Multi-device and multi-location
When it comes to your multisig setup, we recommend a multi-device and multi-location setup.
A multi-device setup means we use multiple hardware wallets from different manufacturers. You will notice that your package will come with Trezor and Ledger devices. This removes the threat from a single point of failure if one company pushes out a faulty firmware update that accidentally bricks the hardware devices. You will still have a key quorum of 3 keys to move funds. You will still have a hardware device from a different company and you will still be able to sign transactions.
A multi-location setup means geographically distributing your keys to ensure that you never have 2 hardware wallets stored in the same location.
The following are the places we recommend you keep your keys:
- Home - we recommend a safe that isn’t electronic and that you can bolt to the floor.
- Safe - we recommend any safety deposit box that banks offer.
- Office - we recommend a locked drawer at your desk.
Mostly seedless approach
Seed phrases are a series of words that can be used to generate your private key. Before multisig, any loss of a hardware device meant that funds were gone forever, so manufacturers worked hard to ensure that users created physical backups of these seed phrases.
The challenge of seed backups is they make security a lot more complicated. With Casa, any lost key can be replaced with a new one, rather than restored from backup, as long as a minimum of three keys remain intact. You can read more about our thoughts on a mostly seedless setup here.
We strongly recommend that clients only keep one recovery seed phrase and that you replace it when you replace the associated device. Holding onto two or more seed phrases potentially creates long-term vulnerabilities in your account. Additional recovery seeds recorded during setup should be destroyed, preferably burned.
We recommend storing the seed phrase you hold with the associated device in a tamper-evident bag, recording the bag's serial number in a password manager, and verifying the bag's integrity when you complete a health check.
Choosing a PIN
Similar to seed phrases, hardware manufacturers implement PIN protection on their devices to protect against physical theft of the device. Some go as far as to wipe the device automatically after a certain number of incorrect guesses to prevent a brute force attack.
PIN protection is far less important in a multisig setup since the theft of a single key will not compromise funds. A bigger concern is forgetting the PIN, which can lead to inadvertent key loss. For this reason, we encourage clients to use the same simple, memorable PIN on all of their devices and back it up to a password manager.