mattlockyer
commented
3 years ago Context for partners who already onboarded users with their Torus api key.
The user's key for NEAR will only work via that partners app. e.g. the key is deterministic based on:
User Email/SMS/... x Partner Api Key x Torus -> Key
If we were to allow these users to "import" their account into NEAR Wallet we would need to have something like the following:
From partner website with THEIR torus api key, the user signs to add a full access key, creating and sending a recovery link through OUR contract helper (exactly how it's done in wallet) Then user just clicks this link. Existing flow. Account imported.
@kcole16 correct me if I'm wrong here?
stefanopepe
Summary We will utilize Tor.us, a non-custodial, distributed key management protocol, to improve the email recovery experience. Instead of needing to save an email with a magic link, users will be able to access their accounts by verifying they control their email account.
Intended Outcome The user-friendly, and currently "less secure", recovery option will be both more secure and convenient than the current email recovery implementation.
How will it work? Users will verify access to an email account they control, which will generate a keypair via Tor.us, then add this key to their account. To login again, users simply verify access to their account, similar to "Sign in with Google"