Another difference between GreenAddress and BitGo is that its impossible for a malware to get both the private keys since they never are on the same device at the same time, even at creation time.
In reality it seems that in Bitgo you can create your backup key as a "cold key" in which case you actually could have your three keys separated at creation time and on different devices:
- One is created by bitgo on their services
- One is created on the user's online device
- One is created as a cold key on a offline device.
I have to point out though that you have to choose "advanced" at creation time to find this option but actually it exists.
Se below for explanation.
BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on our servers and stored securely.
The user key and backup key, and the passcode, are never seen by BitGo. The user key is generated in the users browser and encrypted with a passcode. We recommend users create their own backup key as a cold key that is not seen in the users browser or on our servers.