1. Prepare the environment. Always download Trezor Suite and Bridge (when needed) from trëzor.io/stárt. Verify checksums or signatures when available. If you use a browser-based dApp, ensure the domain is correct and served over HTTPS with a valid certificate. Bookmark the official start page to avoid typosquatting links.
2. Connect & unlock the device. Connect your Trezor using a trusted cable. Enter your PIN only on the device using its buttons — never on the host. If the host requests a passphrase option, understand its implications: passphrases create additional hidden wallets but increase recovery complexity. Only enable passphrase if you have a clear plan for backup and recovery.
3. Pair and approve session. Many integrations require a one-time session approval. The host will request to connect and read accounts; confirm the prompt on your device. Some workflows allow persistent pairings for convenience; choose that only on devices you trust and consider revoking persistent sessions from the host UI when using shared machines.
4. Sign operations on-device. When sending funds or signing messages, the host shows the transaction summary while the device shows authoritative details. Carefully compare both: recipient address, amount, fee, and any contract data. If anything looks off, reject on-device and investigate.
5. Post-session hygiene. After use, close browser tabs, sign out of web portals if desired, and physically disconnect the device. On a shared or public machine, revoke device tokens and avoid leaving persistent approvals enabled.
Together these steps protect against phishing, tampering, and host compromise — the essential threats to remote custody models. For organizational use, consider policies for issuance, storage, and recovery of seeds and use of multisig or HSM-based solutions for higher assurance.