If you selected Multisig Shield during the setup of your wallet, Blockstream Green adds an extra layer of security to your assets. Multiple keys are required to send a transaction, making it harder for thieves and hackers to steal your assets. The first key is on your device protected by a PIN code and is backed up with a 24-word recovery phrase. The second key is held on the Blockstream Green servers protected by two-factor authentication (2FA). Multisig Shield Account Types You can create two types of Multisig Shield accounts in your Blockstream Green wallet. You can also have multiple accounts of different types in the same wallet. Standard Accounts (2-of-2) This is the default account you get with all new Bitcoin and Liquid wallets if you selected Multisig Shield as your security policy during setup. Both keys are required to send a transaction. Key Location Protected by Backup 1 Mobile or desktop device PIN code (different per device) Primary 24-word recovery phrase 2 Blockstream Green servers 2FA (same across devices) Timelock 2-of-3 Accounts This is a special type of account in Blockstream Green that can currently only be created within the desktop app. It is currently available for Bitcoin wallets only, not Liquid wallets. Transactions are still sent in the same way as standard accounts. 2-of-3 accounts only provide an alternative option for recovery. Whenever you create a new 2-of-3 account, the app will provide a third key in the form of secondary recovery phrase (in addition to your recovery phrase for key 1). Each 2-of-3 account will have a separate secondary recovery phrase Key Location Protected by Backup 1 Mobile or desktop device PIN code (different per device) Primary 24-word recovery phrase 2 Blockstream Green servers 2FA (same across devices) - 3 - - Secondary 24-word recovery phrase Tip: For extra security, you can set up a new Blockstream Green wallet using a hardware wallet, with one key stored on the hardware wallet instead of your mobile device or desktop. Multisig Shield and Sending a Transaction When sending funds from your wallet, you require a signature from two keys: Key 1: On your device, protected by PIN. Key 2: On the Blockstream servers, protected by 2FA. If you do not have 2FA set up in your wallet, key 2 will automatically sign any transactions signed by key 1. Note: You must make at least one transaction every 12 months (depending on your timelock settings) to ensure that your account is secured by 2FA. Multisig Shield and Recovering an Account If you lose access to your 2FA method or the Blockstream Green service becomes unavailable, the account recovery process differs depending on the type of account you are using: Account Bitcoin Liquid 2-of-2 Uses CheckSequenceVerify (CSV)* Uses CheckSequenceVerify (CSV) 2-of-3 Uses a third backup key N/A *previously used nLockTime Bitcoin Standard Account Recovery (CheckSequenceVerify) Note: On Monday, January 25th, 2021, Blockstream Green switched its timelock script from nLocktime to CheckSequenceVerify (CSV) for the timelocks used in Multisig Shield wallets for Bitcoin 2-of-2 accounts. This article describes the new CSV timelock behavior. If you used Blockstream Green before January 25th, some funds in your wallet might still be secured by nLockTime. Read this article for more information on how nLockTime timelocks work. With CSV, transactions sent to your wallet are assigned a timelock period; by default, this time period is set to 51,840 Bitcoin blocks, or around 360 days. Once the timelock period expires, the funds can be spent with only one instead of the usually required two signatures. This means that during the first 360 days after you receive a transaction, you will need two keys to spend the funds received. After 360 days have passed (or more specifically, after 51,840 blocks have been mined) during which you have not moved the funds, you can spend them using our open source recovery tool. To ensure that your wallet is always secured by 2FA, the app will request a redeposit for any funds that haven’t moved for the duration of the timelock period. Liquid Standard Account Recovery (CheckSequenceVerify) Liquid Standard account recovery uses the same method as Bitcoin standard accounts. After the timelock period expires, if you have not made any transactions from your account, you can recover your funds using only the key on your device. Bitcoin 2-of-3 Account Recovery (Backup Key) With 2-of-3 accounts, at any time you can immediately access your bitcoins without 2FA by combining your third backup key with the key on your device. There is no timelock period. Unlike standard accounts, 2-of-3 accounts do not require regular redeposits.