How does the Silver and Gold Keymaster recovery process work?

For Silver and Gold members using Basic Multisig 2-of-3, we built a highly-scalable and mostly automated recovery process consisting of two parts:

  1. Security questions, geared toward information that isn’t available publicly.
  2. Time-delayed recovery signing to deter attackers.

Security questions

Properly written security questions are one of the best ways to authenticate someone without gathering personally identifying information.

The potential pitfall here is writing questions with publicly available answers, such as “What city were you born in?” or “What’s your mother’s maiden name?” A persistent attacker could find those answers relatively easily.

We wrote our questions to point users toward something that is memorable to them personally, but not generally available publicly. Two examples are, “What is the name of the first person you kissed?” and “What was the brand of the first alcoholic beverage you tried?” While we can’t be 100% sure that these answers aren’t publicly available for some people, we can educate users not to pick questions that may compromise them. Example: if you raved about your magical first kiss on Facebook for weeks after it happened, maybe don’t pick that question.

Time delay

There is still a small possibility that someone could guess your security answers. To mitigate the risk, we’ve implemented a 7-day time delay on Silver & Gold recovery signatures after the security questions are answered.

Each day during the time delay, we send users a reminder email with a countdown. In case the user’s Casa account was compromised, these emails will alert them to a false recovery attempt. If the user’s email was also compromised, it’s highly unlikely that they will not notice that for 7 full days. We believe this is plenty of time for a user to notice and cancel a fraudulent recovery.

When combined, these authentication methods provide a compelling solution to the problem of authenticating a recovery without needing extensive KYC data.

Did this solve your problem?