Trezor Model T with Daedalus

Hello All!
I have read and watched instructions on how to connect a Trezor to Daedalus. I have a few questions before I do this, hoping someone knows this backwards/forwards…

  1. Can you please explain how this makes your Ada safer than just Daedalus alone. Is the idea that now you have a second device which has it’s own passcode, and once Deadalus is paired with a hardware wallet, you can’t first open Daedalus without connecting the device? Once connected, do you still need to use your spending password to send Ada, or you only need your Trezor password, if you have one (it’s optional as you may know.)
  2. Are things like private keys somehow vulnerable on Daedalus alone, where using an additional hardware wallet eliminates this vulnerability?
  3. What if my Trezor malfunctions/breaks/gets lost-does this mean I no longer can access my Deadalus wallet? Would I then have to restore my Daedalus Wallet with my key words in order to access it once again without needing the Trezor it was last paired to?
  4. Is there a way to keep the functionality of Daedalus-like using it to stake/spend, etc, while having Trezor paired to it, where the Trezor’s only function is to serve as security of not being able to access Daedalus without it and nothing more? Like a second padlock.
    Lastly, I have found that anyone can open Daedalus on your computer and delete the wallet without first knowing the wallet spending password, which is not requested when deleting the wallet. Is there a good reason for this? If somehow your seed words were lost, and someone happened to just delete your wallet, you’d be done. Thanks for any help with ALL of this!:slight_smile:

The main advantage would be that the mnemonics (and hence, private key)for your hardware device will not have entered any digital form (thus, cold) - unless you enter it on digital medium. Secondly, assuming your seeds are safe, you’d still have to confirm any outgoing transaction on your physical device.

They’re only as unsafe as user device and his management of the private keys. The same also holds true for your offline device (tho there are ways to extend the security by using plausible deniability).

As long as you have the seed(+passphrase if enabled) from hardware device, you can always restore access to your wallet - be it via an emulator , or by replacing hardware device and using the seed from hardware device to restore. Ideally, you should not enter seed on digital medium, unless you’re doing it to simply vacate the wallet.

You can always have two wallets, a hot wallet and a cold one - for your small expenditures.

That would sound like security on your machine isnt tight enough, and yes - having that issue (not sure if intentional) is probably a good thing so that you can either tighten the security or use better measures.

Losing your seed should not really an option. When using a decentralised wallet, you elect to be your own bank - and thus, enforce security/backup mechanisms responsible for your funds.

1 Like

Thank you for your reply. Unfortunately, there is substantial clarification still needed for me. Sorry if I’m less advanced.

  1. When you say the mnemonics will not have been entered digitally, is that not the same for Daedalus, where you only type a few letters of each word then click on the right one, so you haven’t really entered? Similar for Trezor when you confirm seed words without fully typing them.

  2. “Only as safe as user device and management of the private key.” I’m still not sure what the private key is or where to find it. Is there one within Daedalus, and am I supposed to have that written down somewhere?

  3. I don’t understand your answer to the “Trezor malfunction” section. Let’s say my Trezor no longer functions, how do I regain access to my Daedalus Wallet that was connected to the Trezor? I need the Trezor seed key? Or were you referencing the Daedalus seed key? Sorry just don’t understand.

  4. Can I use Trezor simply as a secondary authorization, but without creating a Trezor wallet within Daedalus? Where In order to access Daedalus I connect Trezor and enter it’s passcode, then my Daedalus opens and functions as it does now, only difference is then needing to confirm sends or other functions, by confirming on my Trezor before I can finalize the action in Daedalus. Is this making sense?

  5. Need help with the deleting of Daedalus. In other words, let’s say my machine is on and open, and I decide to go to another room. My kid comes in, decides to open Daedalus and figures out how to delete it. I was thinking that like spending, that is an action that should require the spending passcode, some kind of security measure. Maybe there’s a way to set that so it can’t just be deleted without first applying the spending password. Does this make sense?

  6. I agree with you on being responsible for your funds. I just think about worst cases and what could be set up to maybe offset the worst cases, even if by a fraction.

Thank you so so much, I hope my questions make sense!



Not really, when you generate (to read mnemonics when you create) OR enter (to restore) - you have those seed already ‘online’ on a machine connected to internet. The same is not true for offline device list ‘Trezor’. Besides, master key (even if encrypted) for hot wallet remains on the machine where Daedalus is, that’s not the case for hardware wallet.

You might want to read here to understand about wallet and private keys. In case of hot wallet , your private key (generated from 24 word recovery phrase) is saved in encrypted (using your spending password) on your machine at %AppData%\Daedalus\wallets folder.

You would do that on your trezor (physical device) using instructions here

No , you cannot - and that does not make sense. Reasons are in support-faq link replied to in point #2 and answer provided on point #1

Yes, replace “kid comes in” with an electrician/mechanic at your place for repair works and you kept your machine open while trying to get a wallet from other room. No point protecting ability to delete if your machine is available for others to download/send something from your machine (spending password might be more easier to guess if not strong enough - or if generated via Password Manager and Password Manager in itself is open).

1 Like

Thank you rdlrt for your time in helping me with all my questions. really really appreciate. Hope it helps others…

Thank you every1 for this post, it really helped me a lot too.

I have a last question. I guess that in order to recovery the Daedalus wallet i have to:

  • restore the Trezor’s wallet with its seed phrase.
  • Download the Daedalus mainnet
  • Pair it with the already recovered Trezor wallet.

is that right? then I wonder, what if I die? I mean, I know the Daedalus wallet is paired to my Trezor T. I know it is, because in the Daedalus appears my Trezor’s wallet as the wallet, but it has not his own seed phrase, since it is in the Trezor. That means, that if I die, my family can have all my seed phrases and the different wallets they’re associated too, but if they recovery the trezor’s, it doesnt tell them about the existance of the Daedalus wallet associated to it, right?

Thank you in advance!

PD: I dont pretend to die soon.

You seem to have have two wallets … the 24 seed wallet is a Daedalus Hot online Shelley wallet .
Your 12 word seed is for your Trezor -T Cold wallet .

I initially made the same mistake , took me some time to figure it out

You can recover your Trezor wallet on any BIP39 compatable platform.

You can see your Trezor-T account on the site at any time so if you die your relatives can find your account easily

Thank you Carmen for your answer

But no, i think my Daedalus wallet is NOT an online one. I do not have any seed wallet for it. I created it paired with the Trezor following instructions. I also believe its paired with my Trezor T, because in the name of the wallet appears the symbol of a hardware.

The thing is, I manage the Trezor with Trezor Suite, and neither the Suite, neither, show any external wallet paired to it (like Daedalus in this case).

So if someone (not me) recovers the Trezor, will this someone know about my other funds in the Daedallus?

And also, my real concern is that the Daedalus Mainnet was installed in the PC. I have to syncronize the Mainnet with the blockchain each time I open the Mainnet. Being the wallet on my PC is riskier than being online.

Any enlightenment will be so much appreciated.