@maharshi @vjgee any updates here, our users are very unhappy.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
@payments Thanks for your continued patience and apologies for the delay.
Our team have fixed the mentioned accounts you communicated privately. Going forward, ensure your users save their backup phrase email securely to avoid losing access.
We recommend you create no more than a total of 6 shares, including your device shares and recovery shares. This is because the more shares you create, it increases the size of the tKey state, which can cause performance issues in the frontend and can slow down the login process. Ideally, you should create 2 recovery shares and ask the user for their trusted devices and only store the device share on them.
Inform your users not to access their accounts on multiple browsers or Incognito mode everytime which will only increase the number of shares.
Hi @vjgee thank you for this update. I have some follow up questions here.
-
For the user you met with who had the backup phrase issue, are you saying she can now log in with no issue?
-
For the other users who were getting stuck at the MFA screen and could not enter a backup phrase because of the email delivery error from your side. When the user logs in the next time, will they just not see the MFA screen at all and be allowed to log in? As we have that option now disabled in the SDK.
-
When you say “We recommend you create no more than a total of 6 shares, including your device shares and recovery shares.”
This means that a user has to use 1 browser constantly when logging into our DApp to prevent this?
- Does these fixes rely on us upgrading to SDK v8?
Thanks for answering these questions, I need to make sure I have clear instructions for these users.
-
Yes, she will be able to login . Her existing backup phrase is working as mentioned in my previous message, so when she is prompted to enter it, it will work.
-
There was no email delivery error from our side since you mentioned these were old users who had enabled MFA for which the phrase was sent. Our records clearly indicate that the backup phrase was sent to their Inbox along with the date/timestamp. However, since your team disabled MFA, these users continued to get the prompt since they had enabled MFA long back. Now, they should not get the prompt after the fix.
-
This doesn’t mean they need to use only 1 browser but to be mindful not to clear cookies on the browsers which they register their device on, to avoid re-registering their device again on the same browsers and avoid using Incognito mode altogether.
-
No, the fix is not directly dependent on v8 as it was more of a backend fix, but it is good to upgrade to the latest SDKs when available to you.
Ok, our team will check those on Monday. Please note this is a time consuming task for our team so be sure to include any users in one go.
@vjgee I understand, we are sending them as users submit technical support tickets to us with this issue. The thing we have a variety of users on our platform and some do not engage with our platform for months at a time at some times. This means they users don’t know they are having this issue until they try to log in after months and discover the problem if that makes sense. This makes it hard to provide a full list of users having this issue in one go.
Ok, with the fix in place you should not see much users with the issue.