Casa's multisig security model optionally allows for a "seedless" or "nearly seedless" key setup, in which you do not retain the seed phrase backup to your hardware device.
A seed phrase is a 12- or 24-word phrase which acts as a backup to a hardware key such as a Ledger, Trezor, YubiKey or Coldcard.
A seed phrase backup is generated whenever a key is created on a hardware device. If the device itself is either lost or damaged, the seed phrase can be used to restore the private keys on a new device.
By "seedless," we mean that it's not absolutely necessary to retain the seed phrase backup that is generated during the hardware device setup process if you are using the standard 3-key vault setup with a mobile key.
For the 3-key vault, you may choose either to retain or not retain the seed phrase.
Please note: If you are using the two hardware key setup that is optional for advanced 3-key vaults, we do recommend keeping a copy of the seed phrase for both devices.
For the 3-key vault, you have the option to either retain or not retain the seed phrase. If you are using a YubiKey for your 3-key vault, we recommend creating an offline backup for Sovereign Recovery. This offline backup serves as the seed. You can learn more about obtaining the offline back safely here.
For 5-key vaults (of which three of the keys are hardware devices), we recommend that you write down two (2) of the seed phrases that are generated when you set up your hardware devices.
This way, if something catastrophic happens to all your hardware devices at the same time, you can recreate one of the hardware keys, and use the remaining keys (the mobile key and the Casa Recovery Key) to send funds to a new keyset you create with replacement keys.
For detailed 5 Key vault guidance see: Mostly Seedless setup for 5 key vaults
Why 2 seed phrases?
This provides redundancy while balancing security and complexity. Keeping all 3 seed phrases increases risk of theft, while keeping just 1 doesn't provide enough backup coverage.
This way, if something catastrophic happens to all your hardware devices at the same time, you can recreate one of the hardware keys, and use the remaining keys (the mobile key and the Casa Recovery Key) to send funds to a new keyset you create with replacement keys.
Why go seedless?
Having a seed phrase backup allows that key to be compromised without your knowledge. Anyone who views the seed phrase could recreate that key on a totally separate device.
Furthermore, your hardware device can be secured with a PIN code, passphrase, or both, but seed phrases cannot.
Security Risks:
- Anyone who finds your seed phrase can recreate your wallet
- Seed phrases have no password protection
- Can be compromised without you knowing
Hardware Device Advantages:
- Protected by PIN codes
- Can add extra passphrase protection
- Physical security features
- Requires device possession to access funds
This is why "seedless" setups can be safer in multi-signature arrangements - they eliminate the risk of seed phrase theft while maintaining recovery options through other keys.
But what if I lose or break my hardware device?
Seedless setup is only safe in a multisig setup like Casa offers because other keys exist to sign a transaction in the event that one of them is lost.
In the unlikely event that your hardware device is lost or damaged, you can still use the remaining keys in your multisig setup to send your funds.
That being said, if you have funds on the hardware device's standalone key, you DO need to retain the seed phrase, since that is your only backup should something happen to the hardware device. It's for this reason that we recommend that you use your Casa hardware device exclusively with Casa.
What if I don't want to go seedless?
While a seed phrase backup can be an additional point of compromise and is not protected with a PIN code or passphrase like a hardware wallet is, it's ultimately up to you to decide if you want to retain the seed phrase or not.
There is no requirement that you "go seedless" when setting up multisig with Casa. Going seedless is considered completely optional.
Should something happen to your hardware device, retaining a copy of the seed phrase would allow you to restore the signing key on a new device. In this scenario, no changes would need to be made to your keyset.
If you do decide to retain your seed phrase, make sure that it's securely protected. Store the seed in a tamper-evident package. You might consider putting something like a Cryptosteel backup inside a tamper-evident bag, for example.
What if I've already set up my hardware device with a seed phrase?
If you've already written down and stored your seed phrase and added the device to Casa, but now wish to "go seedless," it's recommended that you rotate that device out of your vault and replace it with a device that has no backup seed phrase.
Our security model allows you to destroy the seed phrase words you may have written down for your hardware device, as long as:
- You do NOT have other funds on the hardware device's single-signature wallet, so you're using the device exclusively with your Casa setup.
- You are confident that your seed phrase could not have been compromised since you wrote it down.
For information on how we think about seed phrases, check out our CTO Jameson Lopp's blog post on Casa's seedless security model.
Not a Casa member yet? Sign up here.