Casa leverages 3rd-party hardware devices as keys in multi-key vaults. See Supported platforms and hardware device firmware for a list of all the devices that Casa supports.
While these are highly secure devices, they are physical items and, like all physical items, have an expected lifespan that should be taken into consideration when looking holistically at your security setup. The device (and the data contained on it) can and does degrade over time.
Fortunately, there are steps you can take to eliminate this single point of failure, namely: health checks and, if needed, updates to your keys.
How long does a hardware device last?
The manufacturers of Ledger and Trezor, the most popular hardware devices (to use examples), state that the expected lifespan of one of their devices is 10-30 years. For many, this may be far less, and may even be more, as various factors such as manufacturing consistency, usage, and the environmental conditions of where they are stored can all affect the longevity and function of the device. In other words, your mileage may vary, and you should assume that your device will not last for the maximum or even the minimum expected lifespan.
What can I do to mitigate the risk of a device failure?
Performing Health checks in the Casa app on a regular, consistent basis is the single most important thing you can do to mitigate the risks of a device failure for any reason. We recommend checking the health of all of your keys at least once every six months. If you're due for a health check, the Casa app will remind you. If you use a key to sign a transaction, this is considered a check that the key is healthy.
If you find that you are unable to complete a health check on a hardware device for any reason, first try to troubleshoot the device, as it may be something as simple as a browser issue. Check out our device-specific troubleshooting resources here.
Part of the troubleshooting process may involve updating the device firmware.
In addition to regular health checks, keeping your device(s) in a climate-controlled environment will extend it's lifespan. This typically means that the temperature where you store the device(s) should stay constant between 55 degrees Fahrenheit (12.8 C) and 85 degrees Fahrenheit (29.4 C), with the humidity ranging between 40% and 60%.
What happens if my device completely fails?
If your device fails, or the key on the device is wiped, as may happen during a firmware update (though this is rare), then these additional steps may need to be taken:
If you have the seed phrase, you should restore that key on the wiped device, or on a new device, then perform a health check.
If you do not have the seed phrase, you should get a new device, set up the new device, and replace the broken key in the Casa app.
Note: Only one key should be replaced at any given time.
Should I be keeping my seed phrase?
In Casa multi-key vaults, we consider writing down the seed phrase(s) to your device(s) to be optional. Our article Seedless multisig explains the reasoning behind this in depth.
One of the reasons why device manufacturers urge users to write down a backup seed phrase is because it is known that these devices can fail far before their minimum expected lifespan. In addition, some firmware updates can completely wipe the device. In that instance, the device itself may still be usable, but it must be restored using the backup seed phrase.
Because you're using multisig with Casa, a broken key (even without a backup seed phrase) does not mean that your funds are lost if you still have a remaining key quorum in your multi-key vault.
Conclusion
Security is not a "set it and forget it" concept. Security requires ongoing review. Your setup should be periodically and regularly evaluated, and changes must be made as necessary.
As a Casa member, periodically taking action to check the health of your keys and recognize issues early and often is vital to the long-term health of your keyset.
If you have any questions, our team is always happy to discuss digital currency security that's tailored to you. Reach out to our team. We've got your back.
