the initial setup works. In that TOS/Privacy Policy thread, dkbit98 posted a YouTube video of a guy setting up his wallet. This is the video: https://www.youtube.com/watch?v=qvvzJ8EHh5U. If you check the screen at 5:30, when the guy explains the seed creation process, you will notice a button in Trezor Suite that allows you to skip backing up the seed. 

Here it is:



Since I wanted clarification from an official source, I emailed Trezor’s customer service, and they confirmed it is indeed possible to skip the seed backup and verification altogether.



I hope no one has ever lost money because they were lazy to back up their seed, and I hope no one ever will. But I would be happier if the option to skip backups wasn’t there at all. Coinbase is one thing, but Trezor could do better.
Jump to: