pull down to refresh

The PIN argument is strong. Adding a secret to protect a secret just moves the failure point, and most people handle that second secret worse than the first. Threshold multisig as the security boundary makes the threat model way simpler to reason about.

And the big win is that this simplification of access requirements carries through to simplifying recovery and inheritance.

reply