The Casa Recovery Key is one of the keys in your vault that is able to sign and send transactions in the Casa app.
The Recovery Key is held by Casa, but cannot be used to send funds by itself.
The Recovery Key is not intended to be used in the normal use of the Casa app. The Recovery Key exists just in case you lose access to one of your other keys.
The Casa Recovery Key should NOT be relied upon for time-sensitive transactions such as margin calls for loans.
While the Recovery Key is held by Casa, there are additional security features in the app to ensure that only you can access it. These features vary depending on your membership level.
- For 3-key vaults (or 5-Key vaults using our Standard Plus membership), use of the Casa Recovery Key is authenticated by answering a series of security questions that you've chosen.
- For 5-key vaults, use of the Casa Recovery Key is authenticated with a live video verification call with our Client Services team.
Recovery Key for 3-key vaults
When you first set up your 3-key vault, you set the answers to three security questions, which you'll need to answer correctly if you ever need to use the Recovery Key. Once you answer them correctly, there is a 7-day security delay between when you request use of the key, and when the transaction is signed by Casa.
Security questions
Security questions are one of the best ways to authenticate someone without gathering personally-identifying information.
When you set up your Recovery Key in the Casa app, you are asked to choose from a series of questions and set the answers to them. The answers must be entered exactly as you entered them the first time including symbols, and/or spaces. (**Please note correct capitalization is not required)
We wrote our question options to point members toward something that is memorable to them personally, but not generally available publicly. Two examples are, "What is the name of the first person you kissed?" and "What was the brand of the first alcoholic beverage you tried?" While we can't be 100% sure that these answers aren't publicly available for some people, we can educate users not to pick questions that may compromise them. Example: If you raved about your magical first kiss online for weeks after it happened, maybe don't pick that question, or at least make up a fake answer you will still remember.
Time delay
To mitigate the risk of in-person attacks and the risk that your security questions could be guessed correctly, there is a 7-day time delay on recovery signatures after the security questions are answered. This gives members with 3-key vaults plenty of time to reach out to us or cancel a transaction if it was not authorized.
Please note: The Casa Recovery Key signature is applied by one of a very short list of humans at Casa. It will be applied by the end of the business day on the 7th day, but may not be applied at the exact same time of day as you requested it.
Once the signature has been applied, you still need to sign into the Casa app and confirm the transaction to broadcast it to the network. This does not happen automatically once the signature is applied.
When combined, these authentication methods provide a compelling solution to the problem of authenticating a recovery without needing extensive KYC data.
If you would like to change your security questions for optimal security please see Resetting the security questions for 3-key vaults.
Recovery Key for 5-key vaults (For Premium and Private clients only)
Use of the Casa Recovery Key for members with 5-key vaults is done via video verification with our Client Services team.
When you first set up your Casa Recovery Key for your 5-key vault, you have the option to take a "selfie" in the app.
When you need to request use of the Casa Recovery Key, you can schedule an appointment with our team by reaching out to your Client Services rep. Our team will meet with you directly over an audio-video call to ensure that it's really you making the request, and that you're not under duress.
After a security review and delay, we at Casa will sign the transaction with our device. However, it's up to you to provide the remaining key signatures to move your funds.
You can also optionally set up a duress word or phrase with our team so that if the word or phrase comes up during the call, we will not immediately sign your transaction request and can even take additional action on your behalf, such as contacting a family member, if requested.
For our members who wish to retain a higher degree of anonymity, the image you use as your recovery photo doesn't have to be a selfie. It can be an image of something unique to you that is not necessarily personally identifying, but something that's always with you. Examples of this could be a tattoo that you have, or a watch, or a wedding ring.
The image you use as your recovery photo could also be a common item that's easily obtainable from almost anywhere in the world, like an image of a can of Coke, for example. If you ever needed to use the Casa Recovery Key, you would simply show a can of Coke during your verification call.
Talk with your Client Services rep as to the customization options you have available with regards to the Casa Recovery Key.
