The team at Bitcoin (BTC) focused firm Casa notes that by now, we all (or at least those who follow the crypto space) should be familiar with the concept of “not your keys, not your coins.”
Casa writes in a blog post that many explainer guides and information is now widely available to Bitcoin traders or investors, including how to secure your private keys and SEED phrases. But there might not be as much literature on how Bitcoin holders may properly secure their environments when using their keys.
The Casa team has shared practical and “paranoid level” tips and steps their team members may use to help with securing “healthy” environments for their devices and hardware wallets.
Casa team members note that when using “key material” in any form, we need to take into consideration the actual room and layout they’ll be “operating within.” Public spaces are “not recommended” because of the “multitude of peering eyes, cameras, and general lack of privacy and security,” the Casa team noted while adding that to begin “evaluating for potential physical security threats, it is better to use an access-controlled location of your choosing, such as a bedroom or personal office.”
When “evaluating a physical space” we should consider the following, according to the Casa team:
- Location “should be access-controlled, which prevents key operations from being interrupted.” The space “should be relatively private and not in a public place like a crowded coffee shop.” Take note of “all cameras and what they are facing. This goes for mobile phones, webcams, and smartwatches. When in doubt, cover it up, or remove the device from the environment entirely.”
- Be aware of various Internet-of-Things (IoT) listening devices, “such as the ones offered by Amazon and Google.” Power off “all unnecessary electronic devices that may contain cameras or microphones.” Also “close the blinds, shut the door, and give yourself ample time to do things correctly and without interruption.”
- Using hardware wallets and performing key operations “is NOT a team sport.” These tasks “should be performed alone and in a silent manner, unless a second witness is needed for attestation.”
The Casa team further noted that hardware wallets have been engineered to protect user’s key material “without the fear of an infected computer or malware stealing your funds.” But having said that, attackers can be “extremely clever,” the Casa team notes while adding that we can still “take additional steps to ensure they are using the latest security tools to promote a healthy compute (laptop/mobile phone/tablet) environment.”
Casa goes on to recommend that we may use the included operating system firewall and malware detection tools, but if we don’t really trust these, a third party application “would suffice.”
We also need to ensure a “healthy” system environment by making sure we are up to date on operating system patches, which may include critical security updates that may help keep our computers safe.
Additionally, we should use only “approved” vendor binaries and software releases from official vendor websites and official mobile application (iOS/Android) stores, the Casa team recommends.
People who might wish to be “extremely cautious” might decide to use an “air gapped” computer to sign transactions offline and then broadcast them via a separate online computer. This is “only recommended if you know exactly what you are doing, as fully securing an air gap computer is an intensive and comprehensive task,” Casa’s blog post clarified.
The Casa team added:
“The ‘keys to the kingdom’ that control your bitcoin should reside in your hardware wallet. If you are not using a hardware wallet, sign up for a Casa account here. Before we touch any hardware, let’s ensure we are electrically grounded by either touching a door knob, large piece of metal, or a common ground. This ensures we don’t zap our devices with static charge when handling them.”
They also noted:
“Run hardware device firmware updates periodically to ensure the latest security updates have been applied. (At Casa, our team reviews every firmware update for the hardware wallets we support. If you’re a Casa member, be sure to consult our help center before updating your firmware.)”
We should also carry out a Casa Health Check in the Casa mobile app in order to make sure that the health of each of our hardware devices is all good. Casa also says to only use the supplier-provided USB cable. These “vary in voltage, stability, and there are even attacks that can be built into makeshift cables,” the Casa team explained.
We must “always verify all prompts and addresses on the hardware wallet screen,” the Casa team noted while adding that you can use a Casa-branded Faraday bag, accessible via https://store.casa/ for long-term device storage.
“By incorporating some of the tips above, you are taking the steps to ensure the safety of your keys and bitcoin, as well as the safety of you and your operating environment.”
The blog post from the company also mentioned that Casa Gold is free to try for 30 days and “only $120 / year after that.” If you feel ready to move to their Platinum or Diamond tiers, then you may get started here.