We're planning to make seed phrases full access keys always, even if the user has 2FA/multi-sig enabled. This allows users with 2FA to recover their account with only the seed phrase, even if they don't have access to their 2FA device.
Because of this, we shouldn't assume they still have access to the 2FA device, and should allow them to change their device, if necessary.
Proposed Flow
User enters seed phrase on /recover-seed-phrase
Selects "Find My Account"
User is asked "Do you still have access to: <phone/email>?"
a. If yes, user is redirected to home page, "Account successfully recovered"
b. If no, user is redirected to "Enable Two Factor Authentication" flow
User sets up new 2FA method, reference is updated in our DB
Acceptance Criteria
[ ] When recovering seed phrase, user is prompted "Do you still have access to : <phone/email>"
[ ] If user no longer has access to their device, they are able to register a new device
kcole16
commented
4 years ago
Overview
We're planning to make seed phrases full access keys always, even if the user has 2FA/multi-sig enabled. This allows users with 2FA to recover their account with only the seed phrase, even if they don't have access to their 2FA device.
Because of this, we shouldn't assume they still have access to the 2FA device, and should allow them to change their device, if necessary.
Proposed Flow
/recover-seed-phraseAcceptance Criteria