How secure is Email & Phone Backup, and how does it work?

Email & Phone Backup is a new Valora security feature. It is an account backup and recovery solution for the Valora wallet. Under the hood, Valora utilizes multi-factor authorization (MFA) to create multiple authentication tokens. These tokens are what encrypt and decrypt your Recovery Phrase. You need to have all the required tokens to gain access to your address.

Email & Phone Backup is an alternate and additional option to backing up your Recovery Phrase. Check out more ways to safeguard your Recovery Phrase.

How does MFA work?

Email & Phone Backup requires two authorization factors: an email login and phone number verification. This allows Valora to use a combination of decentralized and centralized encryption. The decentralized encryption is done through the email login and is facilitated by Web3Auth. The centralized, Valora-controlled encryption is done through phone number verification. 

What is Web3Auth, and how safe is it?

Web3Auth adds infrastructure to wallets and applications, providing a streamlined user onboarding process for self-custodial wallet management. This means that Valora users can now opt for a backup solution to manage their Recovery Phrase that does not rely on saving a set of words.

Web3Auth complies with CCPA, CPRA, GDPR, and SOC 2. You can visit their Trust Center to learn more about their most recent security audits, penetration testing, and legal compliance documentation to ensure secure self-custodial key management.

Where is my encrypted Recovery Phrase stored? Is it safe?

Your encrypted Recovery Phrase is stored in a Valora database. Valora will never store your plain-text Recovery Phrase. Also, since your Recovery Phrase is encrypted with a decentralized authorization factor, Valora will never have the means to decrypt it.

Additionally, your Recovery Phrase is stored anonymously. This means that if the encrypted Recovery Phrase were leaked, there would be no information about which phone number, email, or wallet address it is associated with.

Lastly, access to the encrypted Recovery Phrases is only provided if ownership of the encryption key is proven when restoring your wallet.

Do I have to use the email and phone combination?

To use Email & Phone Backup, yes. However, the setup could be adapted to allow other authorization factors. If this is a feature you are interested in Valora adding, let us know. Alternatively, continue to manually back up your Recovery Phrase.

Can I change or delete my Email & Phone Backup?

Yes! Go to your Settings page. Next to Email & Phone Backup, there will be an option to delete this as a recovery option. 

If you would like to change your email and phone combination, delete the current setup, then tap Email  & Phone Backup to set it up again.

Note: If you have reset or uninstalled Valora since setting up Email & Phone Backup, you must restore your wallet with the correct email-phone combination in order to delete it. Restoring your wallet address with your Recovery Phrase will not give you access to edit your Email & Phone Backup.

Can I set up multiple Email & Phone Backups?

An email-phone combination can only be used for one address. However, an address can have multiple backups as long as each backup uses a different email-phone combination.

Was this article helpful?
0 out of 0 found this helpful