Unifyre Wallet Security: Double Cloud Backup
Here is a quick description of the double-cloud backup process. The goal is to provide a convenient way to backup private keys while reducing the risk of hack and exposure.
The takeaway is that your keys are partially stored on google cloud, but access to your google cloud is not enough to access the private keys. This is not just a cloud backup like some other wallets we are used to.
1. The private key is encrypted on-device with an encryption key stored at the Unifyre server.
2. The encrypted private key is stored on the users google drive hidden folders for Unifyre application.
To restore:
1. Encrypted data is loaded from google drive to users device.
2. The encryption key is retrieved from the Unifyre server.
3. Users' private key is decrypted on the user's device securely.
Commonly asked questions
- Q: Can Unifyre or Google server see the private key at any stage?
- A: No! At no stage the users private key will leave the device.
- Q: What does a hacker need to hack to access the private key?
- A: A hacker should get access to 1) Users google account, 2) Users Unifyre credentials, 3) Google authenticator or other form of two-factor authentication set by the user
- Q: Can I block restoring from google cloud if I suspected a hacker has got access to my credentials:
- A: Yes. You can block Unifyre servers from providing the encryption key at any time. Therefore even if a hacked got access to all the above, they can be stopped.
- Q: What is the best practice for backing up?
- A: Here is our advice for best practices:
> Create one master account with seed phrase physical backup. This account will not exist in digital form so impossible to hack. Even if a hacker takes full control of your phone (like you lost one and phone is not protected), Unifyre server can block the key. More on this later. But the takeaway is using seed in Unifyre is more secure than using the seed on other platforms.
> Create a working account with smaller amounts of funds. You can regularly transfer funds from the main account to the working account. Have google backup + seed backup of your working account. In the doomsday scenario were an NSA hacker got access to all your accounts and your Google Authenticators, and you didn’t get a chance to block that account, your loss will be limited.
Now that we are talking about worst-case scenarios, what if somehow Unifyre disappeared overnight? No need to worry here as well. As long as you have seed backups you can restore your account in any software wallet and use the funds. However, you are going to be extremely unlikely to need this option.
Very truly yours,
The Ferrum Network Team
UniFyre Website: https://unifyre.io/
UniFyre Twitter: https://twitter.com/UnifyreWallet
UniFyre Telegram: https://t.me/unifyrewallet
