My experience with the Trezor hardware wallet: so far, so good; a few improvement could be made as well

I bought one last week to protect my cryptocurrency. I wanted to make sure it was recoverable, so first I sent a small amount to it, after setting it up, then wiped it! Then recovered it, and the funds were back. So it's safe, and I stored my savings to it.

Unboxing

There's the hardware wallet device, and a short USB cable -- it really could have been a bit longer; it was difficult to lay flat on the desk and use with the laptop, and I'd imagine it'd be even more difficult with a desktop. Two blank cards to fill the 24-word recovery in, and brief instructions.

Really Bad First Impression, Documentation-Wise

I really want to give a glowing review, but it was quite difficult to get started. The device, and docs, say to go to http://trezor.io/start, but it's not easy to determine that I need to install a Chrome plugin first in order to communicate with the device. That could be made much clearer.

I had to search to find what to do. Which, at least, I was able to do!

Interesting UI

In order to defeat keyloggers, they implemented an interesting user interface, which allows you to use the device even on a compromised computer! That's pretty neat.

It shows a number grid like on a phone (just 1-9, so, 3x3) on the device, with the numbers in random places. On the screen, you click the buttons corresponding to the numbers on the device, to input your PIN. Then it randomizes the numbers on the screen again, and you enter the PIN a second time.

So, someone who had previously hacked your computer wouldn't get the PIN, since they wouldn't see the device's screen, even if they had installed screen-recording software. I suppose they could also try recording the camera, but two pieces of electrical tape fixed that for me. Not on the phone though, but, that's another story. :)

Sending Bitcoins was Almost Immediate!

I sent a small amount of Bitcoin to test it out. The coins arrived almost instantly, which was nice to see. Then I wiped the device, and started over.

Another UI failure -- the button to "Recover" is way over to the right (in the browser's UI), so at first I went through another set of 24 words (you click a button on the device to proceed; it has two buttons, and a screen), to find that I can't recover at that point, so had to wipe it again and then click that obscured button, and proceed.

More Keylogger-Defeating UI

To recover the device, you have to enter the 24 words you saved, and it then recreates the private key from them. From reading about this, apparently only the first four letters of each word are necessary. It asks for the words on the device in a random order, i.e., "Enter the fifth word on the list", then in the browser it predicts the words fairly well; generally, I've needed to type three characters before the right word appears in the list under what I'm typing. Then I can click on it. So a keylogger wouldn't necessarily be able to reproduce those actions in order to hack into my wallet, as even after three letters entered, most words still had three or more options.

Hack into the blockchain, that is. They don't need physical possession of my wallet in order to deprive me of coins. I, in fact, proved it with the above! All they need is those 24 words (or, 24 x 4-letter chunks) to enter into any other device, and they'd be able to send my coins somewhere else, i.e., steal them from me.

So the threat of a keylogger is very real; it could be delivered as malware. I have read reports of malware which modifies cryptocurrency addresses in the clipboard. In other words, for instance you want to send some coins to an exchange to do some trading, you click on the exchange's website to get to the deposit address, and then copy it; you then paste it into your wallet.

The malware pastes the malware author's Bitcoin address into your wallet instead! So, if you aren't careful and compare them (I always do!), then you might lose the amount you're sending.

When I verify, I don't look at the entire address; I just verify the first four-to-six and last four-to-six (whatever's easiest to remember), so it's easy to do with a few glances. Sure, this isn't as secure as verifying every digit, but the chances of creating a similar address are very low -- they'd need a lot of computing power in between copying and pasting in order to do that. Perhaps if they've got a compute farm they can send the address to, but otherwise unlikely on a garden-variety laptop.

Even Better Exists

I read, while researching how to do the recovery (which as I mentioned I shouldn't have had to do -- their documentation could be improved), that there exists an even more advanced version where you enter the words without using the keyboard, similar to how you enter the PIN but of course with a lot more clicking. I didn't test that feature.

Haven't Tested Sending

As I'm typing this up, I realized that I haven't tested sending any coins out of the wallet. I'm somewhat reluctant to, as there's a fee with each send.

Store Safely!

It's now in a safe place, as are the 24 words. And, it's best to never "type" those words -- only write them down on the two cards provided (or other paper). And don't take a picture of them with your phone or other digital camera, as it might "leak". Any camera, really; if you send the negatives out to be developed, they might be intercepted then. An old Polaroid would be okay, since it has self-developing ink. But really, just write it twice, and keep each copy in a separate safe location.

Separate buildings if possible, in case of disaster. Fires happen.

Enjoy!

Thank you to @fishyculture for inspiring me to create this post! :)

---