Casa's multisig security model optionally allows for a "seedless" or "nearly seedless" key setup, in which you do not retain the seed phrase backup to your hardware device.
A seed phrase is a 12 or 24 word phrase which acts as a backup to a hardware security device such as a Ledger, Trezor, or Coldcard.
A seed phrase backup is generated whenever a key on a hardware device is created. If the device itself is either lost or damaged, the seed phrase can be used to restore the private keys on a new device.
By "seedless," we mean that it's not absolutely necessary to retain the seed phrase backup that is generated during the hardware device setup process.
At the Gold membership level, which uses a 2 of 3 multisig keyset, you may or may not choose to retain the seed phrase.
At the Platinum and Diamond level of membership, which use a 3 of 5 or a 3 of 6 multisig keyset (of which three or four keys are hardware devices), we recommend that you write down just one of the seed phrases that are generated when you set up your three hardware devices.
This way, if something catastrophic happens to all your hardware devices at the same time, you can recreate one of the hardware device keys, and use the remaining keys (the mobile key and the Casa Recovery Key) to spend funds.
Why go seedless?
Having a seed phrase backup allows that key to be compromised without your knowledge. Anyone who views the seed phrase could recreate that key on a totally separate device.
Furthermore, your hardware wallet device can be secured with a PIN code, passphrase, or both - seed phrases cannot.
But what if I lose or break my hardware wallet...?
Seedless only works in a multisig setup such as what Casa offers because other keys exist to sign a transaction in the event that one of them is lost.
In the unlikely event that your hardware device is lost or damaged, you can still use the remaining keys in your multisig setup to spend funds.
That being said, if you have funds on the hardware wallet's standalone key, you DO need to retain the seed phrase, since that is your only backup should something happen to the hardware wallet. It's for this reason that we recommend that you use the hardware wallet device exclusively with Casa.
What if I don't want to go seedless?
While a seed phrase backup can be an additional point of compromise, and is not protected with a PIN code or passphrase like a hardware wallet is, it's ultimately up to you to decide if you want to retain the seed phrase or not.
There is no requirement that you "go seedless" when setting up multisig with Casa. Going seedless is considered completely optional.
Should something happen to your hardware wallet, retaining a copy of the seed phrase would allow you to restore the signing key on a new device. In this scenario, no changes would need to be made to your keyset.
If you do decide to retain your seed phrase, make sure that it's securely protected. Keeping the seed phrase sealed in a way that is tamper evident is advised.
What if I've already set up my hardware device with a seed phrase?
If you've already written down and stored your seed phrase, and added it to Casa, and wish to "go seedless," it's recommended that you rotate that device out of your keyset and replace it with a device that has no backup seed phrase.
Our security model allows you to destroy the seed phrase words you may have written down for your hardware device, as long as:
- You do not have OTHER funds on the hardware device's single-signature wallet, so you're using the device exclusively with your Casa setup
- You are confident that your seed phrase could not have been compromised since you wrote it down
For information on how we think about see phrases, check out our CTO Jameson Lopp's blog post on Casa's seedless security model.