1. Help Center
  2. Getting Started
  3. Getting Started with 5 key vault

5. Basics of hardware device security

Casa is a software and service experience. We work closely with leading hardware device (sometimes referred to as hardware wallet) manufacturers to ensure your keys are stored in the most secure, reliable, and user-friendly devices. These guides will walk you through how to set up Ledger, Trezor, Coldcard, Keystone, or Passport devices.

You can find similar instructions for setting them up on the manufacturers' respective websites. Keep in mind that their guides are primarily designed for users who will be using their single key feature. The primary difference is that using the single key requires keeping a backup of the seed phrase.

Multi-device and multi-location

When it comes to your multisig vault setup, we recommend a multi-device and multi-location setup.

A multi-device setup means we use multiple hardware devices from different manufacturers. You will notice that your package will come with Trezor and Ledger devices. This removes the threat from a single point of failure if one company pushes out a faulty firmware update that accidentally bricks the hardware devices. You will still have enough remaining keys to move funds. You will still have a hardware device from a different company and you will still be able to sign transactions with the mobile key and the Casa Recovery Key.

A multi-location setup means geographically distributing your keys to ensure that you never have two hardware devices stored in the same location. 

The following are the places we recommend you keep your keys:

  1. Home - we recommend a safe that is not electronic and that you can bolt to the floor.
  2. Safe - we recommend any safe deposit box that banks offer.  
  3. Office - we recommend a locked drawer at your desk.

Mostly seedless approach

Seed phrases are a series of words that can be used to generate your private key. Before multisig, any loss of a hardware device meant that funds were gone forever, so manufacturers worked hard to ensure that users created physical backups of these seed phrases.

The challenge of seed backups is they make security a lot more complicated. With Casa, any lost key can be replaced with a new one, rather than restored from backup, as long as a minimum of three keys remain intact. You can read more about our thoughts on a mostly seedless setup here.

We strongly recommend that members only keep one recovery seed phrase and that you replace it when you replace the associated device. Holding onto two or more seed phrases potentially creates long-term vulnerabilities for your funds. Additional recovery seeds recorded during setup should be destroyed, preferably burned.

We recommend storing the seed phrase you hold with the associated device in a tamper-evident bag, recording the bag's serial number in a password manager, and verifying the bag's integrity when you complete a health check.

Choosing a PIN

Similar to seed phrases, hardware manufacturers implement PIN protection on their devices to protect against physical theft of the device. Some go as far as to wipe the device automatically after a certain number of incorrect guesses to prevent a brute force attack.

PIN protection is far less important in a multisig setup since the theft of a single key will not compromise funds. A bigger concern is forgetting the PIN, which can lead to inadvertent key loss. For this reason, we encourage clients to use the same simple, memorable PIN on all of their devices and back it up to a password manager.

For Premium and Private Clients Only:

Have additional questions? Schedule a call with one of our experts by clicking on the help tab in the Casa app!