Published in


tKey: Multi-Factor Authentication for Private Keys

tKey is now LIVE on all Torus Wallets!

As a company, we have always been focused on providing a great user experience for Web3. Our wallet uses familiar flows for user authentication, without sacrificing private key functionality or cross-chain compatibility. Many developers in the blockchain community come to us to help them to onboard mainstream users, and since our launch in 2019, we have helped over 250 applications to onboard users with simple and seamless key management.

However, some of the convenience that users get come at the expense of adopting weaker security assumptions: like relying on a central party like Google to authenticate and assuming your email account is secure, or that the honest majority assumption for the Torus Network is good enough. These assumptions may be fine for new users, but more seasoned users may find these assumptions concerning. We wanted to address this and allow user wallets to be truly self-custodial, without sacrificing user experience.

tKey is the result of over half a year’s worth of research and design, user testing, and development. During this iteration process, we have taken great user onboarding ideas like Universal Logins and Zengo’s Keyless wallet into consideration and incorporated these innovations into our design.

At its core, tKey is just this: multi-factor authentication.

When a user authenticates through the Torus wallet, they locally generate a private key and split it into three shares. One share is stored on the user’s device, one share is kept on a decentralized file storage layer encrypted using user input, and one share is kept on the Torus Network and is secured through user logins. Access to two of these shares is necessary to retrieve the user’s private key.

Of course, multi-factor authentication is already achievable using smart contract wallets today, such as through Argent’s Guardians framework. However, tKey does this at a lower level — it functions just like a normal cryptographic key, which means that operations are off-chain and do not cost gas, and it is compatible across different blockchains.

Since the user’s device holds one of the shares, using the wallet only requires logging in to the Torus Network via OAuth. If a user is on a new device, a device sync is initiated, and they can use their existing logged-in devices to complete the sync. Moreover, this ensures that neither a malicious hacker who gets access to a user’s email account nor a network of malicious nodes is able to reconstruct the user’s private key since they only can access a single share on the Torus Network.

We also provide a simple upgrade path to using tKey. If you’re an existing user, you can create a new tKey account from your settings page in the Torus Wallet. If you’re a developer, you literally don’t have to do a thing — It Just Works. Maybe you won’t even notice that your users are on these newer, shinier, and more secure tKey accounts!

If you haven’t tried out the Torus Wallet before, and are looking for the best way to onboard users without compromises, we urge you to try it out for yourself on https://app.tor.us.

Stay In Touch

Our team will continually be adding features to the Torus Wallet to support a major update coming to our platform. Stay tuned on any of our socials to be the first to hear about our latest developments.

Twitter, Telegram




Simple auth infra for Web3 apps and wallets

Recommended from Medium

Lack of CSRF token validation at server side

Optimum Write-up Without Metasploit

Can border agents search my phone, laptop and other electronic devices?


$HID Tokensale Distribution Completed

Horizon Protocol Community Governance: Gas-free Voting with Snapshot

#UniLend #ProjectUpdates

TITAN WAR is officially listed in Hotbit!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Powered by Torus

More from Medium

Comparing data storage on Arweave via Bundlr to IPFS and AWS

Corda state reissuance: Break long transaction chain to improve performance and privacy

How Kukai Reached a Million User Logins with Web3Auth SDK

Privacy Comes to the Rockies: Aztec at ETHDenver 2022