Wealth Security Protocol
Go to Casa Home
  • 🗺️Overview
  • 💜Casa vs. Alternatives
    • Introduction
    • Option #1: Do-it-yourself
    • Option #2: Custodial Storage
    • Option #3: Commercial Systems
  • 🔑System Design Principles
    • Introduction
    • Minimal Knowledge
    • High Security
    • Usability is Security
    • Expert Support
    • Redundancy
    • Sovereignty
    • Incentive Alignment
  • 🚨Threat Overview
    • Introduction
    • Data and Credential Loss
    • Phishing
    • SIM Hijacking
    • Network Attacks
    • Malware
    • Supply Chain Attack
    • Physical Coercion
    • Child/Pet Attack
    • Internal Service Provider Attack
    • Platform / Hosting Provider Attack
    • Code Dependency Attack
    • Official Seizure
    • Inheritance Failure
  • 🔐Chosen Features
    • Introduction
    • Hardware Wallet Signing
    • Multi-signature
    • Multi-location
    • Heterogeneous Hardware and Software
    • Seedless Hardware Wallets
    • Emergency Recovery Key
    • PIN or Biometrics for Mobile Key only
    • PIN for every device
    • Sovereign Recovery Instructions
    • Emergency Lockdown Button
    • Health Check
    • Identity Verification for Account Recovery
    • Inheritance
  • ✅Chosen Key Schemes
    • 5-Key Vault
    • 3-Key Vault
    • Pay Wallet
  • ❌Rejected Key Schemes
    • Shamir's Secret Sharing
    • 2-of-2
    • 1-of-2
  • ❌Rejected Features
    • Biometrics General Usage
    • Brain Wallet -- Memory Based Solutions
  • 🔧Remaining Attack Vectors
    • Address Spoofing
    • Malicious Insider Key Theft
    • Extreme disaster scenarios
    • Extortion
  • 👨‍🚀Future Improvements
    • Taproot/MAST
    • Schnorr Signatures
Powered by GitBook
On this page

Was this helpful?

  1. 🔐Chosen Features

PIN or Biometrics for Mobile Key only

Biometrics provide a convenient and diverse layer of security preventing unauthorized use of the mobile key. A sensor checks the user's thumbprint or face to verify the user's identity before unlocking the app.

We choose not to use biometric locks for every key in the Casa system, for several reasons. First, biometric support is not widely used and available for hardware wallets. Secondly, using biometric locks for all of the keys incentivizes kidnapping, since a person’s face or thumbprint can be used to forcibly activate the devices. Finally, the collection of biometric data by a third party could be used against a client.

Many clients already use fingerprint or face-scan technology on their mobile phones. Both iOS and Android store this data locally and not in a remote database. We make use of this technology because it is already available, but we strongly recommend against using biometrics by default without an analysis of the biometric system's security and privacy. Finally, always make sure any biometrics you use do not involve a third-party system. We’ve heard reports of cryptocurrency apps that use third-party face scan systems (instead of Apple iOS or Android directly on device). This is a security nightmare. If Apple, Samsung, and other phone manufacturers refuse to store customer face scan data in centralized databases, you can be sure that you should never trust another third-party company with this data.

PreviousEmergency Recovery KeyNextPIN for every device

Last updated 1 year ago

Was this helpful?