You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We offer social recovery and device recovery. Maybe the next option should be seed phrase recovery.
We can allow a user to auto-generate a one-time seed phrase which we can show the user one time, then ask if they've written it down, and then never show it again. If the user wants a new seed phrase they can request a new one and we can show it to them, and replace the previous one with the new one.
On the backend, we can create a new operation that registers the hash of a seed phrase. Each user can have only one at a time. If they register a new one, it replaces the old one.
Then recovery by seed-phrase can be another option in the "import" flow. The other option we already have is using an existing device to authorize the import. Either one will allow a new device with a new signing key to be registered and then set as primary. The user should create a new seed phrase at the end of the flow if they used a seed phrase to recover (since seed phrases are single use).
The backend needs an operation to add a new signing key when a user reveals the seed phrase that matches the hash. This can only be done once, and then the hash is marked as already used.
The text was updated successfully, but these errors were encountered:
Backend for BrightID/BrightID#1119
The text was updated successfully, but these errors were encountered: