I’m wondering about how recovery works in the situation where a user loses their phone/laptop. With MFA, afaik, recovery share is also stored in user’s device as well as device share. so then, there is no way to recover both device and MFA shares…?
Hello Porco R!
Thank you for your question about recovery with MFA in a device-lost situation. It sounds like you’re exploring some important aspects of security!
In situations where a user loses both their device and MFA shares, recovery can indeed become complicated. However, the design typically ensures that users can still maintain access through other recovery methods, such as backup recovery phrases or recovery keys, that are independent of the lost device.
Here are a few points to consider:
- Users should ensure they have backup authentication methods activated beforehand.
- Consider implementing a recovery mechanism that allows users to regain access via an alternative method, like email or phone verification, if they lose both their device and MFA shares.
This is a crucial aspect of security, and it’s great that you’re thinking about it! If you’re looking for specific implementation guidance, or if you have a particular SDK version or platform in mind, feel free to share those details. It would help us provide more tailored advice.
Let me know if you have any further questions or if there’s anything else I can assist you with!
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
In MFA setup, it’s mandate to 1) provide password manually and 2) enable authenticator, e.g. google authenticator.
First question is, in recovery situation, does user have to provide both 1 & 2 to fully recover the MFA share or it can be just using one of activated MFA options?
Second question on your response recovery can indeed become complicated. However, the design typically ensures that users can still maintain access through other recovery methods, such as backup recovery phrases or recovery keys, that are independent of the lost device.
Suppose user has already enabled MFA with password and google authenticator, how can I (as a developer) help user who lost device recover at least MFA share using PNP SDK?
it’s been 3 days. No answer from team?
Hey @porcorossoj89
In MFA setup,
- Social login is always the first factor, and device the second.
- When enabling MFA, one can enable from the list of factors like
deviceShareFactor,backUpShareFactor,socialBackupFactor,passwordFactor,passkeysFactor, orauthenticatorFactor.
No, it’s not, one can do either.
No, just one will allow the recovery of the account, except the device or passkey factors.
Here loosing of device won’t be an issue, as they will have password or google authenticator( provided it’s on separate device). And again just a password would do it.