Wallet Recovery (change email or recover funds)

Hello, we’re integrating web3auth in our and want to confirm the following:

  • if a user loses access to the email they used to create an account, are we as an admin able to move/recover funds in the embedded wallet
  • from looking up previous tickets, it was recommended to use a proxy like auth0/cognito. is this still the recommendation?

thanks

Thanks for your detailed questions, Motasem! Here’s a summary of your queries and the relevant context for the support team:

SDK Details:

  • You’re using the Web3Auth Core-Kit (MPC Core Kit).

Platform:

  • Not explicitly mentioned, but context suggests a web or multi-platform integration. Please specify if you need platform-specific guidance.

Your Questions

1. If a user loses access to the email they used to create an account, are we as an admin able to move/recover funds in the embedded wallet?

  • Short Answer: No, as an admin, you cannot recover or move funds from a user’s embedded wallet if they lose access to their email.
  • Reason: Web3Auth is a non-custodial wallet infrastructure. Users have full control over their wallets, and private keys are never accessible to admins or Web3Auth. This ensures maximum user security and privacy, but it also means that wallet recovery is not possible from the admin side if the user loses access to their authentication method (like email).
  • Reference: Web3Auth Security FAQ

2. Is using a proxy like Auth0/Cognito still the recommended approach for account recovery or email change?

  • Current Recommendation: Yes, using a proxy authentication provider (like Auth0 or AWS Cognito) is still recommended if you want more control over user authentication and recovery flows.
  • Why: By integrating a custom authentication provider, you can manage user identities and offer recovery options (such as changing an email or verifying user identity through other means). Web3Auth can then use the JWT/idToken from your provider to authenticate users, allowing you to implement your own account recovery or email change processes.
  • Reference: Custom Authentication with Web3Auth

Additional Notes

  • Built-in Recovery: The MPC Core Kit does not provide out-of-the-box key recovery flows. If you need built-in recovery, consider the Plug and Play SDK, but note the trade-offs in customization and security.
  • User Education: For non-custodial solutions, it’s crucial to educate users about backing up their recovery shares or using social recovery options if implemented.

If you need platform-specific implementation advice or sample code for integrating Auth0/Cognito with Web3Auth, please let us know!
If you have any other requirements or want to discuss your use case in detail, you can also schedule a demo call.

Let us know if you have any further questions!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours