Recovery with seed phrase

[adamstallard]

We offer social recovery and device recovery. Maybe the next option should be seed phrase recovery.

We can allow a user to auto-generate a one-time seed phrase which we can show the user one time, then ask if they've written it down, and then never show it again. If the user wants a new seed phrase they can request a new one and we can show it to them, and replace the previous one with the new one.

On the backend, we can create a new operation that registers the hash of a seed phrase. Each user can have only one at a time. If they register a new one, it replaces the old one.

Then recovery by seed-phrase can be another option in the "import" flow. The other option we already have is using an existing device to authorize the import. Either one will allow a new device with a new signing key to be registered and then set as primary. The user should create a new seed phrase at the end of the flow if they used a seed phrase to recover (since seed phrases are single use).

The backend needs an operation to add a new signing key when a user reveals the seed phrase that matches the hash. This can only be done once, and then the hash is marked as already used.

[adamstallard]

This could be an additional recovery method to device recovery and social recovery that anyone could opt into. People are used to "backup codes" or "recovery codes" so this is not new. Github, google, discord and others use them.

We could suggest for the user to store them in a password manager database.

Social recovery is still the most authoritative recovery method.