What you need to know about the Casa Recovery Key
Taking the edge off self-sovereignty since 2018
By protecting your bitcoin with multiple keys, and ensuring that those keys are subject to a diversified set of risks, you can be sure that no single event - and no single threat - will ever jeopardize your wealth. You can read more about key diversity here:
A lifeline for when you need it
An important part of a diversified keyset is having one key managed by in-depth security precautions. Especially during times like these when travel is restricted, having a key held by a cosigner - and governed by strict security procedures - is a boon to Bitcoiners and helps take the stress out of being your own bank.
That’s why every Casa membership includes access to the Casa Recovery Key. Your Recovery Key is managed and secured by Casa and can be used to co-sign transactions at your request.
It’s been a core part of our service since we came out of stealth in 2018.
Managing this key, and making it available to our clients, is arguably the single most important thing Casa does as a business. We go to great lengths (detailed in this post) to ensure the key is there for you when you need it, and that you have peace of mind knowing help in an emergency is always just a tap away.
Casa Recovery Key: what you need to know
- There is no additional cost to use the Recovery Key - We don’t believe in charging you for help when you need it most.
- No KYC is required to use the Casa Recovery Key - We have designed our verification procedures so that no personal data intake is required to use the Casa Recovery Key.
- There are no limits on how often you can use the Recovery Key - That said, we never want our clients to become reliant on a third party (even Casa) to access their wealth and generally discourage ‘routine signing’ lest it becomes a habit.
- The Recovery Key is held fully offline, with highly-redundant backups - These backups are distributed both geographically and jurisdictionally, keeping your Recovery Key safe from a wide range of disruptions - including earthquakes, floods, fire, political events, social unrest, even EMP or solar flares.
- The Recovery Key is available to sign 24 hours a day, 7 days a week, 365 days a year - We’ve made the key available to our clients continuously over the past two years - with no breaks for holidays, evenings, or weekends. Note that while the key is available for signing 24/7/365, signatures are subject to security delays and not made instantaneously upon request.
- Casa regularly tests our Recovery Key infrastructure - Several times each week.
- The Recovery Key is not a ‘master’ key - With Casa multisig accounts, you have full control over your wealth because you hold the majority of your keys (2-of-3 keys for Gold, and 4-of-5 keys for Platinum and Diamond). The Recovery Key holds the same 'weight' as the keys you control. It can only be used to co-sign transactions and cannot move funds by itself. So while we can help you co-sign transactions upon request, it is impossible for Casa to access your funds or move funds without your authorization.
- Your Recovery Key is unique - Every multisig account is provisioned with a unique xpub.
When should I request a signature from the Casa Recovery Key?
While you can use the key anytime you wish, there are three times in particular you may want to use it:
- You aren’t able to access one of your keys - and need to send a transaction.
- You want to replace a key - to upgrade to a newer hardware wallet, and want to use the signature to help perform a key rotation.
- You need to replace a key - because one of existing keys was lost, stolen, damaged, failed to pass a health check, or is no longer accessible to you.
How do I request a signature from the Casa Recovery Key?
To request a signature from the Recovery Key, all you need to do is create your transaction through your Casa App and tap “Casa Recovery Key.” This initiates Casa's verification processes.
What happens next?
Diamond and Platinum memberships
For Diamond and Platinum members, use of the Recovery Key is always gated by a video verification call.
After requesting, here’s what happens:
- Personal outreach from Casa Client Services - Expect an immediate call or message from Casa Client Services to book your verification call.
- Verification call - During this call, we perform a variety of checks (detailed below), to make sure that  we are talking with you, and  that you’re not under duress.
- Signature added after custom time delay - Casa enforces mandatory multi-day waiting periods between authentication and signing. By default, our signature delay is 48 hours. The waiting period is set during onboarding, and can be made far higher or slightly lower upon client request.
During your verification call, we incorporate a number of security procedures to confirm your identity and ensure you are safe. These include:
- Video conference requirement - Casa Client Services verifies your identity against a reference image taken during onboarding to ensure we are talking to you and not someone else. Soft checks are also performed to ensure a client’s behavior and demeanor are at or near baseline.
- Challenge / response phrases - This provides another layer of soft authentication.
- Duress responses - Clients may optionally set a ‘duress word’ with Client Services. This is a non-obvious, pre-decided word clients may use to let Casa personnel know discreetly if they are being coerced into sending a transaction.
What if a duress word is triggered? During onboarding, Casa Client Services defines bespoke emergency procedures with our clients. These vary from client to client, but can include reaching out to emergency contacts, coordinating with outside security firms, and in some cases contacting local law enforcement. A duress state may be indicated by a client stating a duress word as well as other factors, such as hitting the Emergency Lockdown button in the app.
What if you prefer not to do video verification? We work with a number of pseudonymous clients who sometimes prefer to disable cameras during calls with our team. While we do support audio-only verification and discuss this option with clients, it’s not something we recommend. Video calls - coupled with security questions - provide an extremely high level of verification. Audio-only calls provide fewer safeguards and introduce new risks, such as real-time audio deep fakes (case in point).
Use of the Recovery Key is mostly automated for our Gold members. After you request co-signing from the Recovery Key via your Casa App, here’s what happens:
- Answer 3 security questions to prove the authenticity of the request - You’ll set these questions when you create your Casa account, and you can retry if you get them incorrect. Properly written security questions are one of the best ways to authenticate someone without gathering personally identifying information. We designed our questions to point users toward something that is memorable to them personally, but generally not discoverable via publicly available information.
- Signature is added after a 7-day, time-delayed countdown - We’ve implemented a 7-day time delay on Gold recovery signatures after the security questions are answered. Each day during the time delay, we send users a reminder email with a countdown. In case the user’s Casa account was compromised, these emails will alert them to a false recovery attempt. In our research and experience, this has proven to be sufficient time for a user to notice and cancel a fraudulent recovery, but can never be as secure or as airtight as the video verifications performed at our premium tiers.
Having access to a highly-redundant, professionally-managed key dramatically reduces the risks of being your own bank, while still keeping you in full control of your wealth.
Safeguarding the Casa Recovery Key, and making it available to our clients, is the among the most important things we do as a business. It’s a service we pioneered when launching Casa in 2018, and one we intend to continue to evolve over the years to come.