Skip to Content
DocumentationDesktop ApplicationPIN

PIN

Your KeepKey PIN protects the device from unauthorized physical use. You set it during onboarding, and you can change it any time from the desktop application’s settings.

Scrambled entry

When you enter your PIN, the device shows a randomized 3×3 number grid on its screen. Something like:

7 4 1
8 2 6
3 9 5

The desktop application shows a blank 3×3 grid in the same layout — no digits. You click the positions that correspond to the digits of your PIN on the device screen.

PIN entry

The layout shuffles every time you unlock the device. Because the desktop app only ever sees positions, not digits, anyone watching your screen — whether over your shoulder, via a screen recording, or through malware — learns nothing useful. The same sequence of clicks means something different the next time you enter your PIN.

Why scrambled entry matters

Traditional PIN entry is vulnerable to shoulder surfing and screen recording. If an attacker watches you type 1234 once, they know your PIN. Scrambled entry defeats this: the attacker sees “top-left, top-middle, bottom-right, middle” — and next time that sequence means something completely different.

Choosing a PIN

  • Between 4 and 9 digits. Longer is stronger, but only if you remember it accurately.
  • Not 1234 or your birthday. Don’t use something an attacker can guess.
  • Something you’ll remember. If you forget your PIN, the device wipes itself after too many wrong attempts and you’ll need to recover from your recovery phrase.

Changing your PIN

From Settings → Security → Change PIN, the desktop application walks you through replacing the current PIN with a new one. The scrambled-grid entry still applies. You’ll need to enter the current PIN once to authorize the change.

Removing the PIN

You can remove the PIN entirely — but don’t. A KeepKey without a PIN has no protection against physical theft. If someone picks up the device, they can use it to sign transactions and drain your wallet.

If you really need to remove it (for example, to set a new one that’s completely different), go to Settings → Security → Change PIN and choose “Remove PIN” in the flow.

  • Onboarding — setting your PIN during setup
  • Settings — all security settings in one place
Last updated on
Recovery PhraseVerifying Transactions