TREZOR is a hardware wallet providing the highest level of security and convenience for a common computer user.
Unlike a cold storage (offline storage or paper wallet), TREZOR is also able to sign transactions. That means spending bitcoins is secure without exposing your private keys to a potentially compromised computer.
TREZOR Hardware Design
TREZOR is a small USB device with a display and two buttons.
It connects to a computer via a USB via protocol that allows only to send a transaction template to the device and protects the wallet against malware.
The display allows the user to visually verify the payment address and the amount to be sent. In order to proceed the transaction, a physical human interaction (pressing the button) is required.
TREZOR Software Design & Security
TREZOR uses hierarchical deterministic wallet creation (BIP 0032) which makes regular backups of private keys unnecessary.
When first initialized, a mnemonic code of 24 words, the recovery seed, is created. In case the device gets lost or stolen, the user can recover the entire holdings including transaction history into a new device or other compatible wallet, using the recovery seed.
A PIN is set by the user during the setup. It protects TREZOR against being used by unauthorized persons. The wallet creators have invented a secure way of entering the PIN that can't be logged and misused.
Another level of protection is the encryption passphrase which protects the device in case of seizure. Multiple passphrases can be used for plausible deniability.
TREZOR needs an online wallet or a desktop client as an interface that broadcasts the transactions signed by the device to the blockchain.
In order to send coins or change the basic settings, the device needs to be connected to a computer with a micro USB cable.
In order to receive coins there is no need to have the device plugged in.