Integrated Keys with Torus
Last updated
Last updated
We've integrated Torus for private key generation and management because the seamless login creates a more fluid user experience; it's compatible on multiple devices. Furthermore, it leverages traditional web2 authentication with SSO (Google Authentication or password authentication) without compromising security. In addition, Torus takes advantage of secret-sharing schemes to improve key security and reduce key loss while still providing a seamless user experience.
How are my private keys generated?
Private keys are generated when you first log in to Multis using either Gmail or your email with passwordless authentification. Torus splits a user's private keys into shares across a network of nodes and allows a user to retrieve this using natural login mechanisms like social authentication.
Torus leverages Shamir Secret sharing and Threshold Signature Scheme to split the key into multiple shares across the network. A successful authentication allows the user to recover the necessary claims to reconstruct our front-end key.
Torus offers an incremental security scheme allowing our users to add more authentication factors (mobile) to reconstruct the key and perform signatures in an isolated way.
If you wish to back up your private keys, you can. However, we recommend that you proceed with caution. Sharing your private keys with anyone can result in funds loss and make the wallet less secure.
To do so, head to Settings on the left-hand menu and click on Profile.
At the bottom of your profile page, hit "Show" this will reveal your private key for backup.
Will Torus have access to my personal information?
No, the initial login only requests minimal public information, which you can see during the OAuth popup screen by the 3rd-party provider. The purpose of the login is only to verify your identity, not for access to your personal information.
Technically we access email, name, and avatar from the SSO infra through Torus.
How long is the user login persisted? Can Google/Facebook/Reddit track my activity?
Torus logs you out of your 3rd-party account immediately after verifying your identity. Therefore, the only information accessible to these 3rd-party login providers is that you were logged in (and logged out) with Torus.
Torus logs you out of your 3rd-party account immediately after verifying your identity. Therefore, the only information accessible to these 3rd-party login providers is that you were logged in (and logged out) with Torus.
All audits on Torus on Github
Your session is not persisted in the browser's local storage, and all the data is erased when you log out or close the tab.