1-Basics
Pin

What are ciphers? And why are they important?

All KeepKey devices are protected with a PIN as a barrier to entry for that specific device. The PIN is a combination of up to 9 numbers that you select after initializing your KeepKey. A PIN protects your device against malware and malicious software on your host machine.

The KeepKey was designed in a way that assumes the host machine it is communicating with is malicious. It requires user on-screen verification and approval for all actions.

Note: Any hardware wallet that does not have a screen is insecure! The most important part of a hardware wallet is the ability for a user to trust the data presented to them. The security of a KeepKey lies in the offline and secure connection of its memory/processor to its screen.

You can select a PIN between 1–9 digits — We recommend a PIN length of at least 4 digits.

You will see a randomized, scrambled keypad on your KeepKey display.

Scrambled Keypad

Note: The PIN is displayed twice and inverted to defeat malware that was designed to count the pixels via USB resistance. This inversion protects your device by guaranteeing the amount of pixels that are lit match those that are not, making it impossible for malware to view your screen or guess your PIN during pin entry.

Understanding Pin-entry:

Pin-entry example

For example, if you’d like to choose the number "1," you would have to click the top middle box.

Even if your KeepKey is plugged in, it cannot be accessed without the correct PIN. In addition, the number placement is re-scrambled at random each time you connect your device, so even a key-logger cannot decipher your PIN because the numbers are only shown on the device.

You can enter your PIN with confidence on an infected computer. Even if your computer became infected with malware or spyware (such as key-logging software), your PIN would remain safe.

Let’s look at the cipher. This will change every time you use your KeepKey. Your PIN is limited to nine digits. If you are trying to use a PIN longer than nine digits, please note that the device only recognizes the first nine entries.

Cipher Example

After you choose and confirm your PIN (remember: the cipher will change before the confirmation screen), make sure to look at your KeepKey screen again.

The scrambled number placement is only shown on the KeepKey device itself.

Important: Never share your PIN or recovery sentence with anyone.