Casa Blog - Bitcoin Security Made Easy
Bitcoin Ethereum Security Vault multisig

Key distribution: Tips for making the most of your multi-key vault

by John Tinkelenberg 4 min read

Self-custody is a bet on yourself. It’s important to appreciate that responsibility, so your wealth remains secure and resilient in the face of evolving threats.

At Casa, we build multi-key vaults to arm our members with the strongest self-custody for their digital wealth. Let’s cover some major principles to bear in mind as you build your multi-key vault.

Understand the value of multiple keys

Casa vaults use a security protocol called multisig, where you must authenticate from multiple keys to spend funds. This arrangement preserves your assets in the rare event one of your keys is lost or stolen.

Multi-key vaults are best for long-term holdings because they introduce some essential friction for transactions. This design makes your wealth easier to control and preserve. It also makes it harder to transact, which is good for your long-term wealth. You shouldn’t carry your life savings around in your pocket all the time.

Similarly, a widely dispersed multi-key vault is not an ideal fit for assets you intend to trade on a frequent or everyday basis. For funds you’d like to stay flexible, our app comes with a single-key mobile wallet, or you could opt for a hardware wallet.

It’s okay to have separate wallets for funds earmarked for specific purposes in the same way we have physical wallets with cash in addition to checking and savings accounts. Security should strengthen with the amount of wealth you’re protecting.

Identify and eliminate single points of failure

A chain is only as strong as its weakest link. The idea behind bitcoin, ethereum, and other digital assets is to create and protect a decentralized form of property. Most security solutions today, however, are highly centralizing.

Centralization is a major security threat for crypto assets. When you rely exclusively upon a single device, seed phrase, or third party, you increase the potential ramifications of one unforeseen event. A single point of failure is any object, person, or circumstance that has a larger than necessary effect on your security.

Single points of failure are a sneaky security threat that exist in many forms. Just about anything can be a single point of failure if you’re overly dependent on it. A hardware wallet or seed phrase can be a single point of failure. As could an untrustworthy associate with access to your hardware wallet. Your primary residence could also be caught in a flood, fire, or natural disaster.

You can’t always stop bad things from happening, but you can do your best to anticipate them. Watch out for single points of failure and you’ll stay one step ahead.

Never store a majority of your keys in one place

Physical location is the most common type of single point of failure. Casa vaults are designed to be decentralized so that only you have control of your keys, which requires some personal responsibility to maintain.

It defeats the purpose of having multiple keys if a key quorum, the number of keys needed to fulfill a transaction, is all gathered in one location. Often, this takes place on a temporary basis such as when you first create your vault.

For instance, if you have a three-key vault with Casa, two keys are needed to fulfill a transaction. In this case, you should only keep one key in your primary residence, usually a mobile device on our Standard plan. Your hardware wallet should be stored in another location. This prevents your assets from being stolen in a break-in or lost in a house fire.

The same reasoning applies to cyberspace as well. There have been some anecdotal reports of people on DIY setups storing keys online on servers or password managers. These are instances where, although the security setup may seem technical, you actually create practical vulnerabilities.

For a multi-key vault to remain secure, you should have to travel to obtain a key quorum. This prevents a malicious actor from coercing into signing a transaction. The amount of distance can vary depending on how much wealth and your personal situation. Spreading your keys out allows you to appropriately leverage the power of multiple keys with the same decentralization that digital assets are supposed to have.

Use different devices for enhanced security

Casa vaults allow you to use a variety of hardware wallets to secure your assets, and this variety is by design. Diversity enhances robustness.

Vulnerabilities and exploits in individual device models are discovered on a somewhat frequent basis. Sometimes, security flaws are found through ongoing research and development, and in other cases, they’re out in the wild. Developers and manufacturers typically move quickly to patch and fix exploits, but not everyone is diligent about firmware updates.

You don’t want a bug or exploit on one device to be replicable against most of your keys. Many people put off downloading the latest updates for their phones, so a vault using exclusively phones would be a poor choice for securing large holdings.

Keep all keys in access-controlled locations

A person can’t be everywhere at once, and if you’re distributing your keys effectively, some keys could be in places you can’t monitor around the clock.

To preserve the stability of your keys, avoid keeping your keys out in the open. Seek out access-controlled places such as lockboxes, safes, and safety-deposit boxes. Of course, keep track of any and all physical house keys and access codes. This prevents someone from stumbling upon and swiping your device, which is an inconvenience if not a complete threat to your assets.

Perform your health checks every six months

Electronic devices don’t last forever. Once you’ve initialized all the devices in your vault, we recommend checking your devices about once every six months to ensure they’re in proper working order. Our app will prompt you when it’s time to check a key.

Health checks provide you with a chance to perform any required updates to ensure your devices are ready to sign transactions when the time comes.

Final thoughts

Decentralization is a feature, not a bug. Multi-key vaults are the best security option for long-term crypto security. Leaning into a distributed security model will help you protect your wealth for the long haul.

Looking for more security knowledge?

Our weekly Security Briefing newsletter provides quick updates on bitcoin and ethereum security with analysis from Casa’s experts. Sign up here.

Read more posts by this author

John Tinkelenberg

John Tinkelenberg is the content marketing manager at Casa. As a trained reporter, he is the primary writer and editor for the blog and frequently produces content for other channels.

The link has been copied!