Hello everybody. I started using Enjin yesterday, so I apologize if I'm being too noob.
I started playing Forgotten Artifacts to try how blockchain-based games work. It required to get Enjin Wallet, which is only available for mobile, so I installed it on my android.
I first created a new wallet and bound it to the game. It worked fine, but I wanted to play the game bound to my existing wallets. I was able to import my MetaMask account, by typing its seed. I was then able to unbind my game account from that first wallet and bind it to MetaMask-imported wallet, and alrdy received a few NFTs and saw then, cool!
Now I wanna try my Trezor T, I was glad Enjin Wallet lists some hardware wallets and wondered how it'd work. But then... it asks for my Trezor seed? Wait, what?
My Trezor seed is the most secret data I have. It was never ever typed on my PC or my phone. How come a wallet asks for it? This is a huge security breach. Somebody may not notice the breach and just type the seed, and then his Trezor will become useless, and he'll have to create a new wallet and move all his currencies and tokens from this violated wallet to the new one.
For anybody reading who doesn't know how a hardware wallet works, Trezor T comes with a lock on its USB 3.1 Type-C connector and with no firmware, that assures it wasn't violated, in example somebody buy one and create a wallet and keep the seed and then sell it and the buyer use that existing violated wallet.
We must visit Trezor website to install a firmware on it and then create a wallet. Its seed is shown on its display and never sent to our PC. We read the seed and write it on a provided paper and keep it safe. Once activated, Trezor is used with some compatible wallets, the wallet connects to it and it provides its public key. From that we can view our currencies and tokens on the wallet, receive payments. But to send currencies out we must have Trezor connected, so the wallet sends the transaction to it so it signs the transaction with its private key, which never leaves Trezor. And for signing a transaction it shows the data on its screen so we validate if it's not a fraud, and approve it.