Portal

Portal

Portal Team

Share the love

Want to stay updated? Subscribe below to keep in touch.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="mask0_996_165" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="2" y="1" width="46" height="46"> <path d="M47.2941 1.41177H2.11768V46.5882H47.2941V1.41177Z" fill="white"/> </mask> <g mask="url(#mask0_996_165)"> <path fill-rule="evenodd" clip-rule="evenodd" d="M16.2353 4.2353C16.2353 2.67591 17.4995 1.41177 19.0589 1.41177H44.4706C46.0301 1.41177 47.2941 2.67591 47.2941 4.2353V29.6471C47.2941 31.2065 46.0301 32.4706 44.4706 32.4706H38.8236V12.7059C38.8236 11.1465 37.5595 9.88236 36 9.88236H16.2353V4.2353ZM4.94121 15.5294C3.3818 15.5294 2.11768 16.7935 2.11768 18.353V43.7647C2.11768 45.3242 3.3818 46.5882 4.94121 46.5882H30.353C31.9124 46.5882 33.1765 45.3242 33.1765 43.7647V18.353C33.1765 16.7936 31.9124 15.5294 30.353 15.5294H4.94121Z" fill="currentColor"/> </g> </svg>
Product Updates
4 min read

Announcing Passkeys wallet creation/recovery!

Allow your users to simply use TouchID/FaceID to create and recover their wallet.

January 11, 2024

Announcing Passkeys wallet creation/recovery!

Portal is proud to introduce a new backup and recovery option for our embeddable MPC wallets, passkeys + secure enclave. At Portal, we aim to accelerate blockchain adoption and do so with a focus on two fundamental components: security and accessibility. We continually work to build a platform that offers businesses and institutions the best technical options for offering their customers frictionless experiences with enterprise-grade security. Adding passkeys for authentication and secure enclaves for secure processing in the backup and recovery process is a critical next step to enhance our MPC framework and achieve our long-term goals.

Improving recovery for MPC wallets

Portal’s core is MPC technology—a user has one key share and Portal has the other. Both shares are required to sign transactions and access a wallet. If a user loses the key share stored on their device, they can recover it from a configured backup. Portal provides backup methods that require user-based authentication, meaning that the user controls the means of recovery. This level of control ensures a non-custodial experience.

Our new passkey recovery method follows this framework by running passkey authentication within a secure enclave backed by KMS, allowing users to register a passkey as a user-controlled authentication method to store and retrieve the data required to run recovery.

Why use passkeys and secure enclaves

Passkey adoption has exploded across the technical ecosystem. This new passwordless authentication method is user friendly in that there is no need to remember anything. No seed phrase. No password. No email. Without a password, passkeys are therefore resistant to phishing attacks, and weak or reused passwords that can easily be hacked are no longer an issue. Using passkeys for account recovery means users of all blockchain experience levels can feel confident in setting up a wallet and not risking loss of assets due to loss of their private key.

Pairing passkey authentication with an enclave backed by KMS enables us to provide the accessibility of passkeys with the security benefits of a secure enclave.

Passkeys

Passkeys, as an extension of Web Authentication (WebAuthn) protocols, allow users to authenticate themselves using cryptographic keys, improving security due to: 

  • Platform-based access: The private key of a passkey is stored on your phone and backed up via Google, Apple, or Microsoft’s secure keychains. Gaining access to a passkey requires possession and authorization to a user’s device (biometric auth or PIN) connected to the iCloud, Google, or Windows account. 
  • Phishing resistance: Passkeys are more resistant to phishing attacks compared to traditional passwords, as the authentication process can be pinned to a domain and involves cryptographic proof that doesn't reveal any secret (like a password) to the server.
  • Cross-platform compatibility: With increasing support for WebAuthn, users can use their passkeys across different devices and platforms using Bluetooth + QR codes, enhancing both security and convenience in accessing their assets.

Secure Enclaves

Secure enclaves provide a hardware-based security layer, crucial for protecting sensitive operations and information related to cryptocurrencies. Secure enclaves can:

  • Encrypt computation: Secure enclaves are servers running with encrypted memory. The host cannot view or access the values being computed. This means that Portal cannot access the passkey or the backup data as they are being processed.
  • Guarantee execution: Using the private keys that power a secure enclave, they can also provide cryptographic signatures to clients to attest (prove) that the server handling their request was running specific code. This is done by providing signatures and finger prints that match public keys and public code.
  • Work with attestation-aware cloud services: In AWS, the IAM policies support a requirement for an attestation from an enclave for some of the cloud services. One service that provides this is KMS. You can configure an IAM policy for a KMS key that will only allow actions from a server running within an enclave.

Passkeys + secure enclaves

Putting it all together, our passkey backup is powered by user-friendly passkey authentication to ensure only a user can access their data, a secure enclave that keeps data private from Portal, and an integration with KMS that stores encrypted data so only the user can access it. Have more questions? Reach out to get a live demo!

See it in action!

Creating a wallet with passkeys
Recovering a wallet with passkeys is as simple as using Face ID!

To learn more, head over to our docs or reach out to get a live demo!