The Casa Recovery Key is one of the keys in your multisig keyset that is able to sign and send transactions in Casa App (formerly Keymaster).
The recovery key is held by Casa, but cannot by itself be used to spend funds.
The Recovery Key is not intended to be used in normal use of the Casa App. The Recovery key is there just in case you lose access to one of your other keys.
While the Recovery Key is held by Casa, there are additional security features to ensure that only you can access the recovery key:
- Security questions, geared toward information that isn’t available publicly.
- Time-delayed recovery signing to deter attackers.
Security questions are one of the best ways to authenticate someone without gathering personally identifying information.
When you set up your Recovery Key in the Casa App, you are asked to choose from a series of questions and set the answers to them.
Our security question options are usually not related to publicly available information, such as “What city were you born in?” or “What’s your mother’s maiden name?” An attacker could potentially find those answers relatively easily.
We wrote our questions to point users toward something that is memorable to them personally, but not generally available publicly. Two examples are, “What is the name of the first person you kissed?” and “What was the brand of the first alcoholic beverage you tried?” While we can’t be 100% sure that these answers aren’t publicly available for some people, we can educate users not to pick questions that may compromise them. Example: if you raved about your magical first kiss on Facebook for weeks after it happened, maybe don’t pick that question.
There is still a small possibility that someone could guess your security answers. To mitigate the risk, we’ve implemented a 7-day time delay on Silver & Gold recovery signatures after the security questions are answered. This gives you plenty of time to cancel a transaction if it was not authorized.
Each day during the time delay, we send users a reminder email with a countdown. In case the user’s Casa account was compromised, these emails will alert them to a false recovery attempt. If the user’s email was also compromised, it’s highly unlikely that they will not notice that for 7 full days. We believe this is plenty of time for a user to notice and cancel a fraudulent recovery.
When combined, these authentication methods provide a compelling solution to the problem of authenticating a recovery without needing extensive KYC data.
If you do lose access to one of your other keys, you should create and transfer funds to a new keyset in the Casa App using the recovery key as soon as possible.
To initiate a recovery transaction, you would:
- Mark the inaccessible device as "lost" or "compromised" in the App
- Re-add your new key to create a new keyset in the App
- Transfer funds from the old keyset to the new one by tapping the button that says "Transfer required" or "Additional Funds Detected" (depending on if you're using iPhone or Android).
During the transfer process to your new keyset, you will sign the transaction with your remaining key and the Casa Recovery Key.
When you initiate a recovery transaction, you will be prompted to answer the security questions you configured when you first set up the Casa App.
After 7 days has elapsed, you can go back into the App, and complete the send to your new keyset.