Seedless Account Security
At Fuelet Wallet, our mission is to make crypto management as simple as handling a traditional bank account, while upholding the robust security standards required for Web3. With this goal in mind, we are implementing Seedless Account Security features: backup, social recovery with guardians and 2FA, and a hardware signer. The Backup feature has already been released, but the remaining two are still in development.
Let’s explore the advantages of these account security methods over sole reliance on seed phrases!
Why seed phrases aren’t good enough
Managing a seed phrase can be difficult, especially for the newbies in crypto. From the moment you copy your seed phrase, safety risks emerge. Someone could easily snap a photo of your seed phrase during this vulnerable moment. Moreover, if your device has a malicious app that captures clipboard data, your seed phrase may be compromised. Some crypto enthusiasts even argue that typing your seed phrase is not secure enough, as malicious software may gain access to it. Storing your seed phrase online, such as in services like 1Password, also carries other risks, as these centralized platforms are susceptible to hacking.
Consequently, crypto degens advocate for offline storage as a safer option. However, this approach is not foolproof, as a physical piece of paper with the seed phrase can be lost, stolen, or damaged.
Note that safeguarding the private key poses a bigger risk, as it grants access to the seed phrase.
Considering these risks and the complexity they introduce, we assert that seedless security methods are preferable. Not only do they offer enhanced security, but they also enhance the overall user experience. Now let’s dive into all 3 account security methods that we’re implementing in the Fuelet Wallet.
Cloud Backup
When you Backup your seed phrase, it is stored in the iCloud for iOS or an equivalent mechanism for Android, such as Google Drive within the Fuelet wallet app. This method is sometimes referred to as a centralized approach to seed phrase storage.
While using the Backup feature, it’s important to be aware of the following safety risks:
- Apple or Google could potentially compromise or leak your keys.
- If someone gains access your Apple ID/Google Account or your device, they can control your wallet. Turn on the 2FA on your Apple/Google accounts!
- If the app is removed from the App Store or Google Play, and you delete the app from your device without saving the seed phrase elsewhere, it could result in irreversible loss.
Despite these considerations, the Backup feature eliminates the risks associated with storing the seed phrase itself. However, it is essential to note that this represents only the first level of security. Further options will provide even stronger safeguards for your wallet.
Hardware signer
Did you know you can transform your iPhone into a hardware wallet?
The secret lies in the Secure Enclave, a dedicated chip in every iPhone 5S or later and iPad Air or later that safeguards your biometric data. But here’s the kicker: it can also store cryptographic keys securely!
These keys are generated within the hardware element and remain exclusively within it, providing an impenetrable level of security. To this date, there have been no reports of any successful attempts to breach the hardware protection and gain access to these keys. Therefore, within the Secure Enclave and the future Hardware Signer feature in the Fuelet Wallet, your cryptographic keys will be well-protected.
To enable this feature, we’re waiting for the Fuel native secp256r1 support to be released.
Social Recovery with Guardians + 2 FA
It’s the non-custodial method to retrieve your wallet without a seed phrase. Endorsed by Vitalik Buterin himself.
When setting up your social recovery wallet, you’ll have to choose “guardians” who will be able to approve transactions to untrusted addresses and facilitate the account recovery. Your guardians can include trusted friends or family members, your other devices, or Fuelet’s 2 FA authentication via email or telephone. You’ll be able to choose as many as you want to, with a minimum of 2 guardians.
How to choose your guardians?
- Ensure that they don’t lose their keys
- Minimize the chance that they steal your funds, or get coerced into doing so
- Your guardians shouldn’t know each other, to minimize commonalities that risk situations that will disable or compromise too many of your guardians simultaneously.
- Check that they’re available fast when you need them
💡 The hardware signer on your iPhone can also be your guardian!
Social recovery = Device A with turned on HS + Device B with turned on HS
That way, if you loose access to one of your device, you’ll be able to recover the account through another device, and you won’t need other people to do it.
Vitalik Buterin also recommends that enough guardians should be controlled by other people so that if you disappear there are enough other guardians left to recover your funds. He also recommends testing them once a year, and setting up the control questions for them when communicating with you.
When the social recovery is on, in case you lose your key, a group of guardians can modify the signing key to grant you access. Bingo! You’ll never lose access to your wallet this way.
Big thanks to the Fuel network for convenient UTXO and predicates making it possible to integrate this incredible feature!
Summary
Our team believes the seedless approach to be revolutionary for crypto. It can make managing crypto so much easier and safer — both for degens and newbies. However, if you still prefer the old way of storing your seed phrase, Fuelet Wallet will give you such an opportunity.
In the future, we also plan to implement the Pass-Keys feature to ensure native crypto security.
