All hardware wallets make tradeoffs between usability, security, and openness. Below is a brief explanation of the tradeoffs from the leading hardware wallet vendors.
Ledger’s hardware and firmware are closed source, with a closed source operating system running on the device. This makes it more difficult for security researchers to discover vulnerabilities that may exist on Ledger’s hardware. Many find Ledger devices difficult to use, as there are only two buttons to navigate and a small screen. And Ledger devices are not airgapped; they use USB and/or Bluetooth. This has been shown to cause certain vulnerabilities.
Trezor’s hardware and firmware are open source, but they do not use a security chip (more specifically a secure element). This means that an attacker can extract the private keys in only 15 minutes with commonly available hardware (this can be mitigated by using a strong passphrase). Trezor’s Model T is easy to use due to the capacitive touch screen, but makes clear security tradeoffs as the screen and touch panel have embedded processors running unknown firmware. Trezor devices are also not airgapped; as they use USB.
Coldcard has, in our opinion, the best security model, with open source hardware and firmware plus a secure element for storage of private keys. Coldcard also has great security features, such as a phishing-resistant PIN entry process and security lights. However, Coldcard is designed for the hardcore Bitcoiner and is challenging for normal users.
Passport uses the same security architecture as Coldcard, with open source hardware and firmware plus a secure element, but places a significant emphasis on intuitive design and ease-of-use. Passport’s larger display, alphanumeric keypad, and navigation pad create a pleasant user experience. Its camera and microSD slot ensure airgapped operations. And it uses more trustable components, like a screen without an embedded processor and AAA batteries for power.