We recommend you go "mostly seedless" with your Casa keys. This means only recording a single 24-word seed phrase for your 5-key vault setup, usually from your Ledger or Coldcard device, and destroying the other devices' seed phrases.
What is a seed phrase?
Seed phrases are a set of words used to generate your private key. Since most hardware devices only use a single key, it is imperative that the owner make a backup copy of the seed phrase so the private key can be regenerated on a new device if something should happen to the original.
The challenge of seed backups is they make security a lot more complicated. This is why we recommend you go "mostly seedless" with your Casa keys.
Why go mostly seedless?
For your Casa vault setup, we recommend geographically distributing your keys. If you distribute seed phrases, you won't be able to keep an eye on them 24/7, and someone may come across your seed phrase, take a picture, and put it back. That key has now been compromised without your knowledge. Writing down and keeping all three seed phrases means a bad actor could obtain enough keys to sign a transaction without your knowledge.
Keep in mind that even if you secure your hardware device with a PIN code, someone who obtains access to the seed phrase can set up a new device with their own PIN and sign with your key.
By destroying the seed phrases for two of the hardware devices, we can ensure that this doesn't happen. If a key is compromised, you'll know it because the hardware device itself will be missing.
What if I lose or break my hardware device?
The seedless setup only works in a multisig setup because other keys exist to sign a transaction in the event that one of them is lost or damaged.
In the unlikely event that your hardware device is lost or damaged, you can still use the remaining keys in your vault to send your funds.
That being said, if you have funds stored with a hardware device's stand-alone single key, you DO need to retain the seed phrase, since that is your only backup should something happen to the hardware device. It's for this reason that we recommend that the hardware devices you use be used exclusively with Casa.
What if I don't want to go mostly seedless?
While a seed phrase backup can be an additional point of compromise, it's ultimately up to you to decide if you want to retain the seed phrase or not. There is no requirement that you "go seedless" when setting up multisig vaults with Casa. By retaining a seed phrase, if something should happen to your hardware device, the seed phrase would allow you to restore the signing key on a new device. In this scenario, no changes would need to be made to your keyset.
How should I store my seed phrase?
We recommend storing your seed phrase in a sealed, tamper-evident bag. Punching the seed phrase into a fire and water-resistant steel plate is also considered best practice. We recommend storing the seed phrase you hold with the associated device in a tamper-evident bag, recording the bag's serial number in a password manager, and verifying the bag's integrity when you complete a health check.
What if I've already set up my hardware device with a seed phrase?
We still recommend you use a seedless multisig setup. If you've already written down and stored your seed phrase and added it to Casa and the backup is not easily destroyed, we recommend that you rotate that device out of your keyset and replace it with a device that has no backup seed phrase.
For more information about how Casa views seedless setup, please see our CTO Jameson Lopp's blog post on Casa's seedless security model.
How can I protect my seed phrase from degrading over time?
Over time, a paper seed phrase can degrade due to humidity or corrosion. There is also the possibility of an unlikely event such as a fire or flood. To protect your seed phrase against these threats, a steel plate can be used to record each of the seed phrase words. There are many plates to choose from; this article compares an array of products and considerations.
How does a steel plate work?
Casa recommends Blockplate and SeedSteel, steel plates with etched boxes that allow you to record each of the seed phrase words. We recommend using a steel punch to mark the letters. You can follow the guide at Blockplate.com.
Remember to hide any seed phrase you create in a sealed, tamper-evident bag to prevent it from being viewed.
If you have any additional questions about this or any other component of your 5-key vault, don't hesitate to reach out to your Client Advisor and ask!