Finding the correct official download page

Type the official Ledger website URL directly into the browser address bar. Not a search result, not a link from any message. Type it manually, verify the domain character by character, confirm the connection is HTTPS before proceeding.

The real page loads without pop-ups, without requests for wallet information before the download starts. If the page behaves differently, close it and start over. The official website links exclusively to downloads hosted on its own infrastructure: any redirect to a third-party domain during download is a strong indicator of a compromised page.

Selecting the right version for your system

Windows 10 and 11 on 64-bit: use the Windows installer. macOS from 10.14 onward: use the macOS version. File size around 80 to 120 MB depending on the platform.

For mobile: iOS through the App Store, Android through the Play Store. Verify the developer account is Ledger SAS before installing. Do not install from APK files.

Step two can begin immediately after step one installation completes. The only delay that matters is allowing the installer to finish fully before connecting the hardware device. Connecting the device before installation completes may trigger USB enumeration before the driver is ready on Windows, causing a detection failure.

Running the installer safely

Before running the installer, compare the file hash against the SHA-512 checksum published on the official release page. Windows: PowerShell, Get-FileHash. macOS: Terminal, shasum command. Matching hashes confirm the file is unmodified.

Run the confirmed installer, follow the standard dialog for the platform. On macOS, move the app to Applications before launching and approve the Gatekeeper prompt on first open. After installation, check the version in Settings and install any available update before connecting hardware.

Connecting the hardware wallet for first login

Open the app first. Then connect the device via USB-C using the cable from the box. That order matters: connecting before the app is running sometimes causes detection failures that resolve immediately with the correct sequence.

The app detects the hardware and launches a setup flow for new devices, or loads accounts automatically for previously configured ones.

Funds should only be deposited after both steps are fully confirmed, including recovery phrase backup. Funding before step two is complete puts assets at risk if setup is abandoned before completion.

Device PIN setup and confirmation

For a new device, PIN setup happens on the hardware screen using the physical buttons. The device prompts for entry on its own display, then asks to confirm by entering the PIN a second time.

After PIN confirmation, the device proceeds to recovery phrase generation. Write every word on paper in exact order. The device confirms several words before proceeding: do not skip this step. That phrase is the only recovery path if the device is ever lost or wiped.

Completing the first authenticated session

After initialization, the first authenticated session opens. Device connected, PIN confirmed on hardware, app unlocks and loads the portfolio. For a newly initialized device, the dashboard is empty until accounts are added. The session stays active while the device is connected and unlocked.

Both steps can be completed without internet access for the cryptographic operations: those happen on the device. However, step one requires internet to download the installer, and step two requires internet to sync account balances.

Adding accounts immediately after login

Navigate to Accounts and add entries for each asset being used. Select the blockchain, follow the prompts, confirm on the device. Each takes about thirty seconds. Bitcoin and Ethereum are separate entries. ERC-20 tokens appear under Ethereum automatically. No limit on accounts.

Navigating the dashboard on first use

Main screen: total portfolio value at the top, individual asset balances below, recent transactions on the right. Left panel handles account navigation. Everything within two or three clicks from the home screen.

Sending and receiving on the same session

Receiving: navigate to account, click Receive, copy address, verify it matches the device display, share it. Always verify on the hardware screen before giving the address to anyone.

Sending: select account, enter destination address, set amount, review fee, confirm on the device. The hardware screen shows transaction details independently: verify there before pressing the physical confirm button.

Device not detected after download and install

Four checks in order: cable, startup sequence, USB permissions, USB port. Use the original cable from the box. App running before device connected. Verify USB access permissions in the operating system. Try connecting directly to the computer rather than through a hub.

App crashes after first login attempt

Crashes immediately after a fresh install usually mean a version mismatch between the installed app and device firmware. Check the app version in Settings, install any available update, retry. If the app shows as already current, re-download the current installer from the official page and reinstall.

Firmware version blocking app access

A device unused for several months may have firmware that no longer matches what the current installer expects. The app displays a firmware update prompt when it detects the mismatch: follow it through the Manager section. Firmware updates take about five minutes.

Download source security

Fake installer pages have appeared in paid search placements looking identical to the real thing. The domain is slightly wrong. Users who do not check carefully install malware that waits for a hardware wallet to be connected.

Type the URL manually. Verify the domain. Check the file hash. Those three steps together eliminate the primary risk vector for compromised software installation.

Login session interception risks

The hardware authentication model removes most remote interception risks. No credentials are transmitted over the network. No session token persists on the computer. The residual risk is address substitution: malware that modifies clipboard content can replace a copied address. Verifying the destination address on the device screen before confirming any transaction eliminates this.

Post-login security hygiene

Keep app and firmware updated when notifications appear. Use the original USB cable. Verify destination addresses on the device screen for every outgoing transaction. Never enter the seed phrase into any app or website after initial device setup.