celo-monorepo icon indicating copy to clipboard operation
celo-monorepo copied to clipboard

Published 20 hours ago verified publisher icon celo-org

Account Recovery

Open nategraf opened this issue 4 years ago • 0 comments

Summary

In the event a Valora user loses access to their device or forgets their PIN, the only currently supported path to recovering their account is to enter their 24-word (BIP39) mnemonic phrase. Direct user feedback, and collective wisdom among the crypto community, shows us that this option has a high failure rate and is not acceptable for most users.

We aim to improve the success rate and ease of use for account recovery in order to allow users of Valora to hold funds in the wallet with the confidence that they will always have access. We currently view the development in 3 stages of improvement, with the goal of mitigating the immediate issues faced by users to reduce loss of funds in the short term, and to provide an entirely new account experience in the future.

Phase 0: Mnemonic phrase improvements

In this phase, we aim to improve on the account key mnemonic experience, without adding additionally components to the system. Improvements are centered around improving the success of users storing their mnemonic in a secure location, and being able to use it to restore their account.

https://github.com/celo-org/celo-monorepo/issues/7242

Phase 1: Cloud backup and recovery

In this phase, we aim to implement a securely encrypted cloud backup of the account key that will provide a safety net for many users in case they loose their account key, but still have access to the cloud backup and passphrase. It will also provide a fast path when compared to retyping the 24-word key. Our goal in this phase is to improve recovery success rates further, but do not intend to remove the mnemonic phrase from the user's awareness.

https://github.com/celo-org/celo-monorepo/issues/7244

Phase 2: "Key-less" accounts MVP

In this phase, we aim to deploy a minimum viable product for a Valora experience without the account mnemonic to some, and eventually all, Valora users. Viability of any recovery solution must include both a high degree of security and reliability. With this in mind, the proposed MVP will include a 2 of 3 scheme including a user-trusted institution, phone number verification, and a passphrase.

https://github.com/celo-org/celo-monorepo/issues/7245

nategraf avatar Feb 23 '21 23:02 nategraf