Guide & Legal
  • Welcome to Multis
  • Financial backbone for Web3 companies
    • 🏃‍♂️Getting started
    • 📐Set up your account
      • Create an account
        • Create a new wallet
        • Link a Gnosis Safe
        • Activate your team's payment wallet by making a deposit
      • Supported networks & sources
      • Add contacts
        • Add contacts manually
        • Add contacts via CSV import
        • Add a fiat contact
      • Secure your wallet
        • Add a team member
        • Set an approval policy
        • Roles & Permissions
      • Get verified to access Multis Corporate Exchange
    • 💰Move money
      • Crypto payment
      • Crypto-to-crypto swap
      • Convert crypto & USD
      • Limits
    • 🛤️Tracking and bookkeeping
      • Link your company accounts and wallets
        • Add or import an existing wallet
        • Track crypto wallet (read-only)
        • Add wallet and transactions manually
        • Link your company bank accounts
      • Categorize your transactions
        • Manage categories
        • Manual categorization
        • Set up categorization rules
      • Chart of accounts
        • Importing your organization Chart of Accounts
      • Export transactions as a CSV
      • Insights
    • 🪙Pricing
  • Frequently asked questions
    • ⁉️General
      • Accessing your Account
        • What happens if I lose access to my email account linked to Multis?
        • What happens to my funds if Multis disappears?
      • What happens if I delete my Multis account?
      • How to close my Multis account?
    • 🦺Security
      • Backing up my Multis account
      • Main Payment Wallet details
      • Private Key Management
        • Integrated Keys with Torus
      • Data Protection
    • 🔮Crypto
      • Supported networks & sources
      • Supported crypto-currencies
  • Support
    • 📞How to contact us?
    • 🐦Migrate your account to the Gnosis App
  • Legal
    • 🧑‍🤝‍🧑Multis Term of Use
    • 🔐Multis Privacy Policy
Powered by GitBook
On this page
  1. Frequently asked questions
  2. Security
  3. Private Key Management

Integrated Keys with Torus

PreviousPrivate Key ManagementNextData Protection

Last updated 2 years ago

We've integrated for private key generation and management because the seamless login creates a more fluid user experience; it's compatible on multiple devices. Furthermore, it leverages traditional web2 authentication with SSO (Google Authentication or password authentication) without compromising security. In addition, Torus takes advantage of secret-sharing schemes to improve key security and reduce key loss while still providing a seamless user experience.

How are my private keys generated?

Private keys are generated when you first log in to Multis using either Gmail or your email with passwordless authentification. Torus splits a user's private keys into shares across a network of nodes and allows a user to retrieve this using natural login mechanisms like social authentication.

Torus leverages Shamir Secret sharing and Threshold Signature Scheme to split the key into multiple shares across the network. A successful authentication allows the user to recover the necessary claims to reconstruct our front-end key.

Torus offers an incremental security scheme allowing our users to add more authentication factors (mobile) to reconstruct the key and perform signatures in an isolated way.

Can I back up my private keys?

If you wish to back up your private keys, you can. However, we recommend that you proceed with caution. Sharing your private keys with anyone can result in funds loss and make the wallet less secure.

To do so, head to Settings on the left-hand menu and click on Profile.

At the bottom of your profile page, hit "Show" this will reveal your private key for backup.

Proceed with caution when backing up your private key

Will Torus have access to my personal information?

No, the initial login only requests minimal public information, which you can see during the OAuth popup screen by the 3rd-party provider. The purpose of the login is only to verify your identity, not for access to your personal information.

Technically we access email, name, and avatar from the SSO infra through Torus.

How long is the user login persisted? Can Google/Facebook/Reddit track my activity?

Torus logs you out of your 3rd-party account immediately after verifying your identity. Therefore, the only information accessible to these 3rd-party login providers is that you were logged in (and logged out) with Torus.

How long is the user login persisted? Can Google/Facebook/Reddit track my activity?

Torus logs you out of your 3rd-party account immediately after verifying your identity. Therefore, the only information accessible to these 3rd-party login providers is that you were logged in (and logged out) with Torus.

Your session is not persisted in the browser's local storage, and all the data is erased when you log out or close the tab.

on Torus on Github

🦺
All audits
Torus