When setting up your Blockstream Green wallet or when creating a new account to Blockstream Jade, you will be prompted to choose between two different security models: Standard (Singlesig) or 2FA Protected (Multisig Shield). Each security policy leads to a separate wallet, even if you are using the exact same recovery phrase.
Standard accounts are represented by a single key icon - while 2FA Protected accounts are represented by a two key icon.
Standard Accounts
In Standard (singlesig) accounts, your funds are secured by a single key held on your device. This key is stored in a human-readable format and is known as your recovery phrase. Standard accounts are simpler to set up and operate than a 2FA Protected account, and since they are standard, they allow you to restore your wallet on other popular bitcoin wallets (e.g. Electrum).
Tip: If you aren't sure which security policy to pick, we recommend selecting Standard.
2FA Protected Accounts
Choosing 2FA Protected accounts (formerly Multisig Shield) provides enhanced security by protecting your funds against additional attack vectors.
Your funds in this account will be secured by multiple keys, with one key on your device and another key on our servers, protected by your chosen 2FA method. Since multiple keys are required to send a transaction, it is much harder for thieves and hackers to steal your assets.
However if you lose your 2FA method, you will need to perform a 2FA reset which lasts for 1 year. During this time you will be unable to spend funds, so make sure to keep your 2FA method safe and protected or enable multiple 2FA options.
Comparison of Security Policies
In order to spend funds from your Standard account, you will need the following:
- Your device and PIN OR
- Your recovery phrase
In order to spend funds from your 2FA Protected account, you will need the following:
- Your device and PIN and 2FA method OR
- Your recovery phrase and access to your 2FA method
Security Policy |
Benefits |
Trade-offs |
---|---|---|
Standard |
Easy to use Only need recovery phrase to access wallet Can restore wallet to other platforms |
Attacker only needs recovery phrase to steal your funds No additional layers of security |
2FA Protected |
Enhanced security Attacker needs your recovery phrase and 2FA to access your wallet Can update 2FA to a more secure method if you think it has been compromised |
Risk losing the ability to spend funds immediately if 2FA is lost* Blockstream provides additional security which requires holding one of your keys (this does not mean we can spend your funds) |
*If you lose your 2FA method, you will be unable to spend any funds until your CSV timelock has expired