Casa's multisig security model optionally allows for a "seedless" or "nearly seedless" key setup, in which you do not retain the seed phrase backup to your hardware device.
A seed phrase is a 12- or 24-word phrase which acts as a backup to a hardware key such as a Ledger, Trezor, or Coldcard.
A seed phrase backup is generated whenever a key on a hardware device is created. If the device itself is either lost or damaged, the seed phrase can be used to restore the private keys on a new device.
By "seedless," we mean that it's not absolutely necessary to retain the seed phrase backup that is generated during the hardware device setup process.
At the Gold membership level, which uses a 2-of-3 multisig keyset, you may choose either to retain or not retain the seed phrase.
At the Platinum and Diamond level of membership, which use a 3-of-5 or a 3-of-6 multisig keyset (of which three or four keys are hardware devices), we recommend that you write down just one of the seed phrases that are generated when you set up your hardware devices.
This way, if something catastrophic happens to all your hardware devices at the same time, you can recreate one of the hardware keys, and use the remaining keys (the Mobile Key and the Casa Recovery Key) to send funds to a new keyset you create with replacement keys.
Why go seedless?
Having a seed phrase backup allows that key to be compromised without your knowledge. Anyone who views the seed phrase could recreate that key on a totally separate device.
Furthermore, your hardware device can be secured with a PIN code, passphrase, or both, but seed phrases cannot.
But what if I lose or break my hardware wallet?
Seedless is only safe in a multisig setup like Casa offers because other keys exist to sign a transaction in the event that one of them is lost.
In the unlikely event that your hardware device is lost or damaged, you can still use the remaining keys in your multisig setup to send your funds.
That being said, if you have funds on the hardware wallet's standalone key, you DO need to retain the seed phrase, since that is your only backup should something happen to the hardware wallet. It's for this reason that we recommend that you use your Casa hardware device exclusively with Casa.
What if I don't want to go seedless?
While a seed phrase backup can be an additional point of compromise and is not protected with a PIN code or passphrase like a hardware wallet is, it's ultimately up to you to decide if you want to retain the seed phrase or not.
There is no requirement that you "go seedless" when setting up multisig with Casa. Going seedless is considered completely optional.
Should something happen to your hardware wallet, retaining a copy of the seed phrase would allow you to restore the signing key on a new device. In this scenario, no changes would need to be made to your keyset.
If you do decide to retain your seed phrase, make sure that it's securely protected. Keeping the seed phrase sealed in a way that is tamper evident is advised. You might consider putting something like a Cryptosteel backup inside a tamper-evident bag, for example.
What if I've already set up my hardware device with a seed phrase?
If you've already written down and stored your seed phrase and added the device to Casa, but now wish to "go seedless," it's recommended that you rotate that device out of your keyset and replace it with a device that has no backup seed phrase.
Our security model allows you to destroy the seed phrase words you may have written down for your hardware device, as long as:
- You do NOT have other funds on the hardware device's single-signature wallet, so you're using the device exclusively with your Casa setup
- You are confident that your seed phrase could not have been compromised since you wrote it down
For information on how we think about seed phrases, check out our CTO Jameson Lopp's blog post on Casa's seedless security model.