Two Factor Authentication (Multi-sig)

Overview

Adding support for multi-sig based 2FA will make the web wallet more secure. This will require deploying a contract to wallet users’ accounts, and will allow them to specify which transactions require multi-sig.

Stories

As a user, I want to set limits on my transaction amounts, requiring two factor authentication above the limits, so I can use the web wallet to safely store $100-$1000 worth of assets.

Flows

For any account, there are minimum three keys

1 key in localStorage 1 key in recovery 1 key on our server

TXs require 2-of-3 multi-sig

Create account with 2FA

1. User receives Linkdrop link
2. User enters desired account name on /create
3. User chooses how to “Secure Account” a. Use Ledger only b. Setup SMS-based 2FA, choose email or seed phrase recovery
4. createAccount function on Linkdrop contract is called
   1. Up to 3 keys are passed as arguments to be added as multi-sig keys a. If Ledger, only one key is passed and multi-sig is 1-of-1 b. If 2FA, backend generates a key to be added to multi-sig, returns to frontend
   2. In a batch TX a. Account is created b. Multi-sig contract is deployed, with keys as multi-sig keys c. Keys are added as access keys (separate from above) d. Account is funded (if applicable)

Sign TX with 2FA

1. User initiates a TX, signs with key in localStorage
2. Server sends an SMS to the user with TX details, code to enter
3. User enters the code into the UI
4. Server signs and sends TX

Recover with 2FA (Email)

1. User clicks link in recovery message
2. User is redirected to /recover-with-link
3. Selects “Continue”
4. Uses Sign TX with 2FA flow to finish recovery

Recover with 2FA (Seed)

1. User navigates to /recover-seed-phrase
2. User enters account name and seed phrase
3. Selects “Continue”
4. Uses Sign TX with 2FA flow to finish recovery