For whatever reason, we see more and more NNS access lost. Last year I posted my concerns about this and tried to explained the necessity for having a recovery system. Many Dfinity employees are spending much time to help and loose that very precious time. It will only get worst and worst overtime.
People will have hardware and software problems and will be negligent. This is immutable.
I noticed there is nothing much on the roadmap about this. So I am trying again to proposed to the NNS team something like this:
Have a mandatory recovery system configured. As an example:
Store up to 3 emails addresses.
Store up to 3 phone numbers
Store 3 secret questions (both questions and answers define by the user)
Store birthdate (or any other date to the user preference)
1- ask for birthdate. If pass…
2- Ask to choose 1 email address and send a confirmation code. Enter the code. If pass…
3- Ask the 4 personal questions and 3 out of 4 need to be answered correctly. If pass…
4- Ask what phone number to send a sms code.
That would be a combination of hardware and personal knowledge. Of course everything would have to be strongly encrypted before sending to the IC canister.
These are only examples. The crypto community and IC cannot afford to spread to the mass that some people are loosing their account and their investments because they lost access. Although I hate banks with passion, you would never loose your web2 bank account. For Web3 mass adoption, IC cannot be worst then web 2.
Please don’t tell me that it is like this in crypto, that Metamask work like this. Let be much better than Metamask and better than banks.
The locking seed phrase option is not very efficient. If you have a compromised browser while you create and lock your seed phrase, the hacker can unlock and stole your account very easily
I understand that your personal questions and birthdate can be at risk if entered in a compromised browser but the sms and email code would compensate the risk.
I really hope that IC would the the first blockchain where: Not your key but still your crypto for ever. That is one of the way to achieve this.
Dfinity would not have to support those access problems anymore
‘Not your key but still your crypto’ would be revolutionary in this web3 world
Mass adoption made easier with a much stronger security sentiment
I do not see any disadvantage to have such a system. Welcome to share if you do.