Whatever you do. Don’t lose your seed.
As the Swarm Community grows at an astounding rate, we have been getting a lot of questions regarding password recovery. In hopes of sparing as many as possible from the potentially painful lesson of losing access to their wallets, I offer up this brief blog post about account security and the Swarm blockchain. Let’s get to it.
TL;DR: It is incredibly important to securely save your secret seed. If you lose it, along with your password, there is nothing anyone at Swarm can do to recover your account.
When you sign up for your account on the Swarm platform, the only two pieces of information you need to provide are your email address and a password of your choice. Until this point, everything looks exactly like any other web app. And here is exactly where the similarities end. What happens on the back end when you sign up with Swarm is actually completely different than what happens on the web 2.0.
As soon as you click the sign up button, a random sequence of characters, otherwise known as a seed, is automatically generated client side. Client side means that the process occurs on your computer, outside of and separate from anything Swarm can access or observe. Swarm utilizes standard public key cryptography, generating both your account’s public key and private key from this seed.
Your wallet’s public key is just that — public. You can share it with the world and the world will know that any asset sent to this address will eventually reach you.
Your private key, on the other hand, is used to encrypt data and to sign transactions in the network.
Your seed is the key pair generator. Anyone with your seed can access your wallet and generate both your public and private keys.
When you sign up for a new account with Swarm, the password you provided, together with what’s called a salt — a random piece of data — is used to encrypt the newly generated seed. Again, this happens entirely on your computer. Swarm never knows your seed. This encrypted seed, together with your public key, are then sent to a key server and saved. This triggers a confirmation email to be sent to the newly registered email. Confirming the email address triggers a request for a new account to be created in the Swarm blockchain using the public key associated with it. This is it. This is how a new account is created, and this is why every new user is emphatically prompted to save their seed as soon as they create a new account. The account owner is the only one who has access to the seed.
If you lose your password, but you have your seed, you can still regain access to your account because the seed is what generated your key pair (public and private keys). Should you lose your seed and your password, however, you have literally lost access to your account. There is nothing Swarm can do to recover it. This heightened security is both a benefit and a challenge of a decentralized network. No one should have access to your funds but you, so make sure to save your seed and keep it in a secure place where only you have access to it. If you still have questions, make sure to join us on Telegram and feel free to ask the team. We are always happy to help.