Hardware security

First, thanks to the developers for a truly awesome product. This device has increased my digital security a million fold!

My question is what protection (other than the PIN code) does the OnlyKey offer against an attacker with physical access to the device?

Is there a way with special equipment that an attacker could use to extract the passphrase without needing to know the PIN?

I’m thinking of the analogous situation with a Trezor wallet that has an optional passphrase, not stored on the device, that protects the seed in the event that the device is stolen.

With both devices, the PIN protects the devices, whereas the optional Trezor passphrase protects the seed.
So what does OnlyKey offer in this situation?

Thank you.

Great question, we have the full details for hardware security here - About Security | Docs

I would say that the Trezor passphrase is a good additional layer of security. However, this means that the user has to enter a passphrase every time they want to use that device. This a usability issue as most users would not be willing to enter a 30+ character passphrase + PIN code each time they want to unlock their device. Additionally, a passphrase entered via a computer keyboard is not secure like entering a PIN on a device itself, as any malware could easily obtain passphrase. OnlyKey’s PIN is entered on device where this can’t happen.

Is there a way with special equipment that an attacker could use to extract the passphrase without needing to know the PIN?

There are no devices out there that are invincible to physical attacks. Here are some recent examples:

Thanks for the reply and those very interesting articles.