-
Notifications
You must be signed in to change notification settings - Fork 12
Recovery
Eric Olszewski edited this page Jun 26, 2018
·
8 revisions
Here we will discuss the different situations in which a Transmute account can be compromised and how we deal with each one.
If a user's account has been compromised, upon visiting the login page, they can click "My account has been compromised" underneath the login form.
They will then be asked which of the following has been compromised - their email address, PGP keys, or Ethereum address. The following processes take place for the compromise of each of those situations:
- User is redirected to a webpage where they are to given a special message they are to sign with the PGP key that they have associated with their account.
- User will sign a challenge consisting of a timestamp and random nonce with their PGP key - demonstrating a continued control of their primary key.
- Upon verification of the signature to that which matches the signature associated with the email, the respective account will be put in a state of suspension (suspended).
- User can go to the login page and click on the "Activate my Account" button.
- User will undergo the same process to activate their account as they had to de-activate it.
- User can will navigate to their profile page and select the "Upload Recovery Key" button.
- User will be navigated to a page where they are to upload their new primary key (previous recovery key) and their new recovery key (recovery key of their previous recovery key). If the user is unfamiliar with the generation of these, they can reference the wiki entry
- After uploading their recovery keys, the user's account will be updated to reflect the change in public keys that has taken place during the recovery process.
- PGP
- DID